/// <summary> /// Validate <paramref name="idToken"/> is Google Id Token and then Login the user. An account will be auto-created if the google user does not have an account yet. /// Returns a Jwt Token for authorizing later requests. /// </summary> /// <param name="idToken"> Google Id Token provided by google when signing in with OAuth (e.g. from mobile app) </param> /// <returns> Jwt Token for authorizing later requests to API. </returns> /// <exception cref="AccountException"> Thrown when <paramref name="idToken"/> is not valid or user can not be created or login </exception> public async Task <string> LoginUsingGoogleIdToken(string idToken) { bool isValid = await IsGoogleTokenValidAsync(idToken).ConfigureAwait(false); if (!isValid) { throw new AccountException("Google Id token is invalid"); } GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(idToken).ConfigureAwait(false); PantryPlannerUser appUser = _userManager.Users.SingleOrDefault(u => u.Email == validPayload.Email); if (appUser == null) { // user doesn't exist so we'll auto create them appUser = await AutoCreateAccountFromGoogleAsync(validPayload).ConfigureAwait(false); } if (appUser != null) { // sign the user in and return a Jwt Token await _signInManager.SignInAsync(appUser, false).ConfigureAwait(false); string token = GenerateJwtToken(appUser, _configuration); return(token); } // reached here then the user could not be created/found throw new AccountException($"Could not login with google user for email {validPayload.Email}"); }
public async Task <JsonResult> IdTokenVerification(string idToken, int clientTimezoneOffset) { var payload = await GoogleJsonWebSignature.ValidateAsync(idToken, new GoogleJsonWebSignature.ValidationSettings() { IssuedAtClockTolerance = TimeSpan.FromDays(1) // for cases when server's time different from UTC time (google time). }); if (payload != null) { var member = _memberService.GetByEmail(payload.Email); if (member != null) { FormsAuthentication.SetAuthCookie(member.Username, true); _timezoneOffsetProvider.SetTimezoneOffset(clientTimezoneOffset); if (!_memberServiceHelper.IsFirstLoginPerformed(member)) { SendWelcomeNotification(member.Key); _memberServiceHelper.SetFirstLoginPerformed(member); } return(Json(new GoogleAuthResultModel() { Url = DefaultRedirectUrl, Success = true })); } } return(Json(new GoogleAuthResultModel())); }
public async Task <NewExternalUserViewModel> GetUserViewModelUserFromGoogleToken(string googleIdToken) { var googleTokenSettings = new GoogleJsonWebSignature.ValidationSettings() { Audience = new List <string>() { "680869894998-hujg19vbq0lhmhc8vf8ldmc1dnepvrti.apps.googleusercontent.com" } }; try { var validToken = await GoogleJsonWebSignature.ValidateAsync(googleIdToken, googleTokenSettings); var user = new NewExternalUserViewModel() { AuthenticationTypeId = (int)AuthenticationType.GoogleApi, Email = validToken.Email, FirstName = validToken.Name, LastName = validToken.GivenName, Password = GenerateRandomPasswordForSocialUser(), Username = validToken.Email }; return(user); } catch (InvalidJwtException ex) { Console.WriteLine(ex.Message + ex.StackTrace); throw; } }
/*admin authentication => check account, if there is admin account in the system, generate the token*/ public async Task <Account> AuthenticateAsync(string _token) { try { //get admin information from google account GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(_token); var admin = _dbContext.accounts.FirstOrDefault(x => x.Email.ToLower() == validPayload.Email.ToLower() && x.Role == Role.Admin); //if there is admin account in this system if (admin != null) { //generate token var _user = GetToken(admin.Id_account); return(_user); } //if there is no admin account in this system else { return(null); } } catch (Exception) { //error Console.WriteLine("Error check admin"); return(null); } }
