Quantcast
Channel: Active questions tagged blazor - Stack Overflow
Viewing all articles
Browse latest Browse all 4839

Migrating Blazor Server from .net 7 to .net 8 - Google login returns "The oauth state was missing or invalid"

$
0
0

Unable to find a good solution to why the oauth state (or callback URL) is not working when migrating login in .Net7 to .Net8. Both custom and external login works perfect in .Net 7 with the identity template. Migrating to .Net 8 breaks the callback functionality for Google login. Spent hours of tweaking in Program.cs, Updating NuGet packages and and having the .Net 8 identity template UI up and running as Blazor components. To have .Net8 behave as close as possible to the old .Net7 Blazor Server, "InteractiveServer" rendermode was configured for the HeadOutlet and Routes components at the top level in App.razor. I am able to log in and accept the defined scopes, the final callback URI is returning the state value from Google along with some scopes etc., but complains about the oauth state:

enter image description here

The login is accepted and the returned state URL is correct (same as in .Net7): https://localhost:7036/signin-google?state=CfDJ8GIGhrvFRF..........

The old mvc razor view .cshtml files from the .Net7 template located in the project "Area" folder was removed and replaced with the .Net8 templated razor components in a Components folder:enter image description here

The Google Oauth2 client configuration stays untouched with callback "https://localhost:7036/signin-google" and necessary updates to Program.cs is added. Else I would not be able to have the .Net8 identity template login UI up and running at all.

The authentication code in Program.cs looks like this:

static void AddAuthentication(WebApplicationBuilder builder){    var authenticationBuilder = builder.Services.AddAuthentication(options =>    {        options.DefaultScheme = IdentityConstants.ApplicationScheme;        options.DefaultSignInScheme = IdentityConstants.ExternalScheme;    });    _ = authenticationBuilder.AddIdentityCookies();    var googleInternalClientId = builder.Configuration["Authentication:GoogleInternal:ClientId"];    var googleInternalClientSecret = builder.Configuration["Authentication:GoogleInternal:ClientSecret"];    if (!string.IsNullOrEmpty(googleInternalClientId) && !string.IsNullOrEmpty(googleInternalClientSecret))    {        var appendixEmployee = "Employee";        var authSchemeEmployee = Enum.GetName(typeof(LoginProviderType), LoginProviderType.Google) + Enum.GetName(typeof(LoginProviderAccountType), LoginProviderAccountType.Business) + appendixEmployee; //GoogleDefaults.AuthenticationScheme        _ = authenticationBuilder.AddGoogle(authSchemeEmployee,"Google" + appendixEmployee,            go =>            {                go.ClientId = googleInternalClientId;                go.ClientSecret = googleInternalClientSecret;                go.SaveTokens = true;                // See your primary Google Account email address                go.Scope.Add("https://www.googleapis.com/auth/userinfo.email");                // Associate you with your personal info on Google                go.Scope.Add("openid");                // View your email messages and settings                go.Scope.Add(GmailService.Scope.MailGoogleCom);                go.Scope.Add(GmailService.Scope.GmailLabels);                go.Scope.Add(GmailService.Scope.GmailModify);                go.Scope.Add(GmailService.Scope.GmailSend);                go.Scope.Add(GmailService.Scope.GmailSettingsBasic);                //go.CallbackPath = "/signin-google";                go.Events.OnCreatingTicket = ctx =>                {                    List<AuthenticationToken> tokens = ctx.Properties.GetTokens().ToList();                    tokens.Add(new AuthenticationToken()                    {                        Name = "created_at",                        Value = DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss.fffffffK")                    });                    ctx.Properties.StoreTokens(tokens);                    ctx.Properties.IsPersistent = true;                    SaveAspNetUserTokenAndClaims(ctx, authSchemeEmployee);                    return Task.CompletedTask;                };            });    }}

Followed this guide:https://jonhilton.net/blazor-net8-migration/

.. which in turn seems to be a more to-the-point version of the original Microsoft doc:https://learn.microsoft.com/en-us/aspnet/core/migration/70-80?view=aspnetcore-8.0&tabs=visual-studio

Login is not mentioned anywhere. So I created a new .Net8 Blazor project on the sideline using the Visual Studio 2022 "Blazor Web App" template. The only one at the time which gives access to .Net8. This template returned the Blazor components based login file structure which you see on the image above. It took me about 5 minutes to copy over the Google login authentication in Program.cs and I am able to login in. I just had to add another callback URI in the google configuration to reflect another port on localhost.

Does anyone have a clue at all to what is disturbing the built-in middleware /signing-google callback URI when migrating from .Net7?

Did compare the new Visual Studio 2022 "Blazor Web App" template filestructre where .net8 identity template was added to the migration project file by file. I suspect leftovers from the .Net7 "Blazor Server" template from .net7 causes some sort of issue with the built-in "/signin-google" identity callback URI but I have not managed to figure it out.


Viewing all articles
Browse latest Browse all 4839

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>