Asp.Net Core google-signin oauth restrict access and get g-suite roles
I am creating a .NET Core app with web views where I need to authenticate users with a Google+ login. I followed this ( https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins ) and can now log into my google user account. So far so good.
How do I restrict access to my app to only users on a specific domain?
How to get authenticated user roles defined in g-suite?
I tried to add scopes to the authentication options in Startup.cs, but I don't know how to extract / retrieve the information they contain.
app.UseGoogleAuthentication(new GoogleOptions()
{ Scope =
{ "https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly"
},
ClientId = Configuration["Authentication:Google:ClientId"],
ClientSecret = Configuration["Authentication:Google:ClientSecret"]
});
source to share
Well I ended up solving it myself ... Leaving this answer in case anyone else has this problem.
Snippet of code from AccountController.ExternalLoginCallback ()
var info = await _signInManager.GetExternalLoginInfoAsync();
foreach (var claim in info.Principal.Claims)
{
System.Diagnostics.Debug.WriteLine("Type: " + claim.Type + " Value: " + claim.Value);
}
This will print a list of claims that define roles and domain (hd).
Or, you can get claims in middleware (Startup.configure ()):
app.UseGoogleAuthentication(new GoogleOptions()
{
Scope =
{ "https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly"
},
ClientId = Configuration["Authentication:Google:ClientId"],
ClientSecret = Configuration["Authentication:Google:ClientSecret"],
Events = new OAuthEvents()
{
OnTicketReceived = e =>
{
var claims = e.Principal.Claims;
// Do something with claims
return Task.CompletedTask;
}
}
});
source to share