public async System.Threading.Tasks.Task <ENTITIES.CustomModels.Authen.Gmail> GetUserDetailsAsync(string providerToken) { GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(providerToken); if (!payload.Audience.Equals("24917390994-co652l6gu3eeoqaf96oc9h4av23eprot.apps.googleusercontent.com")) { return(null); } if (!payload.Issuer.Equals("accounts.google.com") && !payload.Issuer.Equals("https://accounts.google.com")) { return(null); } if (payload.ExpirationTimeSeconds == null) { return(null); } else { DateTime now = DateTime.Now.ToUniversalTime(); DateTime expiration = DateTimeOffset.FromUnixTimeSeconds((long)payload.ExpirationTimeSeconds).DateTime; if (now > expiration) { return(null); } } return(new ENTITIES.CustomModels.Authen.Gmail { email = payload.Email, id = payload.Subject, name = payload.Name, imageurl = payload.Picture }); }
public async System.Threading.Tasks.Task <ClaimsPrincipal> ValidateJwtStringAsync(string authToken) { try { var payload = await GoogleJsonWebSignature.ValidateAsync(authToken); var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, payload.Name), new Claim(ClaimTypes.Name, payload.Name), new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName), new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName), new Claim(JwtRegisteredClaimNames.Email, payload.Email), new Claim(JwtRegisteredClaimNames.Sub, payload.Subject), new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer), }; var principal = new ClaimsPrincipal(); principal.AddIdentity(new ClaimsIdentity(claims)); return(principal); } catch (Exception e) { throw; } }
/// <summary> /// Sends the jwt token to Google's Servers to be validated. /// </summary> /// <returns> /// The payload received from Google, or null if the token is invalid. /// </returns> /// <param name="token">A JWT.</param> /// <param name="env">The environment, used to check if validation should be skipped.</param> public static async Task <GoogleJsonWebSignature.Payload> ValidateUser(string token, IAppEnvironment env) { if (env.SkipValidation == "true") { return(new GoogleJsonWebSignature.Payload() { Name = "Smitty Jensens", GivenName = "Smitty", FamilyName = "Jensens", Email = "*****@*****.**", Subject = "123456789109876543210", // Subject is longer than Int64 }); } try { var settings = new GoogleJsonWebSignature.ValidationSettings() { Audience = new string[] { env.Audience }, }; var validPayload = await GoogleJsonWebSignature.ValidateAsync(token); return(validPayload); } catch { return(null); } }
//[EnableCors("MyCors")] public async Task <IActionResult> GoogleLogin([FromBody] string tokenId) { try { var payload = GoogleJsonWebSignature.ValidateAsync(tokenId, new GoogleJsonWebSignature.ValidationSettings() { ExpirationTimeClockTolerance = TimeSpan.FromSeconds(20), Clock = new AccurateClock(), IssuedAtClockTolerance = TimeSpan.FromSeconds(20) }).Result; if (payload.Audience.ToString() != _config["GoogleAud:secrete"].ToString()) { return(NotFound(new { message = "Somethong wen wrong" })); } var user = await Authenticate(payload); var tokenString = BuildToken(user); return(Ok(new { token = tokenString })); } catch (Exception ex) { Logger.LogError(ex); return(NotFound(new { message = "Somethong wen wrong" })); } }
public async Task<UserDto> Post(UserDto userDto) { // todo: //var settings = new GoogleJsonWebSignature.ValidationSettings //{ // HostedDomain = "http://localhost:4200" //}; bool valid = false; try { if (userDto.socialProvider == "GOOGLE") { var validPayload = await GoogleJsonWebSignature.ValidateAsync(Request.Headers["Authorization"]); // todo: more validation? valid = validPayload != null; } if (userDto.socialProvider == "FACEBOOK") { valid = await ValidateFacebookJwt(Request.Headers["Authorization"]); } } catch (Exception exc) { logger.LogError(exc.ToString()); } if (!valid) return null; return GetOrCreateLogin(userDto); }
public async Task <IActionResult> GoogleAuth([FromBody] GoogleAuthDTO auth) { try { var payload = await GoogleJsonWebSignature.ValidateAsync(auth.TokenId, new GoogleJsonWebSignature.ValidationSettings() { Audience = new [] { _configuration.GetSection("Authentication:Google")["ClientId"] } }); var connectedUser = (await _repository.ListAsync(new UserByGoogleIdSpecification(payload.Subject))).SingleOrDefault(); if (connectedUser is null) { connectedUser = await _repository.AddAsync(new User() { FirstName = payload.GivenName, LastName = payload.FamilyName, GoogleId = payload.Subject, ImageUrl = payload.Picture, Email = payload.Email }); } return(Ok(_mapper.Map <User, UserDTO>(connectedUser))); } catch { return(StatusCode(403, "Google token id isn't valid")); } }
