β OAuth (3-layer architecture app)
Hi, I'm a student at a university and we need to create an application that, among other things, implements an OAuth via Google, for example.
My problem is that I don't know where and how to manage this OAuth because I have a front-end written in Vue 3 and a REST API made with ASP.NET Core (.NET 6) and Identity.
Should I delegate this part to the front-end or to the REST API? Because from what I understood, I need to get a token that I'll exchange with the REST API, which will then contact Google to retrieve the user's information.
14 Replies
In your backend, for sure
Auth0 - Blog
Backend For Frontend Authentication Pattern with Auth0 and ASP.NET ...
Understand the Backend For Frontend authentication pattern and how it can be implemented in ASP.NET with Auth0.
this blog article should prove very helpful to you π
Since you said you are using Identity, there are a few questions thou. You can either fully support logging in with a google account and not track those users in Identity at all, or logging in via google is done to then create a "local" user in your identity store, saying" oh btw this user is from a google account". You'd then update that user record every time the user logged in.
this second approach is useful if you need to add non-default data to the user, like permissions in your app etc
Thanks for your reply. ππ» I'd like users to be able to authenticate via Google and for this to create a local Identity user (by extracting the last name, first name and email address from Google). If the account already exists, this would add the Google token to the AspNetUserLogins.
Aussi, je n'utilise pas du tout les cookies mais un système d'authentification JWT
Not sure why you decided to switch to french, but okay :d
I get the idea thou, you're using JWT and not cookies. thats fine
Sorry, I'm a bit tired π I was specifying that I was using JWT Bearer Scheme
how I envision this to work would be that you have a "log in with google" button in your frontend. This goes to your backend, to a specific route that makes a challenge to google (probably via a redirect with a return url). The user logs in, and you're sent back to your backend with a valid session ID/token
You use this token to get the data from google (claims, identity, whatever) and search your own database for an existing user
if you find a user, great, you update any details that were different from the token, then log the user in and give them a JWT of your creation
if you dont, you create one, and log the user in with a newly created JWT
this is important because you want your JWT to include the relevant data from your system, so you cant just use a google provided JWT directly
So I just need to add a "link/button" on my front-end with a redirect_uri parameter that would redirect the user to /auth/external or /auth/google after the Google auth screen
Then, I'd get a token from the query string that I should use to contact Google to asks info and then log in or register my user
the green box does a lot of work, but yeah
thats the basic flow
Okay, thank you a lot
On the /login/google/success endpoint, I should return a Redirect to the homepage of my front end app, does that sounds right?
yeah
Okay, thanks! I can now see how I can achieve this, thank you a lot
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.