OWIN’s GetExternalLoginInfoAsync Always Returns null

by

To get OWIN Google login to work properly on a standard Visual Studio 2013, ASP.Net MVC5 site, I had to:

  1. Setup a Google OpenId account at https://console.developers.google.com/project

  2. Set the callback URL there to blah/signin-google.
    Important notes on things you don’t need to do:

    • You don’t need to use HTTPS for Google to redirect back; you can even redirect back to plain http://localhost, no problem.

    • You don’t need to setup anything for the redirect URL – no routes, Controller Actions or special permissions in Web.Config. The redirect URL is always /signin-google and OWIN handles this behind the scenes for you.

As an example, if your site was me.com, you might have these 3 callback URLs in the Google Developer Console:

http://localhost:53859/signin-google
http://test.me.com/signin-google
https://me.com/signin-google

The first one including whatever port number VS gave you for your project.

  1. Enable the Google+ API. This is one hidden b**** of a gotcha and is the root cause of the problem in the question here – if you don’t do this, it’s easy to miss that the Request to /account/ExternalLoginCallback includes &error=access_denied, and that’s because Google said no to a permissions request OWIN made for the user’s Google+ basic profile. I can’t tell whose fault this is, Google’s or Microsoft’s.

To enable the Google+ API in the Developers Console, click APIs on the left, hunt for Google+, click that and hit Enable. Yes you really do need to do that. You’re hosed if you don’t do that.

  1. Add the ClientId and ClientSecret Google gave you in the Developers Console to Startup.Auth, but improve the code in the process to explicitly use OAuth2, and explicitly ask for the user’s email address:

    var google = new GoogleOAuth2AuthenticationOptions()
{
    ClientId = "123abc.apps.googleusercontent.com",
    ClientSecret = "456xyz",
    Provider = new GoogleOAuth2AuthenticationProvider()
};
google.Scope.Add("email");
app.UseGoogleAuthentication(google);

That’s it. That finally got it working.

Just want to reiterate one more time, there are a LOT of answers about this and issues like it where OWIN/Google isn’t working, and nearly all of them are wrong for the current VS2013/MVC5/OWIN template.

You don’t need to modify Web.Config at all.

You don’t need to create any special Routes whatsoever.

You should not attempt to point /signin-google to a different place, or use a different callback URL, and you definitely shouldn’t attempt to tie it directly to /account/externallogincallback or externalloginconfirmation, because those are both separate from /signin-google and necessary steps in the OWIN/Google process.

More Related Contents:

  1. Smtp authentification required [duplicate]
  2. HTML.ActionLink method
  3. Why is JsonRequestBehavior needed?
  4. How to get the current user in ASP.NET MVC
  5. How to use signalr in Android
  6. ASP.NET MVC Razor pass model to layout
  7. How does MVC 4 List Model Binding work?
  8. How can I test for the presence of an Action Filter with constructor arguments?
  9. Getting full URL of action in ASP.NET MVC [duplicate]
  10. Filter/Search using Multiple Fields – ASP.NET MVC
  11. Determine if uploaded file is image (any format) on MVC
  12. Passing data to Master Page in ASP.NET MVC
  13. Do I need a Global.asax.cs file at all if I’m using an OWIN Startup.cs class and move all configuration there?
  14. Visual Studio – Resx File default ‘internal’ to ‘public’
  15. ASP.NET MVC – How to show unauthorized error on login page?
  16. MVC 4 how pass data correctly from controller to view
  17. How to extend IdentityUser with custom property
  18. Create zip file from byte[]
  19. Get IPrincipal from OAuth Bearer Token in OWIN
  20. Ignoring a field during .NET JSON serialization; similar to [XmlIgnore]?
  21. Set database timeout in Entity Framework
  22. How to declare a local variable in Razor?
  23. The model item passed into the dictionary is of type ‘mvc.Models.ModelA’ but this dictionary requires a model item of type ‘mvc.Models.ModelB‘
  24. Can I use ASP.NET MVC together with regular ASP.NET Web forms
  25. ASP.NET Web API and [Serializable] class
  26. How to edit multiple models in a single Razor View
  27. AddIdentity vs AddIdentityCore
  28. Running self-hosted OWIN Web API under non-admin account
  29. Uploading image in ASP.NET MVC
  30. How do I transform appsettings.json in a .NET Core MVC project?

Leave a Comment