0

We're using this library Google.Apis.Auth.OAuth2 to request the user to enter oauth credentials.

https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth

This line 

          var precreds = GoogleWebAuthorizationBroker.AuthorizeAsync(
            clientSecret,
            scopesList,
            emailAddress,
            CancellationToken.None,
            new FileDataStore(AuthStorageDir)
        );
        var creds = await precreds;

This will popup a browser and request the user to click on the correct oauth account.

The issue is the emailAddress. In the documentation some places show its being set to "user" and other places say "the user to authorize". We're using the latter interpretation and are providing an email address. But the user could click on a different email address.

Does anyone know what is the correct interpretation?

If we are correct and an email address can be provided, is there a way to detect the email address they clicked on? and then popup a warning message.

mbalsam
  • 611
  • 1
  • 6
  • 16

1 Answers1

0

I was also wondering what this user information is in GoogleWebAuthorizationBroker.AuthorizeAsync and was searching for an explanation as it is documented very poorly. I think I found the answer in the comments of the following topic: Check if user is already logged in

It is only an information about local users and has nothing to do with the user authenticated against the api. It only enables you to switch users in your application if you need this e.g. For every user an inidividual response file ist stored on your machine: C:\Users\WindowsUser\AppData\Roaming\Google.Apis.Auth\Google.Apis.Auth.OAuth2.Responses.TokenResponse-AuthorizeAsyncUser.

I will check this today in the evening.

Drexel
  • 53
  • 4