Some months ago, Rick Anderson and Erik Reitan wrote a very good article in the asp.net website (http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on) to show how the ASP.NET Identity authentication / authorization framework can leverage external authentication providers as Google, Facebook, Twitter and LinkedIn.
These providers do frequent changes to their interfaces. I am writing this post to underline a couple of tricky errors that the Google / LinkedIn authentications can present to you even if you seemingly do everything by the books.
Authentication with Google: tricks
Google can give you: “externalLoginCallback?error=access_denied” if you don’t allow your application to use certain – not so intuituive – APIs. In particular, the API that must be checked so that Google gives the green light for authentication is the Google+ API, which is not pre-authorized.
This is documented in MSDN: http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0-0-rc-release.aspx, however, i thought it was a good idea to replicate the same concept on this site in order to make it easier to find it with a search on the redirect URI error.
Another error one can get for the Google authentication is that the Google “project” has to have a PRODUCT_NAME (however, this is easy to spot because it is Google’s page itself to tell you where the problem lies).
All in all, these are the steps to enable the Google + authentication in MVC 5 (highly suggested to use Visual Studio 2013 Release 2 or superior)
Steps in Visual Studio
Create a new MVC project with “Individual user” authentication
From Nuget, download the Microsoft.Owin.Security.Google package
Enable https for your site (project – properties – set SSL enabled to true)
Steps in Google Developer Console
Go to https://console.developers.google.com/project. Click on “Create Project”.
Click on the project name, click on APIs in the left menu and select “Google+ API”. Set it to ON (default is OFF)
Click on “Credentials” – oAuth.
Once you do this step, you have a ClientID and a Secret. You will need those for the Visual Studio application.
In the Consent screen, choose a contact email and give the PRODUCT a name!
Back to Visual Studio
In the folder App_Start, there is a file Startup.Auth.cs.
Un-comment the lines releted to the Google authentication and fill the ClientId and ClientSecret fields with those given out by Google (these below are examples, they don’t work.
ClientId = “xyzsdusidui2uo2380r787285780457284057804.apps.googleusercontent.com”,
ClientSecret = “Uhjhkjhk189r_iGAsMZdHz”
Now you should be good to use Google to register and authenticate your users.
Authentication with LinkedIn: tricks
Rick and Erik mention this good tutorial for authentication with Yahoo and LinkedIn (+ a set of other OAuth 2.0 providers)
The LinkedIn tutorial is a bit simplified: it does not take into consideration the Redirection URI for localhost.
How to work with Localhost?
As with Google, you need to write down the httpS address of your localhost, for instance: https://localhost:44302/
Beware: for the authentication to work, the OAuth 2.0 redirection URLs must be set to https://localhost:44302/signin-linkedin (or your port of course).
You have to set this address here:
In case you don’t append /signin-linkedin, you’ll end up with an “invalid redirect_uri” error: