Unable to find a good solution to why the oauth state (or callback URL) is not working when migrating login in .Net7 to .Net8. Both custom and external login works perfect in .Net 7 with the identity template. Migrating to .Net 8 breaks the callback functionality for Google login. Spent hours of tweaking in Program.cs, Updating NuGet packages and and having the .Net 8 identity template UI up and running as Blazor components. To have .Net8 behave as close as possible to the old .Net7 Blazor Server, "InteractiveServer" rendermode was configured for the HeadOutlet and Routes components at the top level in App.razor. I am able to log in and accept the defined scopes, the final callback URI is returning the state value from Google along with some scopes etc., but complains about the oauth state:
The login is accepted and the returned state URL is correct (same as in .Net7): https://localhost:7036/signin-google?state=CfDJ8GIGhrvFRF..........
The old mvc razor view .cshtml files from the .Net7 template located in the project "Area" folder was removed and replaced with the .Net8 templated razor components in a Components folder:
The Google Oauth2 client configuration stays untouched with callback "https://localhost:7036/signin-google" and necessary updates to Program.cs is added. Else I would not be able to have the .Net8 identity template login UI up and running at all.
The authentication code in Program.cs looks like this:
static void AddAuthentication(WebApplicationBuilder builder){ var authenticationBuilder = builder.Services.AddAuthentication(options => { options.DefaultScheme = IdentityConstants.ApplicationScheme; options.DefaultSignInScheme = IdentityConstants.ExternalScheme; }); _ = authenticationBuilder.AddIdentityCookies(); var googleInternalClientId = builder.Configuration["Authentication:GoogleInternal:ClientId"]; var googleInternalClientSecret = builder.Configuration["Authentication:GoogleInternal:ClientSecret"]; if (!string.IsNullOrEmpty(googleInternalClientId) && !string.IsNullOrEmpty(googleInternalClientSecret)) { var appendixEmployee = "Employee"; var authSchemeEmployee = Enum.GetName(typeof(LoginProviderType), LoginProviderType.Google) + Enum.GetName(typeof(LoginProviderAccountType), LoginProviderAccountType.Business) + appendixEmployee; //GoogleDefaults.AuthenticationScheme _ = authenticationBuilder.AddGoogle(authSchemeEmployee,"Google" + appendixEmployee, go => { go.ClientId = googleInternalClientId; go.ClientSecret = googleInternalClientSecret; go.SaveTokens = true; // See your primary Google Account email address go.Scope.Add("https://www.googleapis.com/auth/userinfo.email"); // Associate you with your personal info on Google go.Scope.Add("openid"); // View your email messages and settings go.Scope.Add(GmailService.Scope.MailGoogleCom); go.Scope.Add(GmailService.Scope.GmailLabels); go.Scope.Add(GmailService.Scope.GmailModify); go.Scope.Add(GmailService.Scope.GmailSend); go.Scope.Add(GmailService.Scope.GmailSettingsBasic); //go.CallbackPath = "/signin-google"; go.Events.OnCreatingTicket = ctx => { List<AuthenticationToken> tokens = ctx.Properties.GetTokens().ToList(); tokens.Add(new AuthenticationToken() { Name = "created_at", Value = DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss.fffffffK") }); ctx.Properties.StoreTokens(tokens); ctx.Properties.IsPersistent = true; SaveAspNetUserTokenAndClaims(ctx, authSchemeEmployee); return Task.CompletedTask; }; }); }}Followed this guide:https://jonhilton.net/blazor-net8-migration/
.. which in turn seems to be a more to-the-point version of the original Microsoft doc:https://learn.microsoft.com/en-us/aspnet/core/migration/70-80?view=aspnetcore-8.0&tabs=visual-studio
Login is not mentioned anywhere. So I created a new .Net8 Blazor project on the sideline using the Visual Studio 2022 "Blazor Web App" template. The only one at the time which gives access to .Net8. This template returned the Blazor components based login file structure which you see on the image above. It took me about 5 minutes to copy over the Google login authentication in Program.cs and I am able to login in. I just had to add another callback URI in the google configuration to reflect another port on localhost.
Does anyone have a clue at all to what is disturbing the built-in middleware /signing-google callback URI when migrating from .Net7?
Did compare the new Visual Studio 2022 "Blazor Web App" template filestructre where .net8 identity template was added to the migration project file by file. I suspect leftovers from the .Net7 "Blazor Server" template from .net7 causes some sort of issue with the built-in "/signin-google" identity callback URI but I have not managed to figure it out.