CODEWITHSUNDEEP
xamarinazure-mobile-servicesgoogle-authentication
M S
M S

Reputation: 23

Xamarin Android - Google Play service Authentication and Azure mobile service backend

I am using the new google SDK for authentication on android.

Here is the code that I use to get the authentication token

        GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DefaultSignIn)
                .RequestEmail()
                .RequestId()
                .RequestIdToken(serverClientID)                    
                .RequestServerAuthCode(serverClientID)
                .Build();


        mGoogleApiClient = new GoogleApiClient.Builder(context)
                .AddApi(Auth.GOOGLE_SIGN_IN_API, gso)                    
                .Build();

Then under the activity result, I get the id token:

// Signed in successfully, show authenticated UI.
GoogleSignInAccount acct = result.SignInAccount;

var idToken = acct.IdToken;
var authorizationCode = acct.ServerAuthCode

Everything works fine up to this step. Then I try to call the azure mobile client to authenticate. Here is the code. I pass in the id token and authorization code.

var zumoPayload = new JObject();
zumoPayload["id_token"] = idToken;
zumoPayload["authorization_code"] = authorizationCode;

user = await this.client.LoginAsync(MobileServiceAuthenticationProvider.Google, zumoPayload);

This step fails. I get some unknown error. It seems the id token that I am passing to azure mobile service is not working.

Just to let you know that I have already setup the google project and also enabled google authentication under azure portal. The google authentication works fine when I use server flow. But this client flow is not working for some reasons. Any idea what I am doing wrong?????

Upvotes: 2

Views: 380

Answers (2)

Emil
Emil

Reputation: 6921

i just want to add my 2 cents here. I was able to implement on Android using Facebook SDK and Google SDK natively and then register those into Azure Mobile Services. trick here is Facebook SDK provides you actual access token but Google SDK doesnt give you that instead, you are getting IdToken from google. You need to request is as below

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DefaultSignIn)
                                                         .RequestEmail()
                                                          .RequestIdToken("yourClientCode")
                                                          .RequestServerAuthCode("yourClientCode")
                                                         .Build();

Then pass that IdToken to the Mobile Azure Services as below

var zumoPayload = new Newtonsoft.Json.Linq.JObject();
                    if(provider== MobileServiceAuthenticationProvider.Facebook)
                    zumoPayload.Add("access_token", accessToken);

                    if (provider == MobileServiceAuthenticationProvider.Google)
                        zumoPayload.Add("id_token", accessToken);

                    var result = await App.Client.LoginAsync(provider, zumoPayload);

Upvotes: 0

Bruce Chen
Bruce Chen

Reputation: 18465

For Client-managed authentication, you need to pass the access_token returned from google, then use the following code for authenticating with your mobile apps:

var zumoPayload = new JObject();
zumoPayload["access_token"] = "{access_token}";

user = await this.client.LoginAsync(MobileServiceAuthenticationProvider.Google, zumoPayload);

Note: Since you are using the client authentication flow, you independently contact your identity provider, you need to retrieve the access_token, then pass it to your azure mobile apps backend, at this time your mobile backend would send request to the related rest api by using the access_token to get the logged user profile, then it would issue a JWT token named the authenticationToken to your mobile client.

UPDATE:

I tried to simulate sending request against azure mobile app for client authentication flow as follows:

POST https://{your-app-name}.azurewebsites.net/.auth/login/google
Body {"access_token":"{your-access-token}"}

But I retrieved the following error:

400 'id_token' field is required.

I did test the client-authentication flow for MSA,Facebook,Google,etc. But there seems that something changed for the client authentication flow via Google account. I changed the payload and just sent the id_token, then it could work as follows:

enter image description here

In general, you just need to remove zumoPayload["authorization_code"] = authorizationCode;, then your logging should work as expected.

Upvotes: 2

Related Questions