public async Task <ActionResult> StudentLogin() { // The user is already authenticated, so this call won't // trigger login, but it allows us to access token related values. AuthenticateResult auth = await HttpContext.AuthenticateAsync(); string idToken = auth.Properties.GetTokenValue(OpenIdConnectParameterNames.IdToken); try { // Verify the current user logging in with Google server // if the ID is invalid, an exception is thrown Payload currentUser = await GoogleJsonWebSignature.ValidateAsync(idToken); string userName = currentUser.Name; string eMail = currentUser.Email; HttpContext.Session.SetString("LoginID", userName + " / " + eMail); HttpContext.Session.SetString("Role", "Student"); HttpContext.Session.SetString("LoginTime", DateTime.Now.ToString()); // dd-MMM-yy HH:mm:ss tt return(RedirectToAction("Index", "Book")); } catch (Exception e) { // Token ID is may be tempered with, force user to logout return(RedirectToAction("LogOut")); } }
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { validatedToken = null; var clientId = Environment.GetEnvironmentVariable("GOOGLE_CLIENT_ID"); var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings { Audience = new[] { clientId } }).Result; var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, payload.Name), new Claim(ClaimTypes.Name, payload.Name), new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName), new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName), new Claim(JwtRegisteredClaimNames.Email, payload.Email), new Claim(JwtRegisteredClaimNames.Sub, payload.Subject), new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer) }; try { var principle = new ClaimsPrincipal(new ClaimsIdentity(claims, "Bearer")); return(principle); } catch (Exception e) { throw new ApiException(this.apiResultService.InternalServerErrorResult(e)); } }
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { //TODO clean up https://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/ validatedToken = null; var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings()).Result; var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, payload.Name), new Claim(ClaimTypes.Name, payload.Name), new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName), new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName), new Claim(JwtRegisteredClaimNames.Email, payload.Email), new Claim(JwtRegisteredClaimNames.Sub, payload.Subject), new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer), }; try { var principle = new ClaimsPrincipal(); principle.AddIdentity(new ClaimsIdentity(claims, "Password")); return(principle); } catch (Exception e) { Console.WriteLine(e); throw; } }
public async Task <IActionResult> Google([FromBody] UserView userView) { var payload = GoogleJsonWebSignature.ValidateAsync(userView.tokenId, new GoogleJsonWebSignature.ValidationSettings()).Result; var userExisting = _userService.GetByEmail(payload.Email); if (userExisting == null && !string.IsNullOrEmpty(payload.Email)) { var user = _mapper.Map <UserView, UserDTO>(userView); user.Email = payload.Email; user.EmailConfirmed = true; user.Name = payload.Name; await _userService.Create(user); } var result = _authService.AuthenticateGoogleFacebookUser(payload.Email); if (!result.Successed) { return(BadRequest(result.Message)); } var userInfo = _mapper.Map <UserInfo>(_userService.GetByEmail(payload.Email)); userInfo.Token = result.Message; return(Ok(userInfo)); }
