Google authentication from web page api: access_denied
I am trying to implement OAuth authentication for WebApi, I created a controller (directly from the example) using the method:
[OverrideAuthentication]
[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public IHttpActionResult GetExternalLogin(string provider, string error = null)
{
string redirectUri = string.Empty;
if (error != null)
{
// However google api returns 'access_denied' as error.
return BadRequest(Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
// This is runned on first execution.
return new ChallengeResult(provider, this);
}
// Here we should continue with google api callback.
... Rest doesnt matter here.
ChallengeResult:
public class ChallengeResult : IHttpActionResult
{
public string LoginProvider { get; set; }
public HttpRequestMessage Request { get; set; }
public ChallengeResult(string loginProvider, ApiController controller)
{
LoginProvider = loginProvider;
Request = controller.Request;
}
public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
Request.GetOwinContext().Authentication.Challenge(LoginProvider);
var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
return Task.FromResult(response);
}
}
The GetExternalLogin method is called twice, first from me, after that the api sends a ChallengeResult to google. I am redirected to google site and asked questions for valid scope (can I access eg email, profile information, etc.), I click yes, everything is fine for me. However, after doing this, google callback returns this access_denied error code.
Any idea what could be wrong? The call I used was:
http://localhost:8080/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=49235566333-78t8252p46lo75j5e52vda3o1t8fskgc.apps.googleusercontent.com&redirect_uri=http://localhost:8080
Client_id is replaced with a dummy account.
redirect_uri is correctly defined on google console, the error is different if it is incorrect.
Tried: List Sheets with Google+ Domains API doesn't work in access_denied but id: s are identical.
Edit: After a few hours of debugging, it turned out that the problem between my solution and the example is the Microsoft.Owing.Security.Google package. The sample version uses 2.1.0 and if I upgrade to 3.0.0 this problem appears.
There is no concept of the root cause yet.
source to share
I had this problem too. To fix this problem, try changing your Google app to use Google + API. Previously, I only used the Identity Toolkit API. According to the article Pranav pointed out, when upgrading to Google Middleware 3.0.0 (Microsoft.Owin.Security.Google), you need to use the Google + API.
source to share
Have you reviewed this post and changed your callback settings? http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0- 0-rc-release.aspx
source to share