C
C#4mo ago
Jelles

Google Auth invalid OAuth state

I've encountered an issue with Google Authentication in my application. Initially, I realized I was missing @rendermode, which was causing updates to fail. However, I'm now facing a problem with identity authentication. When attempting to integrate Google Auth, I keep receiving the following error upon redirection to my backend: 
AuthenticationFailureException: The oauth state was missing or invalid.
AuthenticationFailureException: The oauth state was missing or invalid.
Despite the error, I can see that the g_csrf_token is being set in the cookies (e.g., g_csrf_token: xxxxxxxx). I've already configured the endpoints in the Google Console. Here are the relevant parts of my setup: Backend (Startup.cs): Pastebin Link
Frontend (Startup.cs): Pastebin Link Google Sign-In Button: 
<script src="https://accounts.google.com/gsi/client" async></script>

<div id="g_id_onload"
     data-client_id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
     data-login_uri="http://localhost:5083/signin-google"
     data-auto_prompt="false" class="rounded-xl">
</div>
<div class="flex flex-col w-full items-center">
  <div class="g_id_signin"
      data-type="standard"
      data-size="large"
      data-theme="outline"
      data-text="sign_in_with"
      data-shape="rectangular"
      data-logo_alignment="left">
  </div>  
</div>
<script src="https://accounts.google.com/gsi/client" async></script>

<div id="g_id_onload"
     data-client_id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
     data-login_uri="http://localhost:5083/signin-google"
     data-auto_prompt="false" class="rounded-xl">
</div>
<div class="flex flex-col w-full items-center">
  <div class="g_id_signin"
      data-type="standard"
      data-size="large"
      data-theme="outline"
      data-text="sign_in_with"
      data-shape="rectangular"
      data-logo_alignment="left">
  </div>  
</div>
Could you help me troubleshoot why the OAuth state might be missing or invalid? Any suggestions on how to resolve this issue would be greatly appreciated!
12 Replies
Jelles
JellesOP4mo ago
I am not too sure what the line: options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; is and if it's required. Same goes for options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; Full error: 
Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.
 ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: The oauth state was missing or invalid.
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.
 ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: The oauth state was missing or invalid.
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
Bladesfist
Bladesfist4mo ago
Do you have a query parameter called state when you hit the Authorize endpoint?
Bladesfist
Bladesfist4mo ago
Take a look at this https://auth0.com/docs/authenticate/protocols/oauth
Auth0 Docs
OAuth 2.0 Authorization Framework
Learn how Auth0 works with the OAuth 2.0 Authorization Framework.
Bladesfist
Bladesfist4mo ago
The code you've posted doesn't really show the login process at all afaict so it's hard to provide anything more than generic OAuth advice
Jelles
JellesOP4mo ago
I don't have much other logic I installed identity and google auth that provides that end points and implementation. What excatly should I show? Here is my repo: https://github.com/Jelles/SchedulerBackend
No description
Jelles
JellesOP4mo ago
This is my first time implementing OAuth so I am not experienced at all. I will read the link you send see how far I can get
Bladesfist
Bladesfist4mo ago
What do you mean by identity? Asp.NetCore.Identity or IdentityServer?
Jelles
JellesOP4mo ago
First one
Bladesfist
Bladesfist4mo ago
Ah, in that case I'll back out as I don't have much experience with the built in bits
Jelles
JellesOP4mo ago
Bladesfist
Bladesfist4mo ago
This problem looks similar, not sure if it helps you? https://github.com/dotnet/aspnetcore/issues/22125
GitHub
The oauth state was missing or invalid. Unknown location · Issue #...
I created simple ASP.NET Core 3 Web API application. I added new external login oauth provider (let it be Google) and nothing else. Also I created related oauth account that contains my app setting...
Jelles
JellesOP4mo ago
I will take a look at that also found this https://github.com/dotnet/AspNetCore.Docs/issues/14169
Want results from more Discord servers?
Add your server