IdentityServer4 with Google authentication for mobile application?

Question

I have managed to get my IS4 to work with Google authentication for web application.

services.AddAuthentication()
        .AddGoogle("Google", o =>
        {
            o.SignInScheme = IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme;
            o.ClientId = "11111.apps.googleusercontent.com";
            o.ClientSecret = "1231231";
        });

Now, how do I add for mobile application?

I have tried changing the ClientId to use the new one that I got from Google console. Removed the ClientSecret (because for mobile application there is no secret given). Used the same ExternalCookieAuthScheme. And I got an error because "ClientSecret" must be provided. So how do I get this to work?

Answer 1

In this case you are trying to login from IdentityServer via google as external identity provider. From google point of view, the client is IdentityServer. And IdentityServer is a web application. You should stick to the original client created on google.

For future reference: We need to set the application type to android or IOS when we are trying to login directly from mobile apps.

Answer 2

The client credentials here:

        o.ClientId = "11111.apps.googleusercontent.com";
        o.ClientSecret = "1231231";

Is only between the IdentityServer and Google and this should not be stored in the mobile client.

The clientid + secret that is used in the mobile application is found in the Client definition for the mobile application in IdentityServer.

Google in this case does not care if the user authenticates with a web application or client application. Google will only see that a user via IdentityServer tries to login. So google is completely shielded from what kind of application is using IdentityServer.

So, in IdentityServer, you can create one client entry for the web application and one client entry for your mobile application.

See the client type in the documentation here.