public async Task <IActionResult> TokenSignin([FromBody] string idToken) { try { var payload = await GoogleJsonWebSignature.ValidateAsync(idToken); var userEmail = payload.Email; if (!await _userManager.IsRegisteredAsync(userEmail)) { await _userManager.RegisterNewAsync(new User { UserName = payload.Name, Email = userEmail }); } var userClaims = await GetClaims(payload.Email, payload.Picture); var token = GenerateJwtSecurityToken(userClaims); return(Ok(new { token = token.TokenString, expiration = token.Expiration, success = true })); } catch (InvalidJwtException e) { return(BadRequest(e.Message)); } }
public async Task <IActionResult> RunAsync( [HttpTrigger(AuthorizationLevel.Anonymous, "delete", Route = "timeEntries")] HttpRequest req, ILogger log) { if (!req.Headers.ContainsKey("auth")) { return(new BadRequestObjectResult("Missing auth header")); } try { var validPayload = await GoogleJsonWebSignature.ValidateAsync(req.Headers["auth"]); var timeString = req.Query["dateTime"]; var date = DateTime.Parse(timeString); var keyId = req.Query["key"]; var times = await _timeEntryService.DeleteTimeEntry(validPayload.Email, date, keyId); return(new OkObjectResult(times)); } catch (InvalidJwtException ex) { log.LogError(ex.ToString()); return(new UnauthorizedResult()); } }
public async Task <ExternalLoginInfo> LoginFromModel(ExternalLoginModel model) { try { await GoogleJsonWebSignature.ValidateAsync(model.IdToken, new GoogleJsonWebSignature.ValidationSettings { ExpirationTimeClockTolerance = TimeSpan.FromSeconds(30) }); } catch (Exception ex) { throw new ExternalLoginException($"Google authentication failed: {ex.Message}", ex); } var tokenInfoReq = new Oauth2Service.TokeninfoRequest(_oauth2Service) { IdToken = model.IdToken }; var tokenInfo = await tokenInfoReq.ExecuteAsync(); return(new ExternalLoginInfo { Provider = this, UserId = tokenInfo.UserId, UserEmail = tokenInfo.Email }); }
public async Task <IActionResult> ExternalLogin([FromBody] UserExternalLoginRequest request) { if (ModelState.IsValid) { try { var tokenIsValid = await GoogleJsonWebSignature.ValidateAsync( request.Token, new GoogleJsonWebSignature.ValidationSettings() { ForceGoogleCertRefresh = true, Audience = new string[] { _configuration["googleclientid"] } }); var googleToken = new JwtSecurityTokenHandler().ReadJwtToken(request.Token); var email = googleToken.Claims.First(c => c.Type == "email").Value; var user = await _userManager.FindByEmailAsync(email); if (user != null) { await _signInManager.SignInAsync(user, false); var token = await GenerateToken(email, user); return(Ok(new { token })); } } catch (InvalidJwtException ex) { ModelState.AddModelError("token", "Token is not valid Google Apps token"); } } return(BadRequest(ModelState.Values.SelectMany(e => e.Errors))); }
public async Task CreateOrFindAndLoginUser(string idToken) { var validPayload = await GoogleJsonWebSignature.ValidateAsync(idToken); var user = await _userManager.FindByEmailAsync(validPayload.Email); if (user != null) { await _signInManager.SignInAsync(user, true); } var newUser = new ApplicationUser { EmailConfirmed = true, Email = validPayload.Email, UserName = validPayload.Name.Replace(' ', '_'), Name = validPayload.Name, Currency = "$" }; var userCreated = await _userManager.CreateAsync(newUser); if (userCreated.Succeeded) { await _signInManager.SignInAsync(newUser, true); } else { throw new UserCreationException(); } }
public override async Task <ExternAuthUser> GetUserInfoAsync(string token) { // Get user information //var googleUser = await WebClient.RequestAsync<GoogleUser>(new WebRequestContext() //{ // MethodType = WebMethodType.GET, // BaseUrl = UserInfoUrl, // QueryParamGroup = "id_token={id_token}", // QueryParamData = new { id_token = token }, //}); var validPayload = await GoogleJsonWebSignature.ValidateAsync(token); if (validPayload == null) { return(null); } return(new ExternAuthUser { SNSProvider = SNSProviderType.Google, Id = Singleton.Get <CryptoFacade>().SHA_256.ComputeHash(validPayload.Subject), Email = validPayload.Email, FirstName = validPayload.GivenName, LastName = validPayload.FamilyName, PictureUrl = validPayload.Picture, }); #endregion Implement Abstract Method }
