Click here to Skip to main content
15,663,033 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
So first I will briefly explain what I'm trying to achieve.

Use case would be that user can from mobile app or SPA register using Google or Facebook on my app, and login later on and use all app has to offer.

I'm using .NET Core 2.2 as RESTful WEBAPI app with IdentityServer.
There's a mobile and SPA app to consume api.

From my view of understanding of REST based apis, client should send some token for every request to be authenticated?

I have implemented logic for Google acc registration/login using
, but I cant wrap my head around middleware that will authenticate each request.

I'm also getting used to .NET Core, forgive my lack of knowledge.

P.S. I have feeling I'm doing something very wrong here.

What I have tried:

Here's my signin logic using google.

I'm sending idToken from client to api, where its being validated annd all client info saved if its not already.

[Route ("signin-google")]
public async Task<IActionResult> GoogleSignIn ([FromQuery] string token) {
    if (token == null) {
        return BadRequest (new { message = "Derp! You have to provide a token!" });

    var settings = new GoogleJsonWebSignature.ValidationSettings () { Audience = new List<string> () { "" } };
    GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync (token, settings);

    var result = await _signInManager.ExternalLoginSignInAsync (payload.Issuer, payload.JwtId, isPersistent : false);

    if (!result.Succeeded) {
        ApplicationUser user = new ApplicationUser () {
            Email = payload.Email,
            Firstname = payload.GivenName,
            Lastname = payload.FamilyName,
            PictureLink = payload.Picture,
            UserName = payload.Email,

        UserLoginInfo userLogin = new UserLoginInfo (payload.Issuer, payload.JwtId, payload.Name);

        await _userManager.CreateAsync (user);
        await _userManager.AddLoginAsync (user, userLogin);
        await _signInManager.SignInAsync (user, isPersistent : false);
        return Ok (userLogin.ProviderKey);
    return Ok (payload.JwtId);
Updated 3-Mar-19 6:26am

1 solution

Here is the link to the documentation from IdentityServer on how to include Google Auth into your .Net Core middleware.

Code snippet below:

    .AddGoogle("Google", options =>
        options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

        options.ClientId = "<insert here>";
        options.ClientSecret = "<insert here>";
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900