Login/Register
SPA (Aurelia) + ASP.NET Core WebAPI + Google Authentication
Asked Answered
Solved authenticationsingle-page-applicationaureliaasp.net-core-webapi
B

1

7

My SPA application (using Aurelia) calls my ASP.NET Core 2 Web API. I need to authenticate users with Google OIDC provider and also secure the Web API with the same method.

Currently I'm able to authenticate user on the client (SPA) side and retrieve id token and access token. With each API call I send the access token in the header.

Now I'm not sure how to handle the server side to validate the token and grant or deny the access to the API. I followed official docs how to add external login providers, but it seem to work only for server-side MVC applications.

Is there any easy way how to do this?

I think for instance IdentityServer4 can support this scenario, but it seems to me too complex for what I need to do. I don't need my own identity/authorization server after all.

Update:

Based on Miroslav Popovic answer, my configuration for ASP.NET Core 2.0 looks like this:

public void ConfigureServices(IServiceCollection services)
{
  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(o =>
  {        
    o.Authority = "https://accounts.google.com";
    o.TokenValidationParameters = new TokenValidationParameters
    {
      ValidIssuer = "accounts.google.com",
      ValidAudience = "xxxxxxxxxxxxx.apps.googleusercontent.com",
      ValidateAudience = true,
      ValidateIssuer = true
    };
  });

  services.AddMvc();
}

And in Configure() I call app.UseAuthentication().

When using this setup I get failure message No SecurityTokenValidator available for token.

Update 2:

I made it work. The server configuration is correct. The problem was I was sending access_token to the API instead of id_token.

Bigner answered 16/12, 2017 at 19:32 Comment(0)
Z
4

Since you already have the access token, it shouldn't be too hard to use it to add authentication. You would need something along these lines (not tested):

// Inside Startup.cs, ConfigureServices method
services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(
        options =>
        {
            var tokenValidationParameters = new TokenValidationParameters
            {
                ValidIssuer = "accounts.google.com",
                ValidateAudience = false
            };

            options.MetadataAddress = "https://accounts.google.com/.well-known/openid-configuration";
            options.TokenValidationParameters = tokenValidationParameters;
    });

// Inside Startup.cs, Configure method
app.UseAuthentication(); // Before MVC middleware
app.UseMvc();

// And of course, on your controllers:
[Authorize]
public class MyApiController : Controller

This post from Paul Rowe might help some more, but note that it's written for ASP.NET Core 1.x and authentication APIs changed a bit in 2.0.

There is also a lot of info here on SO, like this question.

Zsigmondy answered 17/12, 2017 at 0:15 Comment(4)
Thanks for the help. I've tried the code (I adapted it for 2.0), but the server fails with the message: "No SecurityTokenValidator available for token." I'm not sure why, the token I post from SPA comes directly from Google.Bigner
I have update the original question with my current code.Bigner
can you please share the link for OIDC google authentication using MVC/Webform?Jadeite
@EngrUmair maybe this documentation page can help? learn.microsoft.com/en-us/aspnet/mvc/overview/security/…Zsigmondy

© 2022 - 2024 — McMap. All rights reserved.