public async Task <ActionResult> GoogleLogin(string id_token) { GoogleJsonWebSignature.Payload payload = null; try { payload = await GoogleJsonWebSignature.ValidateAsync(id_token, GoogleValidationSetting); } catch (Google.Apis.Auth.InvalidJwtException ex) { return(Content($"Google.Apis.Auth.InvalidJwtException: { ex.Message}")); } catch (Newtonsoft.Json.JsonReaderException ex) { return(Content($"Newtonsoft.Json.JsonReaderException: {ex.Message}")); } catch (Exception ex) { return(Content($"Exception: {ex.Message}")); } if (payload == null) { return(null); } string email = payload.Email; if (_dbContext.Users.Where(u => u.Email == email).Any()) // if 使用者已存在 { return(Content(Url.Action("Index", "Users"))); } return(Content(Url.Action("Register", routeValues: new { email = email }))); }
public async Task <IActionResult> Google([FromBody] UserView userView) { try { var payload = GoogleJsonWebSignature.ValidateAsync(userView.tokenId, new GoogleJsonWebSignature.ValidationSettings()).Result; var user = await _authService.Authenticate(payload); SimpleLogger.Log(payload.ExpirationTimeSeconds.ToString()); var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, Security.Encrypt(AppSettings.appSettings.JwtEmailEncryption, user.email)), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), }; var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(AppSettings.appSettings.JwtSecret)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken(String.Empty, String.Empty, claims, expires: DateTime.Now.AddSeconds(55 * 60), signingCredentials: creds); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token) })); } catch (Exception ex) { Helpers.SimpleLogger.Log(ex); BadRequest(ex.Message); } return(BadRequest()); }
public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "timeEntries")] HttpRequest req, ILogger log) { if (!req.Headers.ContainsKey("auth")) { return(new BadRequestObjectResult("Missing auth header")); } try { var validPayload = await GoogleJsonWebSignature.ValidateAsync(req.Headers["auth"]); if (!req.Query.ContainsKey("startDate") || !req.Query.ContainsKey("endDate")) { return(new BadRequestObjectResult("Query params missing, must pass startDate and endDate")); } var startDate = DateTime.Parse(req.Query["startDate"]); var endDate = DateTime.Parse(req.Query["endDate"]); var times = await _timeEntryService.GetTimes(validPayload.Email, startDate, endDate); return(new OkObjectResult(times)); } catch (InvalidJwtException ex) { log.LogError(ex.ToString()); return(new UnauthorizedResult()); } }
public async Task <IronToken> Login(UserGoogle user) { var googlePublicKey = _configuration["Google:PublicKey"]; var userValidPayload = await GoogleJsonWebSignature.ValidateAsync(user.TokenGoogle, new GoogleJsonWebSignature.ValidationSettings() { Audience = new string[] { googlePublicKey } }); var userBd = await _unitOfWork.Users.GetByEmail(userValidPayload.Email); if (userBd != null) { if (!userBd.GoogleAuth) { throw new ValidationException($"User { userValidPayload.Email } was created with default authentication. Use email and Password"); } } else { var profilePicture = await _fileService.DownloadAndSaveFromUrl(userValidPayload.Picture); userBd = new User(userValidPayload.Name, userValidPayload.Email, AuthConstants.UserGoogle_FakePassword, eRole.Employee, true); if (profilePicture.Success) { userBd.SetProfilePicture(profilePicture.FileName); } await Register(userBd); } return(_tokenService.Generate(userBd)); }
public async Task <IActionResult> Google([FromBody] GoogleAuthModel model) { Log.Information("userView = " + model.tokenId); GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(model.tokenId, new GoogleJsonWebSignature.ValidationSettings()); var authRequest = new AuthentificateRequestGoogle() { User = payload, GroupId = model.GroupId }; var authResult = await _userSerice.AuthentificateWithGoogle(authRequest, ipAddress()); if (authResult == null) { return(BadRequest("Group is not match user group!")); } setTokenCookie(authResult.RefreshToken); return(Ok(new AuthentificateDto { Id = authResult.Student.Id, Group = authResult.Student.Group.Group_Name, Username = authResult.Student.Username, FirstName = authResult.Student.FirstName, LastName = authResult.Student.LastName, Token = authResult.JwtToken, RefreshToken = authResult.RefreshToken })); }
