SimpleAuthentication stopped working when I added forms Auth, any ideas?

[fschwiet]

Maybe I should ask in StackOverflow, as I haven't really narrowed down the issue. I saw discussion in the issues AuthenticationProviderFactory registration, that may be related.

I've been using Google OAuth with SimpleAuthentication for awhile without problem. I finally went and added forms support. But then Google OAuth doesn't work, I am seeing the below exception. I do not know what the issue is. I later went back and reverted the forms changes to verify google auth works (to verify the google API secret key was still working).

After adding Forms auth, I see an exception:

Message: "Failed to obtain some UserInfo data from the Google Api OR the the response was not an HTTP Status 200 OK. Response Status: Forbidden. Response Description: Forbidden. Error Message: --no error exception--."

at SimpleAuthentication.Core.Providers.GoogleProvider.RetrieveUserInformation(AccessToken accessToken)
at SimpleAuthentication.Core.Providers.BaseOAuth20Provider`1.AuthenticateClient(NameValueCollection queryStringParameters, String state, Uri callbackUri)
at Nancy.SimpleAuthentication.SimpleAuthenticationModule.AuthenticateCallback()

This is my auth configuration with the change to support Forms auth:

public class AuthenticationConfiguration
{
    static readonly string GoogleApiKey = System.Configuration.ConfigurationManager.AppSettings["GoogleApiKey"];
    static readonly string GoogleApiSecret = System.Configuration.ConfigurationManager.AppSettings["GoogleApiSecret"];

    public static void ForApplicationContainerConfiguration (TinyIoCContainer container)
    {
        var googleProvider = new ConfiguredGoogleOauthProvider (new ProviderParams {
            PublicApiKey = GoogleApiKey,
            SecretApiKey = GoogleApiSecret
        });
        var authenticationProviderFactory = new AuthenticationProviderFactory ();
        authenticationProviderFactory.AddProvider (googleProvider);

        container.Register<IUserMapper, UserStore> ().AsSingleton ();
        container.Register<IAuthenticationCallbackProvider> (new HayAuthenticationCallbackProvider (container.Resolve<ILoggingService> ()));
    }

    public static void ForApplicationStartup(TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
    {
        var secretCodeForCookieAuthCrypt = new compartido.ExerciseStoreReader(ExternalDataPath.Get()).GetHashForAllExercises();

        var cryptographyConfiguration = new CryptographyConfiguration(
            new RijndaelEncryptionProvider(new PassphraseKeyGenerator(secretCodeForCookieAuthCrypt, new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 })),
            new DefaultHmacProvider(new PassphraseKeyGenerator(secretCodeForCookieAuthCrypt, new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 })));

        var formsAuthConfiguration = new FormsAuthenticationConfiguration
        {
            CryptographyConfiguration = cryptographyConfiguration,
            RedirectUrl = "/login",
            UserMapper = container.Resolve<IUserMapper>(),
        };

        FormsAuthentication.Enable(pipelines, formsAuthConfiguration);
    }
}

The CryptographyConfiguration is also new, but GoogleOAuth broke before I added that so I don't think its the problem. I am concerned about AuthenticationProviderFactory. Maybe I need to add Forms in there somehow? Maybe something I did with Forms prevernts the googleProvider from being found?
There was a lot of churn in the nuget packages I am using as well, per below:

