External Authentication in ASP.NET Core 3.1 ie Google social login
Update 21st Oct 2020
I ended up not implementing this opting for Cookie based Authentication only. Implemented well, this is much better for my use case.
Intro
Lets patch in Google social login into an ASP.NET Core 3.1 Web Application. This follows on from my previous article on straight up Authentication and Authorisation using username and password and I’ve found it harder that it should be IMHO.
External Authentication Provider - Google
Overview from MS Docs and Google Specific
# install the NuGet package for Google auth
dotnet add package Microsoft.AspNetCore.Authentication.Google --version 3.1.1
Go to project page on google to setup the project essentially getting:
a clientID
and clientSecret
associated with a callback url eg https://webapplication2dmtest.azurewebsites.net/signin-google
SQL Delete from all tables
To aid in resetting the system, I found connecting to the remote DB locally via SSMS to be good with the following commands (be careful).
select * from [dbo].[AspNetRoleClaims]
select * from [dbo].[AspNetRoles]
select * from [dbo].[AspNetUserClaims]
-- Google userID here
select * from [dbo].[AspNetUserLogins]
select * from [dbo].[AspNetUserRoles]
-- stuff in here
select * from [dbo].[AspNetUsers]
select * from [dbo].[AspNetUserTokens]
--delete from [AspNetUserLogins]
--delete from [AspNetUsers]
Bugs
Strange bug and SO answer and the GitHub bug tracker
I found using the following for test was useful
services.Configure<IdentityOptions>(options =>
{
// Password settings.
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 6;
options.Password.RequiredUniqueChars = 0;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.RequireUniqueEmail = true;
// note this! I'm trusting that the google account is coming back is good
// am only authenticating through google so this is fine (facebook is a different story)
options.SignIn.RequireConfirmedAccount = false;
options.SignIn.RequireConfirmedEmail = false;
});
Below is trying to sign in using debug mode on localhost
Conclusion
I didn’t end up going any further with this, but have published the article for reference.