Clever Geek Handbook

Google authentication from web page api: access_denied

I am trying to implement OAuth authentication for WebApi, I created a controller (directly from the example) using the method:

    [OverrideAuthentication]
    [HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
    [AllowAnonymous]
    [Route("ExternalLogin", Name = "ExternalLogin")]
    public IHttpActionResult GetExternalLogin(string provider, string error = null)
    {
        string redirectUri = string.Empty;

        if (error != null)
        {
            // However google api returns 'access_denied' as error.
            return BadRequest(Uri.EscapeDataString(error));
        }

        if (!User.Identity.IsAuthenticated)
        {
            // This is runned on first execution.
            return new ChallengeResult(provider, this);
        }

        // Here we should continue with google api callback.
        ... Rest doesnt matter here.

ChallengeResult:

public class ChallengeResult : IHttpActionResult
{
    public string LoginProvider { get; set; }
    public HttpRequestMessage Request { get; set; }

    public ChallengeResult(string loginProvider, ApiController controller)
    {
        LoginProvider = loginProvider;
        Request = controller.Request;
    }

    public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
    {
        Request.GetOwinContext().Authentication.Challenge(LoginProvider);

        var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
        response.RequestMessage = Request;
        return Task.FromResult(response);
    }
}

The GetExternalLogin method is called twice, first from me, after that the api sends a ChallengeResult to google. I am redirected to google site and asked questions for valid scope (can I access eg email, profile information, etc.), I click yes, everything is fine for me. However, after doing this, google callback returns this access_denied error code.

Any idea what could be wrong? The call I used was:

http://localhost:8080/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=49235566333-78t8252p46lo75j5e52vda3o1t8fskgc.apps.googleusercontent.com&redirect_uri=http://localhost:8080

Client_id is replaced with a dummy account.

redirect_uri is correctly defined on google console, the error is different if it is incorrect.

Tried: List Sheets with Google+ Domains API doesn't work in access_denied but id: s are identical.

Edit: After a few hours of debugging, it turned out that the problem between my solution and the example is the Microsoft.Owing.Security.Google package. The sample version uses 2.1.0 and if I upgrade to 3.0.0 this problem appears.

There is no concept of the root cause yet.

+3


source to share


2 answers


I had this problem too. To fix this problem, try changing your Google app to use Google + API. Previously, I only used the Identity Toolkit API. According to the article Pranav pointed out, when upgrading to Google Middleware 3.0.0 (Microsoft.Owin.Security.Google), you need to use the Google + API.



+3


source


Have you reviewed this post and changed your callback settings? http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0- 0-rc-release.aspx



+1


source






More articles:


All Articles