I'm having a go at setting up IdentityServer4, using Example 8_EntityFramework as a base.
The problem - Google auth does not seem to return a consistent ID that I can link back to my app.
Looking at this StackOverflow post, one user claims from the docs that the 'sid' will do it. However, If i restart the server and clear the cache, the SID comes back different (see below), so don't think it's trustworthy.
Following another train of thought, I tried setting the UserInformationEndpoint
to 'https://www.googleapis.com/oauth2/v1/userinfo' but that fails completely.
Here's my code for the auth server startup.js - It's pretty much as standard in the example.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
var connectionString = @"server={myserver};database=IdentityServer4.QuickStart;trusted_connection=yes";
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
// configure identity server with in-memory users, but EF stores for clients and scopes
services.AddIdentityServer()
.AddSigningCredential(new X509Certificate2(@"{pathtocertificate}\{certname}.pfx", "{password}"))
//.AddTemporarySigningCredential()
.AddInMemoryUsers(Config.GetUsers())
.AddConfigurationStore(builder =>
builder.UseSqlServer(connectionString, options =>
options.MigrationsAssembly(migrationsAssembly)))
.AddOperationalStore(builder =>
builder.UseSqlServer(connectionString, options =>
options.MigrationsAssembly(migrationsAssembly)));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
// this will do the initial DB population
InitializeDatabase(app);
loggerFactory.AddConsole(LogLevel.Debug);
app.UseDeveloperExceptionPage();
app.UseIdentityServer();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
AutomaticAuthenticate = false,
AutomaticChallenge = false
});
app.UseGoogleAuthentication(new GoogleOptions
{
AuthenticationScheme = "Google",
DisplayName = "Google",
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
Scope = { "openid", "email" },
ClientId = "434483408261-55tc8n0cs4ff1fe21ea8df2o443v2iuc.apps.googleusercontent.com",
ClientSecret = "3gcoTrEDPPJ0ukn_aYYT6PWo"
});
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
Google Auth Result 1
Clear cache and restart IdentityServer4 - ALL the keys change!
Does anyone know what hook i can use to match against in my resource servers (i.e. google ID abc always = my user xyz) please?
Following a discussion on the Gitter IdentityServer4 forum, it seems the issue related to example 8 using an in-memory user store.
I thought because the auth was external and some info is stored in the database, that in-memory store was irrelevant, but this was not the case.
Example 6 with AspNetIdentity wires everything up correctly and returns consistent ID's.