英文:
Problem getting ASP.NET Core Google login to work
问题
I have an ASP.NET Core MVC web app, in which I want to add Google login.
I followed this description:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0
When I run the app, choosing the Google login button/option, adding my mail to the login screen at the Google site (https://accounts.google.com/v3/signin/identifier ...) I get to the next page which says:
> This browser or app may not be secure. ...
I tried a few things of editing settings at my apps Google credentials page (https://console.cloud.google.com/apis/credentials/oauthclient/).
I have added: https://localhost:7049 for the "Authorized JavaScript origins" part and: https://localhost:7049/signin-google for the "Authorized redirect URIs" part.
Am I missing something else that's important here?
Thanks for any assistance!
Updated with picture of my settings in the Google Console.
Updated with my settings in the "OAuth consent screen":
I have added two email addresses and have tried both to login. No luck here ...
Update. This code is added in the Program.cs file:
{
// For compatibility between platforms ":" shall be
// replaced with "__" / double underscore
IConfigurationSection googleAuthNSection =
builder.Configuration.GetSection("Authentication:Google");
// Instead use ( TODO ???, BOTH seems to work ..):
// options.ClientId =
configuration["Authentication:Google:ClientId"];
// options.ClientSecret = configuration["Authentication:Google:ClientSecret"];
// When to use ":" and when to use "__" ??? Probably in the config file (that do not seem to work!? ...) ???
options.ClientId = googleAuthNSection["ClientId"];
options.ClientSecret = googleAuthNSection["ClientSecret"];
})
and also added this:
{
context.Response.Headers.Add("Referrer-Policy", "no-referrer-when-downgrade");
await next();
});
The last piece is in relation to the info written here:
https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid
It says:
> When you perform local tests or development, you must add both http://localhost and http://localhost:<port_number> to the Authorized JavaScript origins box. The Referrer-Policy header must also be set to no-referrer-when-downgrade when using http and localhost.
Unsure what this exactly does or means, or if it is relevant in my case.
A short description of how I got here is something like this:
- Followed this description at Microsoft:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0
and this description at Google:
https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid - Created an ASP.NET CORE app with authentication. .NET 7 with the latest version of C#. Added the Nuget package: Microsoft.AspNetCore.Authentication.Google
- Created a project at the Google site for developers (https://console.cloud.google.com/) and added there the OAuth 2.0 Client credentials parts with the added URIs as in the picture above. Also added/edited the settings at the "OAuth consent screen" page. See above!
- Added the key and link for the created Google OAuth 2.0 credentials to the "developer local storage" as described in the Microsoft link which makes it possible to use the "configuration" parts in my added code for the Program.cs file.
- Added the code as described above.
- Started the web app and then tried to use my own two Google accounts to login. I get to the point where you add your email address and continue. And here I get the message "This browser or app may not be secure. ...".
A note here is that I have my Google account set for two-factor authentication. There are a few links and videos online that say that this can cause this problem. And here they reference that you need to enable "unsecure app login" and due to this remove the two-factor authentication. However! You can now no longer disable this at the Google site as of last year (I think it was last year ...). And it seems strange/not ok that this solution should Not support two-factor login when this is more or less the general standard to increase your account's security!?
英文:
I have an ASP.NET Core MVC web app, in which I want to add Google login.
I followed this description:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0
When I run the app, choosing the Google login button/option, adding my mail to the login screen at the Google site (https://accounts.google.com/v3/signin/identifier ...) I get to the next page which says:
> This browser or app may not be secure. ...
I tried a few things of editing settings at my apps Google credentials page (https://console.cloud.google.com/apis/credentials/oauthclient/).
I have added: https://localhost:7049 for the "Authorized JavaScript origins" part and: https://localhost:7049/signin-google for the "Authorized redirect URIs" part.
Am I missing something else that's important here?
Thanks for any assistance!
Updated with picture of my settings in the Google Console.
Updated with my settings in the "OAuth consent screen":
I have added two email addresses and have tried both to login. No luck here ...
Update. This code is added in the Program.cs file:
.AddGoogle(options =>
{
// For compatibility between platforms ":" shall be
// replaced with "__" / double underscore
IConfigurationSection googleAuthNSection =
builder.Configuration.GetSection("Authentication:Google");
// Instead use ( TODO ???, BOTH seems to work ..):
// options.ClientId =
configuration["Authentication:Google:ClientId"];
// options.ClientSecret = configuration["Authentication:Google:ClientSecret"];
// When to use ":" and when to use "__" ???
// Probably in the config file (that do not seem to work!? ...) ???
options.ClientId = googleAuthNSection["ClientId"];
options.ClientSecret = googleAuthNSection["ClientSecret"];
})
and also added this:
app.Use(async (context, next) =>
{
context.Response.Headers.Add("Referrer-Policy", "no-referrer-when-downgrade");
await next();
});
The last piece is in relation to the info written here:
https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid
It says:
> When you perform local tests or development, you must add both http://localhost and http://localhost:<port_number> to the Authorized JavaScript origins box. The Referrer-Policy header must also be set to no-referrer-when-downgrade when using http and localhost.
Unsure what this exactly does or means, or if it is relevant in my case.
A short description how I got her is something like this:
- Followed this description at Microsoft:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0
and this description at Google:
https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid - Created an ASP.NET CORE app with authentication. .NET 7 with latest version of C#. Added the Nuget package: Microsoft.AspNetCore.Authentication.Google
- Created a project at the Google site for developers (https://console.cloud.google.com/) and added there the OAuth 2.0 Client credentials parts with the added URIs as in the picture above. Also added/edited the settings at the "OAuth consent screen" page. See above!
- Added the key and link for the created Google OAuth 2.0 credentials to the "developer local storage" as described in the Microsoft link which makes it possible to use the "configuration" parts in my added code for the Program.cs file.
- Added the code as described above.
- Started the web app and then tried to use my own two Google accounts to login. I get to the point where you add your email adress and continue. And here I get the message "This browser or app may not be secure. ...".
A note here is that I have my Google account set for two factor authentication. There are a few links and videos online that says that this can cause this problem. And here they reference that you need to enable "unsecure app login" and due to this remove the two factor authentication. However! You can now no longer disable this at the Google site as of last year (I think it was last year ...). And it seems strange/not ok that this solution should Not support two factor login when this is more or less the general standard to increase your accounts security!?
答案1
得分: 4
在Google控制台中进行设置。
Program.cs文件中的代码应如下:
builder.Services.AddAuthentication().AddGoogle(googleOptions =>
{
googleOptions.ClientId = "103****7s.apps.googleusercontent.com";
googleOptions.ClientSecret = "GOCSPX-****_b3-jMPKHe";
}).AddMicrosoftAccount(microsoftOptions =>
{
microsoftOptions.ClientId = "b3fb++_if_you_have_++c5fe2d";
microsoftOptions.ClientSecret = "R****cbku";
});
测试结果
英文:
Setting in Google Console.
Your code in Program.cs file should be like below:
builder.Services.AddAuthentication().AddGoogle(googleOptions =>
{
googleOptions.ClientId = "103****7s.apps.googleusercontent.com";
googleOptions.ClientSecret = "GOCSPX-****_b3-jMPKHe";
}).AddMicrosoftAccount(microsoftOptions =>
{
microsoftOptions.ClientId = "b3fb++_if_you_have_++c5fe2d";
microsoftOptions.ClientSecret = "R****cbku";
});
Test Result
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论