Visual Studio 2015 Asp.Net MVC Web App: Google authentication, ?not passing redirect_uri

Question

I'm new to external login routines, but this is what has me stopped. Would greatly appreciate assistance as I wire up Visual Studio 2015 mvc web app.

First attempt was with google.

Successfully set up google:

---------from google developer page----------------
Client ID: (xxed out here)
Client secret   (xxedout here)

Redirect URIs   
https://localhost:44300/tsic/Account/ExternalLoginCallback/
https://localhost/tsic/Account/ExternalLoginCallback/

JavaScript origins  
http://localhost:54618/
https://localhost:44300/
---------end from google developer page----------------

from Account controller:

// POST: /Account/ExternalLogin
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public IActionResult ExternalLogin(string provider, string returnUrl = null)
{

    // Request a redirect to the external login provider.
        // Request a redirect to the external login provider.
        var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { jSeg = "tsic", ReturnUrl = returnUrl });
        var properties = SignInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
        return new ChallengeResult(provider, properties);
}

I then compared the returnUrl from the controller with that from google's developers page:

from google:                 https://localhost:44300/tsic/Account/ExternalLoginCallback/
from controller in debugger: https://localhost:44300/tsic/Account/ExternalLoginCallback/

confirming that they are identical.

Then executing the code, I do get to login to google but get immediately (from the network tab of chrome inspect elements):

400. That’s an error.

Error: redirect_uri_mismatch

Application: TeamSportsInfo.com

You can email the developer of this application at: ToddTSIC@gmail.com

The redirect URI in the request: https://localhost:44300/signin-google did not match a registered redirect URI.

Looking at the request headers sent to google confirms that my code is sending an incorrect querystring "redirect_uri":

From chrome network tools:

Remote Address:216.58.218.205:443
Request URL:https://accounts.google.com/o/oauth2/auth
?response_type=code
&client_id=xxdout
&redirect_uri=https%3A%2F%2Flocalhost%3A44300%2Fsignin-google (THIS IS INCORRECT AND IS NOT WHAT WAS SUPPLIED BY SignInManager.ConfigureExternalAuthenticationProperties)
&scope=openid%20profile%20email
&state=xxdout

Have I missed something obvious or has someone else experienced this as well?

T

Answer 1

I have figured this out. Was a misunderstanding on my part, but I believe my error will provide some insight on how to make clearer for others:

The key to unraveling this was that with google the mvc produced redirect_uri was hostname://signin-google and for facebook: hostname://signin-facebook

From this I concluded that the redirect uri to be set at google and facebook developer setup pages should be those values and not (and here's my misunderstanding), the location of the callback method in mvc code: ExternalLoginCallback

So setup instructions should be:

1) set your provider's (Google, Facebook), redirect_uri to be https://hostnamexxxx/signin-(providername) (there was no way to know this value other than by tracing the headers produced by ChallengeResult(provider, properties) in Account/ExternalLogin)

2) set the redirectUrl for SignInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl) to be your location of ExternalLoginCallback method.

To restate my mistake: I thought the redirect_uri set on the provider setup side (at Google or at Facebook) was to be the url of the mvc callback method: ExternalLoginCallback. It's not, rather it must be protocol://hostname/signin-(providername). The url of the callback method: ExternalLoginCallback however must be the redirectUrl to be used in ExternalLogin method's call to ConfigureExternalAuthenticationProperties.