Skip to content

Google Sign-In for ASP.NET Core Web APIs

There is a lot of tutorials that show how to integrate Google Sign-In in your website, but only a handful show how to integrate it in a REST API.
Today I’ll be showing how you can add Google Sign-In and still manage users in your back-end.

Overview

Here’s a sequence diagram showing how it all works:

Google Sign-In - Sequence Diagram
Google Sign-In – Sequence Diagram

Here are the steps:

  1. The client sends a login request to Google, using the login window (pop-up).
  2. Google responds with an id_token and some user information.
  3. The client sends the id_token to the back-end server.
  4. The back-end server validates the token and gets the user information from it.
  5. Create a user and link the external login to it.
    • If a user already exists with the email address, link directly to him.
    • If the external login is already linked to a user, skip this step.
  6. Send a response to the client.
    • If the response is a success, send a JWT token generated from your back-end for the user to use in all his next requests.

You can also refer to the official guide from Google: Authenticate with a backend server.

Getting the id_token from our client

In order to make it possible for the client to use Google’s login window, we’ll have to use their SDK gapi.

If you’re using a framework instead of plain javascript, there are libraries that make this process easier, for instance:

Next, we will send the id_token to our back-end server:

Integrating Google Sign-In in our server

I explain this process using ASP.NET Core but it applies to whatever language/framework you’re using.

Firstly, we’ll have an action (route) to receive the token:

Secondly, we’ll validate the received token using Google’s Auth API for .NET.
To install it, you can use the Package Manager: Install-Package Google.Apis.Auth -Version 1.41.1

If you require users to have confirmed emails, Google’s paypload contains an EmailVerified property that you can check.

Thirdly, we’ll get the user linked to this login attempt (or create it if needed):

Lastly, we’ll generate a JWT token:

Putting everything together gives us:

I highly recommend putting this in a service or a handler.

Conclusion

In conclusion, integrating Google (or any other provider in that matter) into your sign in/up flow is easier than you think. We saw how to show the user Google’s login window, and, after validating the token in our back-end, link a user entry from our database to that login for future use.
I hope you enjoyed this post!

Published inASP.NET Core

Leave a Reply

avatar
  Subscribe  
Notify of