public async Task <IActionResult> LoginViaGoogleCallbackAsync()
{
var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
if (result?.Succeeded != true || result.Principal == null)
{
throw new InvalidOperationException("External authentication error");
}
var externalUser = new GoogleClaims(result.Principal);
externalUser.HasEmailOrFail();
// use externalProvider and externalUserId to find your user, or provision a new user
User user = await _userIdentityService.UserByEmailOrCreateAsync(externalUser);
await _signInManager.SignInAsync(user, true);
await _events.RaiseAsync(new UserLoginSuccessEvent(
username : user.UserName,
subjectId : user.Id.ToString(),
name : user.UserName));
// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
var returnUrl = result.Properties.Items["returnUrl"];
if (string.IsNullOrEmpty(returnUrl))
{
returnUrl = Url.Action("Index", "Home");
}
return(Redirect(returnUrl));
}
public async Task <Database.Models.User> UserByEmailOrCreateAsync(GoogleClaims claimsUser)
{
claimsUser.ThrowIfNull(nameof(claimsUser));
Database.Models.User user =
await ByEmailOrNullAsync(claimsUser.Email) ??
await CreateUserAsync(claimsUser);
return(user);
}
// public is for test purposes.
public async Task <Database.Models.User> CreateUserAsync(GoogleClaims claimsUser)
{
_emailDomainValidatorService.Validate(claimsUser.Email);
Role userRole = await ChooseUserRoleAsync();
var user = new Database.Models.User(
firstName: claimsUser.GivenName,
lastName: claimsUser.Surname,
email: claimsUser.Email,
role: userRole,
emailConfirmed: true);
claimsUser = claimsUser.ReadUser(user);
IdentityResult createUserResult = await _userManager.CreateAsync(user);
if (!createUserResult.Succeeded)
{
throw CreateException($"Cannot create new user '{claimsUser.Email}'\r\n", createUserResult);
}
string role = userRole.ToString();
IdentityResult roleAddingResult = await _userManager.AddToRoleAsync(user, role);
if (!roleAddingResult.Succeeded)
{
throw CreateException($"Cannot add role '{role}' to user '{claimsUser.Email}'\r\n", roleAddingResult);
}
IdentityResult claimsAddingResult = await _userManager.AddClaimsAsync(user, claimsUser);
if (!claimsAddingResult.Succeeded)
{
throw CreateException($"Cannot add claims to user '{claimsUser.Email}'\r\n", claimsAddingResult);
}
return(user);
}
