4

I'm trying to do OAuth2 using Azure hosted web apps, and I can't use service accounts (there is a number of solutions available here, but they all stick to service accounts/certs), while I need the user to authenticate and authorize by Google.

Code:

var credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
    new ClientSecrets { ClientId = _clientId, ClientSecret = _clientSecret },
    scopes,
    User.Identity.Name,
    CancellationToken.None,
    new FileDataStore("GA.Auth.Store")) /* tried this to be null as well */
    .Result;

var service = new AnalyticsService(
    new BaseClientService.Initializer()
    {
        HttpClientInitializer = credential,
        ApplicationName = "Analytics API Sample"
    });

It works locally but gives this exception when deployed as an Azure web app:

[HttpListenerException (0x5): Access is denied]
Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +82
Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task) +76
Google.Apis.Auth.OAuth2.<AuthorizeAsync>d__1.MoveNext() +233

I am guessing that GoogleWebAuthorizationBroker.AuthorizeAsync is trying to establish an http listener which is not (?) possible within Azure web apps.

I tried using Azure web apps authentication. This does authenticate user, but how can I retrieve the authenticated user to authorize him against Google?

BTW: Because I need GA Real-Time, I am stuck with GA Reporting v3 library.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Dmitry
  • 792
  • 3
  • 17
  • I wanner know you how to set the google authorization on Azure website? Could you refer to this document(https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-google-authentication/) – Will Shao - MSFT Jul 26 '16 at 09:03
  • Yeah, using New Interface of Azure, navigate to App settings and select Authentication / Authorisation... – Dmitry Jul 28 '16 at 23:23
  • I guess the program works locally because you run it with Administrator priviledges, which are not available with Azure hosting... Anyway were you able to find the solution for this issue? – AntonK May 26 '17 at 19:59

1 Answers1

0

GoogleWebAuthorizationBroker.AuthorizeAsync is designed for installed applications it will not work hosted as it will attempt to open the web browser window for consent on the server.

You should be following the web example.

public void ConfigureServices(IServiceCollection services)
{
    ...

    // This configures Google.Apis.Auth.AspNetCore3 for use in this app.
    services
        .AddAuthentication(o =>
        {
            // This forces challenge results to be handled by Google OpenID Handler, so there's no
            // need to add an AccountController that emits challenges for Login.
            o.DefaultChallengeScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
            // This forces forbid results to be handled by Google OpenID Handler, which checks if
            // extra scopes are required and does automatic incremental auth.
            o.DefaultForbidScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
            // Default scheme that will handle everything else.
            // Once a user is authenticated, the OAuth2 token info is stored in cookies.
            o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddGoogleOpenIdConnect(options =>
        {
            options.ClientId = {YOUR_CLIENT_ID};
            options.ClientSecret = {YOUR_CLIENT_SECRET};
        });
}
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449