Reputation: 1372
I am trying to implement OAuth authentication to WebApi, i have created controller (directly from example) with method:
[OverrideAuthentication]
[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public IHttpActionResult GetExternalLogin(string provider, string error = null)
{
string redirectUri = string.Empty;
if (error != null)
{
// However google api returns 'access_denied' as error.
return BadRequest(Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
// This is runned on first execution.
return new ChallengeResult(provider, this);
}
// Here we should continue with google api callback.
... Rest doesnt matter here.
ChallengeResult:
public class ChallengeResult : IHttpActionResult
{
public string LoginProvider { get; set; }
public HttpRequestMessage Request { get; set; }
public ChallengeResult(string loginProvider, ApiController controller)
{
LoginProvider = loginProvider;
Request = controller.Request;
}
public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
Request.GetOwinContext().Authentication.Challenge(LoginProvider);
var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
return Task.FromResult(response);
}
}
GetExternalLogin method is called twice, first is from me, after that api send ChallengeResult to google. I am redirected to google site and asked questions for valid scope (can i access. eg to email, profile information and so on), i press yes yes everything is okay for me. However after that google callback returns 'access_denied' error string to this method.
Any idea what may be wrong? Call i used was:
http://localhost:8080/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=49235566333-78t8252p46lo75j5e52vda3o1t8fskgc.apps.googleusercontent.com&redirect_uri=http://localhost:8080
Client_id is replaced with dummy account.
redirect_uri is defined correctly to google console, error is different if its is incorrect.
Tried: Listing Circles with Google+ for Domains API fails in access_denied but id:s are identical.
Edit: After hours of debugging have figured out that problem between my solution and example is Microsoft.Owing.Security.Google package. In example version used is 2.1.0 and if i update it to 3.0.0 this problem appear.
No idea of root reason yet through.
Upvotes: 3
Views: 2441
Reputation: 71
I had this issue as well. To resolve the issue, try modifying your Google app to use the Google + API. I was using only the "Identity Toolkit API" before. According to the article that Pranav pointed out, when you upgrade to Google Middleware 3.0.0(Microsoft.Owin.Security.Google) you need to use the Google + API.
Upvotes: 4
Reputation: 4154
Have you looked at this post and change the callback settings as well?http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0-0-rc-release.aspx
Upvotes: 1