public async Task <IActionResult> AdminAuthenticate([FromBody] Token token) { TimeZoneInfo zone = TimeZoneInfo.FindSystemTimeZoneById("SE Asia Standard Time"); DateTime dateTime = TimeZoneInfo.ConvertTime(DateTime.Now, zone); try { GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(token._Token); var admin = await _adminService.AuthenticateAsync(token._Token); //there is admin account return back to this function //if there is admin return to this function if (admin != null) { Log.Information("Admin access {name}., {DateTime}.", admin.Name, dateTime); return(Ok(admin.Token)); } // there is no admin return to this function else { Log.Information("Access Denied {DateTime}.", dateTime); return(BadRequest("Access Denied.")); } } catch { //error Log.Information("Error Admin Authentication"); return(NotFound("Error Admin Authentication")); } }
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { validatedToken = null; try { var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings() { Audience = new[] { _clientId } }).Result; // here is where I delegate to Google to validate var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, payload.Name), new Claim(ClaimTypes.Name, payload.Name), new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName), new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName), new Claim(JwtRegisteredClaimNames.Email, payload.Email), new Claim(JwtRegisteredClaimNames.Sub, payload.Subject), new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer), }; var principle = new ClaimsPrincipal(); principle.AddIdentity(new ClaimsIdentity(claims, JwtBearerDefaults.AuthenticationScheme)); return(principle); } catch (Exception e) { throw; } }
public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "timeEntries")] HttpRequest req, ILogger log) { if (!req.Headers.ContainsKey("auth")) { return(new BadRequestObjectResult("Missing auth header")); } try { var validPayload = await GoogleJsonWebSignature.ValidateAsync(req.Headers["auth"]); string data = await req.ReadAsStringAsync(); var timeEntryCreationRequest = JsonConvert.DeserializeObject <TimeEntryDto>(data); await _timeEntryService.InsertEntry(validPayload.Email, timeEntryCreationRequest); return(new OkResult()); } catch (InvalidJwtException ex) { log.LogError(ex.ToString()); return(new UnauthorizedResult()); } }
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { validatedToken = null; var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings()).Result; // here is where I delegate to Google to validate var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, payload.Name), new Claim(ClaimTypes.Name, payload.Name), new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName), new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName), new Claim(JwtRegisteredClaimNames.Email, payload.Email), new Claim(JwtRegisteredClaimNames.Sub, payload.Subject), new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer), }; try { var principle = new ClaimsPrincipal(); principle.AddIdentity(new ClaimsIdentity(claims, "jwt-google")); return(principle); } catch (Exception e) { Console.WriteLine(e); throw; } }
public IActionResult authgoogle([FromBody] string googleTokenID) { Console.WriteLine("api/auth/authgoogle"); try { var payload = GoogleJsonWebSignature.ValidateAsync(googleTokenID, new GoogleJsonWebSignature.ValidationSettings()).Result; Auth_UserModel user = new Auth_UserModel(); user.email = payload.Email; user.firstname = payload.GivenName; user.lastname = payload.FamilyName; user.googleSubjectID = payload.Subject; user.profileImageUrl = payload.Picture; // login or create account user = _authAction.LoginUsingGoogle(user); if (UpdateToken(user.userID)) { return(Ok("Successfully logged in to your account!")); } else { return(StatusCode(500, "something went wrong")); } } catch (Exception) { return(StatusCode(405, "Something went wrong")); } }