TechQA.

ASP.NET Core Authentication via Google Sign In with REST API in between

739 views Asked by At

I have a requirement to authenticate ASP.NET Core App via Google Sign In, but a Web API between client app (i.e. ASP.NET Core app) and Google sign in... I know it sounds confusing, so let me explain it with diagrams.

Here is the typical way to include google sign-in button and get user authenticated via their google credentials, It works perfectly fine

Step 1: First, create a new app on google identity developer portal, generate ClientId, ClientSecret and specify redirect_url like : https://yoursite.com/signin-google.

Step 2: In the Startup.cs class of ASP.NET Core project, Use AddGoogle as authentication middleware and it works perfectly fine.

Including diagram below for your understanding: enter image description here

And here is the proposed flow. With a REST API in between client and google sign in. Question is, how do I authenticate client ?

enter image description here

asp.net-core asp.net-web-api google-signin openid-connect google-openidconnect
Original Q&A
1

There are 1 answers

1
Andrew Shepherd On

From what I understand, you want your Client Application to invoke the REST Service on behalf of the user. The REST service needs assurance that both the Client and the User are authenticated.

We have achieved this using the OpenID Connect Hybrid flow. The bad news is that we had to add another service to the solution to achieve this.

How this differs from your proposed solution is this:

  • You must have your own identity service, and this must know of the existence of the REST service, the Client Application, and the User Identity.
  • The Client Application redirects the user to authenticate with the Identity Service (which further on redirects the user to authenticate with Google)
  • Identity Server provides the client application with an ID token for the user, and also a code which can be exchange for an Access Token
  • The client application requests the Access Token. This Access Token will authenticate both the client and the user
  • The client application then authenticates using this access token when invoking the REST Service
  • The REST Service issues a one-off request to Identity Server for the signature keys, and uses these keys to validate the access token.

enter image description here

We happened to use IdentityServer4 when implementing the Identity Server, but the protocol exists independently of any one implementation.

Related Questions in ASP.NET-CORE

Related Questions in ASP.NET-WEB-API

Related Questions in GOOGLE-SIGNIN

Related Questions in OPENID-CONNECT

Related Questions in GOOGLE-OPENIDCONNECT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions