1

I have a Mobile app which Authenticates against my Web Api, i am issuing user's a JWT token upon successful login, which users can use with all subsequent requests. this is how i have the current setup for web api

.AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ClockSkew = TimeSpan.Zero,
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = builder.Configuration["JwtSettings:ApplicationID"],
        ValidAudience = builder.Configuration["JwtSettings:ApplicationID"],
        IssuerSigningKey = new SymmetricSecurityKey(
            Encoding.UTF8.GetBytes(builder.Configuration["JwtSettings:SecurityKey"]))
    };

})

Now I decided to add Google Auth into my app, so my users dont need to sign up and just use Google. So i added below to my Code..

.AddGoogle(options =>
    {
        options.ClientId = "xxxxx";
        options.ClientSecret = "xxxxx";
        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.SaveTokens = true;
        options.CorrelationCookie.SameSite = SameSiteMode.Lax;

    }).AddCookie(options =>
    {
        options.LoginPath = "/Account/Unauthorized/";
        options.AccessDeniedPath = "/Account/Forbidden/";
    });

I can get the token from google upon successfull Login...

var accessToken = await HttpContext.GetTokenAsync(CookieAuthenticationDefaults.AuthenticationScheme, "access_token");

now when i pass this Token to my webapi, it does not get Authenticated. I would like to Authenticate against my webapi using google token same as I am doing with my current setup. is it possible?

user2404597
  • 488
  • 4
  • 18
  • Hi @user2404597, why you manually pass the token to you webapi? The common process is configure the Google authentication in your webapi project and then add `[Authorize]` to the action. When you send request to the authorized action, it will redirect you to google login. After login successfully you can get into the action successfully. – Rena Apr 04 '22 at 09:31
  • @Rena its a mobile Android app, that's why i have to include token in every request. – user2404597 Apr 04 '22 at 18:17

1 Answers1

0

Interestingly enough: This helped https://stackoverflow.com/a/72389847/5574017

I added the Client ID, Client Secret, and Issuer to the config. I also added the AddGoogle with the appropriate config.

This allowed me to pass a Google JWT in the Bearer and verify it on each API call.

Tamb
  • 748
  • 11
  • 20