When our website was mywebsite.azurewebsites.net, Google ouath worked fine.
However, now when we added a domain in Azure Portal to map to the website, when the same user logs in using google oauth it doesn't recognise it and asks to register. On register it throws a error saying user already exists.
Not sure what has changed since we added a domain to our website.
If you update to the latest Microsoft.Owin.Security.Google nuget package (v2.1.0), you will get new overloads for app.UseGoogleAuthentication, which allow you to specify the clientId and clientSecret. Using the same values for both will ensure that you get consistent providerKey values which will then map to the correct user from multiple endpoints. I use this so that I can share logins between www.example.com and api.example.com. For example, every Startup.Auth.cs should contain the same fragment:
var googleOAuth2AuthenticationOptions = new GoogleOAuth2AuthenticationOptions
{
ClientId = "999999999999-99999999999999999999999999999999999.apps.googleusercontent.com",
ClientSecret = "XxX-zzzzzzzzzzzzzzzz",
CallbackPath = new PathString("/Account/LoginCallback/"),
};
// restrict the retrieved information to just signin information
googleOAuth2AuthenticationOptions.Scope.Add("openid");
app.UseGoogleAuthentication(googleOAuth2AuthenticationOptions);
I would also recommend consulting this related question regarding the "openid" option: ASP.Net Identity provider requesting too much info.
Also, be aware that you have to use console.developers.google.com to configure a single Google clientId and clientSecret to recognize all of your redirect URIs. That means that every hostname/port combination plus /Account/LoginCallback/ needs to be listed.
When you authenticate somebody using Google, among other things you get 2 things back from Google: 1) A user identifier which is some cryptic string and 2) user's email address or name. Now this user identifier is different for each site so if I login using my Google account in site A I get some identifier however if I login using my Google account in site B, I get a different identifier back.
Please check how this identifier is wired into your registration engine. Because you changed the domain name, same user who tries to login would get a different identifier. If the registration engine is checking this first to see if the user is a registered user or not, because the identifier is different, it will indicate that the user is not registered and thus redirect the user to the registration page. Now if the registration engine checks for the user's email (which will be the same in both cases) for duplicate registration, then it will throw the error which you're getting currently.
I may be completely wrong here because I haven't looked at the code. If so, please let me know and I will remove this answer.
UPDATE
So I had a chance to play with this and it is indeed the issue with the identifier. I started by creating a simple MVC app in VS 2013 and enabled Google authentication there. I let the application run on its default port. I went to Google, got myself authenticated and got redirected to the application. As expected, it asked me to register which I did.
Then I changed the port on which the application is running (earlier it was running on 50902 and I changed it to run on 50903). When the application ran, I clicked login and chose Google again. As expected it redirected it me to Google's site and I authenticated myself there. However when I got redirected back to application, it asked me to register again. The registration box was pre filled with my name. When I clicked submit, I got the message Username already taken (which is the issue you were facing).
Then I looked into the application database especially AspNetUserLogins table and found these two entries:
Now the 1st entry is when the application ran on port 50902 and the second one is when it ran on 50903. As you can see from the screenshots, Google returned different ProviderKey.
and here's the screenshot from AspNetUsers table:
As you can see, I had to change the username for the 2nd entry from GauravMantri to GauravMantri1 as the 1st username was already taken even though both times I logged into Google using same account.
