Using Google.Apis.Auth in .NET 8

[vanna798756]

We are trying to implement a Google Calendar sync function in our app. We have tried using the Google.Apis.Auth.AspNetCore3 packages but it doesn't seem for purpose as it hijacks the existing authentication in the system.

Is it possible to use the previous version Google.Apis.Auth in .NET 8 without trouble?

For example of our attempts to use Google.Apis.Auth.AspNetCore3 see https://stackoverflow.com/questions/78919223/combining-googleopenid-and-cookie-authentication-in-asp-net-core-8/78922674

[jskeet]

It's not clear what you mean by "hijacks the existing authentication". Both @amanda-tarafa and I are on vacation at the moment; Amanda knows a lot more about this than I do, and I'm sure she'll look at it when she's back at work next Tuesday.

[vanna798756]

Basically I have an application where people authenticate using standard cookie forms authentication. As part of this application there is a function where they need to be able to retrieve Google calendars. Using the Google.Apis.Auth.AspNetCore3 as soon as I do this it logs me out of the primary authentication and logs in as Google. I don't want to do this, I just want for them to log in and get the list of calendars.

What would really be ideal was if I could get it running in a service, but I still need the user to authenticate their own credentials before the service can call the Calendar API. This was all possible with the old API.

[jskeet]

I suspect this is more a question of "how do I use multiple forms of authentication in ASP.NET Core" than being specifically about Google auth - my guess is you'd have the same issue with any two auth mechanisms. That may be of some help in terms of research until Amanda and I are back at work.

[vanna798756]

Yes, I have an open SO question regarding this https://stackoverflow.com/questions/78919223/combining-googleopenid-and-cookie-authentication-in-asp-net-core-8/78922674

[amanda-tarafa]

As @jskeet and the Stack Overflow user replying to your question have said, this is not a Google Auth specific issue, this is because your application depends on two different sign in mechanisms at the same time, which both depend on cookie schemes and the out of the box capabilities from ASP.NET Core to keep track of a single signed user (HttpContext.User, etc.).

Google.Apis.Auth.AspNetCore3 is a helper package to make it easer for ASP.NET Core 3+ applications to support Google OpenID as the sign in mechanism, and that makes user's access tokens readily available to the application. Google.Apis.Auth.AspNetCore3 is not meant to be used alongside other sign in mechanisms that depend on cookie schemes. This is a use case that we are unlikely to consider at the moment for implementation (Note: an exception to that may be #2225 for integrating with .NET Identity, but that's also a particular use case that won't cover using any sing-on mechanism along side something like Google.Apis.Auth.AspNetCore3).

Is it possible to use the previous version Google.Apis.Auth in .NET 8 without trouble? This was all possible with the old API.

It's not clear here what you mean with "the previous version Google.Apis.Auth" and "the old API". Google.Apis.Auth.AspNetCore3 is not the successor of Google.Apis.Auth. Google.Apis.Auth.AspNetCore3 is just a helper package, built on top of Google.Apis.Auth, for integrating Google OpenID with ASP.NET Core 3+, covering some common use cases. Since your use case is more complex than what Google.Apis.Auth.AspNetCore3 supports, you can definetely use Google.Apis.Auth to build your own access token obtention mechanism without relying on cookies, so that you can continue using other sign-in mechanism that does.

[vanna798756]

Thanks. Are there any examples of authentication with .NET Core 3+ without using the AspNetCore3 package, but using the Google.Apis.Auth package? Basically an example of using GoogleAuthorizationCodeFlow in a .NET Core 3+ app.

[amanda-tarafa]

We don't have a sample, but you can use Google.Apis.Auth.OAuth2.Web.AuthorizationCodeWebApp which is a helper class that wraps a flow and implements the steps described in Using OAuth 2.0 for Web Server Applications.

You need to decide how to store user credentials and implement a Google.Apis.Util.Store.IDataStore that you pass to the flow on construction.

[amanda-tarafa]

@vanna798756 I'll close this issue as I believe we've answered your questions. Feel free to leave a comment if you believe otherwise and of course, create new issues if you encounter problems when using Google.Apis.Auth.