External login user in backend without password .NET Core ABP 6.0

Question

I'm working on a project using ABP 6.0 native backend (.NET Core 6 with IdentityServer) and a non native angular frontend project that has ABP installed to use the static proxy tool. I have to implement Google login and I'm having some trouble to "force" user login on backend.

In my frontend project I use the Google HTML ressource to renderize the login button and get a Google token, which I send to the backend project to validate it and get some user data to create a new account. Now my problem comes, after register the user I cant get an access (JWT Bearer) token from the IdentityServer to authenticate the user.

All that I want is authenticate the user after it uses the Google login button.

I has tried some stuff like make a "manual" request to the IdentityServer using the OAuth Authentication Flow (cant get the code to change for an access one and some natives .NET ressources to Login (always returns null or throws an exception).

Angular uses the Auth Server (Angular NgCore) library to make login.

Can someone help me with this?

Answer 1

Now my problem comes, after register the user I cant get an access (JWT Bearer) token from the IdentityServer to authenticate the user.

It would be great if you would heve been share your exsiting code snippet or what are you up to now where you feel like the access token is not generating or you cannot access. Because couple of important configuration need to setup in order to get the token accordingly.

Both, your application front-end and backend has crucial steps to accomplish correctly.

First of all, within your application front-end use angular-oauth2-oidc library for authentication flow. After that, initialize the library with IdentityServer configuration. Once you are done with that, now trigger Google login using initImplicitFlow method. After successful login, you should receive the ID token from Google. Finally, send the ID token to the backend for validation and user registration.

On the other side, when sending Id token to your backend code, you should consider, IdentityServerModule, where you should add AddOpenIdConnect for Google with client ID and secret. Make sure, you have configure scopes and claims to be retrieved.

After that, you should have an API endpoint for external login. Here, you should receive the ID token from frontend.

Now validate the token using Google's /tokeninfo endpoint. Extract user information from validated token. Create or register the user in ABP's user management system. Use SignInManager to sign in the user without password.

You should do as following:

await _signInManager.ExternalLoginSignInAsync(
    provider: "Google",
    providerKey: "google-id",
    principal: new ClaimsPrincipal(claims),
    // EnsureIsAuthenticated: false // If user doesn't exist yet
);

Note: Generate a JWT access token using IdentityServer's token endpoint. After that return the token to the frontend. Point to keep in mind, this not the exact solution of your issue. I just tried to provide you, how you should proceed. Please refer to this official document and if you still have any further concern on this, please post new question along with your reproducible sample or code.