DotNetOpenAuth 4.3 and Google - OpenID 2.0 + OAuth 1.0 deprecated

Question

If you want to cut to the chase, the question is: what is the best/official way to use DotNetOpenAuth with Google in asp.net mvc 5?

About a year ago, I used OAuth (D

Answer 1

Here is the recommended way to use Google authentication as well as a few other social integrations:

http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

In order to use oauth2 (assuming your using MVC)

1. Enable the Google OpenID provider Open the App_Start\Startup.Auth.cs file and remove the comment characters in //app.UseGoogleAuthentication(); to enable Google authentication.

2. Under Use another service to log in, click Google. The user is then redirected to the google site where you will enter your credentials.

If you don't have this file or folder "app_start", then you probably created a 'blank' project, instead of an "internet" project when you first created the solution. It's much easier (if planning on using external logins) to select 'internet application' when you first begin. Not sure what editor your using, but Visual Studio 2012/2013 make this ridiculously easy!

If your going to use OpenID which is now the recommended way, here is a great starting point: https://developers.google.com/accounts/docs/OpenID#settingup

Lastly, if you have access to NUGET through your editor like (Visual studio) , you'll find these tasks, like adding oAuth-1/2 or openId have been made very easy..

Here is a last link that would get you off in the right direction if the above doesn't really fit your build... With a few more details, I would be more than happy to help guide you to the best solution. One thing I can say is that oauth2 IS still very relevant and used in many applications today, and you wouldn't be wrong implementing this while starting a new project today - it would be the right way to go (or at least one of the right ways to go)... Hope some of this helps and isn't just going down a path you have already been down.

Hope all is well.

Answer 2

This is how you use DotnetOpenAuth with Google/OAuth2.

First, reference the DotnetOpenAuth.Ultimate package from Nuget.

Then create a provider class and the profile model class

public class GoogleClient : WebServerClient
{
    private static readonly AuthorizationServerDescription GoogleDescription = 
        new AuthorizationServerDescription
    {
        TokenEndpoint = new Uri( "https://accounts.google.com/o/oauth2/token" ),
        AuthorizationEndpoint = new Uri( "https://accounts.google.com/o/oauth2/auth" ),
        ProtocolVersion = ProtocolVersion.V20
    };

    public const string ProfileEndpoint = "https://www.googleapis.com/oauth2/v1/userinfo";

    public const string ProfileScope = "https://www.googleapis.com/auth/userinfo.profile";
    public const string EmailScope = "https://www.googleapis.com/auth/userinfo.email";

    public GoogleClient()
        : base( GoogleDescription )
    {
    }
}

public class GoogleProfileAPI
{
    public string email { get; set; }

    private static DataContractJsonSerializer jsonSerializer = 
        new DataContractJsonSerializer( typeof( GoogleProfileAPI ) );

    public static GoogleProfileAPI Deserialize( Stream jsonStream )
    {
        try
        {
            if ( jsonStream == null )
            {
                throw new ArgumentNullException( "jsonStream" );
            }

            return (GoogleProfileAPI)jsonSerializer.ReadObject( jsonStream );
        }
        catch ( Exception ex )
        {
            return new GoogleProfileAPI();
        }
    }
}

Then, in your login page (login controller) have this code:

    private static readonly GoogleClient googleClient = new GoogleClient
    {
        ClientIdentifier = "client_id",
        ClientCredentialApplicator = ClientCredentialApplicator.PostParameter( "client_secret" )
    };

        // Page_Load of login page if WebForms
        // Login action of the Account controller if MVC 

        IAuthorizationState authorization = googleClient.ProcessUserAuthorization();
        if ( authorization == null )
        {
            // Kick off authorization request
            // Google will redirect back here
            Uri uri = new Uri( "http://your.application.address/login" );
            googleClient.RequestUserAuthorization( returnTo: uri, 
                scope: new[] { GoogleClient.ProfileScope, GoogleClient.EmailScope } );
        }
        else
        {
            // authorization. we have the token and 
            // we just go to profile APIs to get email (and possibly other data)
            var request =
                WebRequest.Create(
                    string.Format( "{0}?access_token={1}", 
                    GoogleClient.ProfileEndpoint, 
                    Uri.EscapeDataString( authorization.AccessToken ) ) );
            using ( var response = request.GetResponse() )
            {
                using ( var responseStream = response.GetResponseStream() )
                {
                    var profile = GoogleProfileAPI.Deserialize( responseStream );
                    if ( profile != null &&
                        !string.IsNullOrEmpty( profile.email ) )
                        FormsAuthentication.RedirectFromLoginPage( profile.email, false );
                }
            }
        }