3

I am trying to implement OAuth authentication to WebApi, i have created controller (directly from example) with method:

    [OverrideAuthentication]
    [HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
    [AllowAnonymous]
    [Route("ExternalLogin", Name = "ExternalLogin")]
    public IHttpActionResult GetExternalLogin(string provider, string error = null)
    {
        string redirectUri = string.Empty;

        if (error != null)
        {
            // However google api returns 'access_denied' as error.
            return BadRequest(Uri.EscapeDataString(error));
        }

        if (!User.Identity.IsAuthenticated)
        {
            // This is runned on first execution.
            return new ChallengeResult(provider, this);
        }

        // Here we should continue with google api callback.
        ... Rest doesnt matter here.

ChallengeResult:

public class ChallengeResult : IHttpActionResult
{
    public string LoginProvider { get; set; }
    public HttpRequestMessage Request { get; set; }

    public ChallengeResult(string loginProvider, ApiController controller)
    {
        LoginProvider = loginProvider;
        Request = controller.Request;
    }

    public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
    {
        Request.GetOwinContext().Authentication.Challenge(LoginProvider);

        var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
        response.RequestMessage = Request;
        return Task.FromResult(response);
    }
}

GetExternalLogin method is called twice, first is from me, after that api send ChallengeResult to google. I am redirected to google site and asked questions for valid scope (can i access. eg to email, profile information and so on), i press yes yes everything is okay for me. However after that google callback returns 'access_denied' error string to this method.

Any idea what may be wrong? Call i used was:

http://localhost:8080/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=49235566333-78t8252p46lo75j5e52vda3o1t8fskgc.apps.googleusercontent.com&redirect_uri=http://localhost:8080

Client_id is replaced with dummy account.

redirect_uri is defined correctly to google console, error is different if its is incorrect.

Tried: Listing Circles with Google+ for Domains API fails in access_denied but id:s are identical.

Edit: After hours of debugging have figured out that problem between my solution and example is Microsoft.Owing.Security.Google package. In example version used is 2.1.0 and if i update it to 3.0.0 this problem appear.

No idea of root reason yet through.

Improve this question

2 Answers 2

Reset to default
4

I had this issue as well. To resolve the issue, try modifying your Google app to use the Google + API. I was using only the "Identity Toolkit API" before. According to the article that Pranav pointed out, when you upgrade to Google Middleware 3.0.0(Microsoft.Owin.Security.Google) you need to use the Google + API.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Have you looked at this post and change the callback settings as well?http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0-0-rc-release.aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.