Blazor template issues with Google Authentication [dotnet 8 rc2]

[sikora507]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

There are some issues with google authentication when using blazor templates from the dotnet 8 rc2.

• Error when trying to enter my account page (manage) after signing in with google
• For page that requires authenticated user, my first and last name is visible for a second but then swaps with my email address.
• Cannot log out when signing in with google

Expected Behavior

• There should be no error after entering my account's page
• The page that requires authenticated user should display either my email or first + last name
• I should be able to log out

Steps To Reproduce

Create new blazor project:
dotnet new blazor -n AuthTest -au Individual -int Auto -ai

After following the link provided in the template to configure external auth:
https://go.microsoft.com/fwlink/?LinkID=532715

Add the google package:
dotnet add package Microsoft.AspNetCore.Authentication.Google --version 7.0.12

Add .AddGoogle() section in Program.cs:

builder.Services.AddAuthentication(IdentityConstants.ApplicationScheme)
    .AddGoogle(options =>
    {
        options.ClientId = builder.Configuration["Authentication:Google:ClientId"]!;
        options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"]!;
    })
    .AddIdentityCookies();

Add your client id and secret to the appsettings.json:

  "Authentication": {
    "Google": {
      "ClientID": "<your client id here>",
      "ClientSecret": "<your client secret here>"
    }
  }

The ClientId and ClientSecret are taken from console.cloud.google.com:
after creating a project, go to
Api & Services -> Credentials

Then create new OAuth Client ID

Set the type of Web Application

Set redirect uri similar to this, but put there your port that will be probably different than mine

Once you have client id and secret you will be able to log in with Google.
However when I try to enter the /account/manage/ endpoint (when I click on the link with my first and last name in the menu) I am redirected to InvalidUser page:

There is another thing:
When I try to enter "Auth Required" page, I see my first name and last name for a brief moment, but then I think the web assembly kicks in and swaps it with my email:

Exceptions (if any)

No response

.NET Version

8.0.100-rc.2.23502.2

Anything else?

No response

[halter73]

Thanks for the report. You should be able to fix the "Unable to load user with ID ..." error by changing

builder.Services.AddAuthentication(IdentityConstants.ApplicationScheme)

to

builder.Services.AddAuthentication(options =>
    {
        options.DefaultScheme = IdentityConstants.ApplicationScheme;
        options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
    })

This ensures the Google/OAuth RemoteAuthenticationHandler callback handler uses the correct IdentityConstants.ExternalScheme scheme so SignInManager.GetExternalLoginInfoAsync() can use that same scheme to read the LoginProviderKey set by the RemoteAuthenticationHandler.

Program.cs templates have already been updated to set the DefaultSignInScheme to IdentityConstants.ExternalScheme as part of #51134.

When I try to enter "Auth Required" page, I see my first name and last name for a brief moment, but then I think the web assembly kicks in and swaps it with my email:

I wasn't able to reproduce this even with the older RC2 template after updating the DefaultSignInScheme. I see my email address during both the initial static render and the WebAssembly rerender. I'm guessing this has something to do with the wrong DefaultSignInScheme leaving you half logged in.

Can you confirm that changing the DefaultSignInScheme fixes this issue too?

[ghost]

Hi @sikora507. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

[ghost]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

See our Issue Management Policies for more information.