Changes to Google OAuth 2.0 and updates in Google middleware for 3.0.0 RC release

Changes to Google OAuth 2.0 and updates in Google middleware for 3.0.0 RC release

  • Comments 5

This article explains the recent changes made to Google OpenID and OAuth 2.0 along with the corresponding updates to the 3.0.0 RC release of Google OAuth  middleware.

Here we will first look at the experience of using Google OAuth middleware in an MVC application with the OWIN 2.1.0 release bits. We will then explain the current changes to Google OAuth API and implications on applications that would continue to use the 2.1.0 version of the packages. Finally we will look at the changes made in the recent 3.0.0 RC release of Google middleware.

Deprecated Google OpenID 2.0

In the Visual Studio 2013 RTM and Update 1 releases, the MVC web applications template using Individual Authentication used Google OpenID by default. The below code (found in Startup.Auth class) registered the middleware

app.UseGoogleAuthentication();

As of April 20, 2014 the Open ID  was deprecated by Google and hence using Google OpenID for external login would throw an error as below

clip_image002

Google OAuth in OWIN 2.1.0 middleware

Applications can solve the above issue by using the Google OAuth 2.0 in the application. This is done by navigating to Google Developer Console to create a new project under users Google account and use the keys. For more detailed information on how to create an application and get the keys check this link.

Once the keys are obtained the they are used to register the middleware in the Startup.Auth as below

 

app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
  {
 ClientId = "XXXXX.apps.googleusercontent.com",
 
ClientSecret = "XXXXXXXXXX"
  });
 

Set the callback url in the application created in Google console to {app-url}/siginin-google instead of the default

clip_image004

This should allow applications using Google middleware version 2.1.0 to use Google as an external authentication provider. For a complete sample, see MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on.

Changes to Google OAuth 2.0 and updates to Google middleware

On September 1, 2014 Google will deprecate the earlier version of OAuth 2.0 and will no longer support it. To accommodate these changes, the recent 3.0.0 RC release of Google middleware has been updated. For more information on the changes to the OAuth 2.0 login from Google, please refer this link.

Once the current application is updated to the 3.0.0. RC bits, using Google as an external authentication provider may fail. Below is the screen shot of the Fiddler trace with the failure message for a default MVC application:

clip_image006

The end point for the OAuth has been changed to https://www.googleapis.com/plus/v1/people/me and needs changes to the application created on the developer console.

To make these change, go to Google Console where the application is created. Navigate to the ‘APIs’ tab under the ‘APIS & AUTH’ section and you can see that for the app the Google+ API are not enabled by default.

clip_image008

Click on ‘OFF’ and read and accept the terms to enable the Google+ API. Now run the application and try to login using Google. Logging in should be a success.

Conclusion

This article showed the previous experience of using Google as an external login provider and the upcoming changes in Google OAuth 2.0 and the corresponding updates to Google middleware in the 3.0 RC release. These are some of the updates that are included in the new 3.0.0 RC release of other middlewares as well. Please provider feedback on issues in this article or on codeplex (https://katanaproject.codeplex.com/workitem/list/basic). You can also follow me on Twitter (@suhasbjoshi).

Thanks to Praburaj, Chris and Rick for reviewing the article

Leave a Comment
  • Please add 4 and 5 and type the answer here:
  • Post
  • Hi Suhas Joshi, thanks for this post. I'm struggeling for days now to get a new VS2013 Webforms application working with Google external authentication, and this article helped me a lot.

    However.. ;-) .. I'm building a webforms application, not MVC, and I  have no "Startup.Auth". I can create on but I think I should use App_Start\AuthConfig.cs. This file does not has 'app.UseGoogleAuthentication', but 'OpenAuth.AuthenticationClients.AddGoogle'.

    So this what I tried:

    I updated Nu-Get package Microsoft.Owin.Security.Google to 3.00 RC 2

    I changed OpenAuth.AuthenticationClients.AddGoogle() in AuthConfig.cs  to

    OpenAuth.AuthenticationClients.AddGoogle(new GoogleOAuth2AuthenticationOptions()

               {

                   ClientId = "xxxxxxxxxx.apps.googleusercontent.com",

                   ClientSecret = "xxxxxxxxxxxxx"

               });

    When I start this webapplication it gives a NullReferenceException at Microsoft.AspNet.Membership.OpenAuth.<>c__DisplayClass3.<Add>b__1(PropertyInfo property)

    Can you please help me out on this?

  • @Robert: You are referring to the OpenAuth packages in web forms application which is different from the Katana OAuth middlewares. If you don't have Startup class in your application then you might not have Owin pipeline registered for your application. Hence this blog post might not be applicable to you. You can use Stackoverflow or ASP.NET forums to get your question answered

  • Hi,

    this is a realease candidate right?

    When will the final version be ready?

    Thanks

  • This article didn't show up when I searched for OWIN Google oAuth2 error=access_denied because the error message is only in a screenshot. Just wanted ad that message to the text so it may be found via Google :)

    By the way, thanks for posting this, I had spent about three hours banging my head against a wall before I found this post by coincidence and it solved it instantly :)

  • Thank you very much for this.

    I will now write my own blog post for this, as the error should be emphasized somehow.

    riccardo

Page 1 of 1 (5 items)