+  <package id="FluentValidation" version="6.1.0.0" targetFramework="net45" />
-  <package id="Nancy" version="1.2.0" targetFramework="net45" />
-  <package id="Nancy.Authentication.Forms" version="1.2.0" targetFramework="net45" />
+  <package id="Nancy" version="1.4.3" targetFramework="net45" />
+  <package id="Nancy.Authentication.Forms" version="1.4.1" targetFramework="net45" />
-  <package id="Nancy.Hosting.Self" version="1.2.0" targetFramework="net45" />
-  <package id="Nancy.Owin" version="1.2.0" targetFramework="net45" />
-  <package id="Nancy.SimpleAuthentication" version="0.3.14" targetFramework="net45" />
-  <package id="Nancy.Viewengines.Razor" version="1.2.0" targetFramework="net45" />
+  <package id="Nancy.Hosting.Self" version="1.4.1" targetFramework="net45" />
+  <package id="Nancy.Owin" version="1.4.1" targetFramework="net45" />
+  <package id="Nancy.SimpleAuthentication" version="0.6" targetFramework="net45" />
+  <package id="Nancy.Validation.FluentValidation" version="1.4.1" targetFramework="net45" />
+  <package id="Nancy.Viewengines.Razor" version="1.4.3" targetFramework="net45" />
-  <package id="RestSharp" version="105.1.0" targetFramework="net45" />
+  <package id="PasswordHashTool" version="1.0.0" targetFramework="net45" />
+  <package id="RestSharp" version="105.2.3" targetFramework="net45" />
-  <package id="SimpleAuthentication.Core" version="0.3.14" targetFramework="net45" />
+  <package id="SimpleAuthentication.Core" version="0.6" targetFramework="net45" />

Sorry I guess I tried to too much in one step, now I don't know where the breakage is coming from.

[PureKrome]

Ok - so there's 2 questions here..

1 - Does Forms Auth work with SA? It should...
2 - I added FA and 💩 happened. So i reverted .. but I don't think i really reverted so lets say I sorta-half-:hankey:-reverted and now I can't authenticate against Google :cry:

So .. lets me try asking a Q...

with your REVERT, did that include dropping back to your previous version of SA? v 0.3.14 ?

[phillip-haydon]

Also: http://stackoverflow.com/questions/18047615/how-do-i-manage-my-authentication-with-worlddomination-and-nancy/18059752#18059752

[fschwiet]

@PureKrome 1) Forms authentication works with the latest changes (1 commit, which includes the changes I mention in the issue). But then Google OAuth is not working.

2. When I revert the commit, including everything in the issue (auth configuration and the nuget dependency changes) then Google OAuth works again. I did this to verify my goole api keys were still working. So I don't think its a half-revert, the commit includes everything. So in particular its dropping back the version of SA from 0.6.0 to 0.3.14.

[fschwiet]

@phillip-haydon I need a rest first before I can review the SO thread properly. Maybe there is some change I need to make to move from SA 0.3.14 to 0.6.0, and that thread will have it. Thanks for now.

[fschwiet]

Here is the precommit authentication configuration, which works fine for Google OAuth using SA 0.3.14. Note that here I am calling FormsAuthentication.Enable from request startup, after the commit I am using the application startup (I'll try calling the FormsAuthentication.Enable from request and application startup to make sure that change wasn't the issue).

public class AuthenticationConfiguration
{
    static readonly string GoogleApiKey = System.Configuration.ConfigurationManager.AppSettings["GoogleApiKey"];
    static readonly string GoogleApiSecret = System.Configuration.ConfigurationManager.AppSettings["GoogleApiSecret"];

    public static void ForApplication (TinyIoCContainer container)
    {
        var googleProvider = new ConfiguredGoogleProvider (new ProviderParams {
            PublicApiKey = GoogleApiKey,
            SecretApiKey = GoogleApiSecret
        });
        var authenticationProviderFactory = new AuthenticationProviderFactory ();
        authenticationProviderFactory.AddProvider (googleProvider);
        container.Register<IUserMapper, UserStore> ().AsSingleton ();
        container.Register<IAuthenticationCallbackProvider> (new HayAuthenticationCallbackProvider (container.Resolve<ILoggingService> ()));
    }

    public static void ForRequest (TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
    {
        var formsAuthConfiguration = new FormsAuthenticationConfiguration {
            RedirectUrl = "/login",
            UserMapper = container.Resolve<IUserMapper> (),
        };
        FormsAuthentication.Enable (pipelines, formsAuthConfiguration);
    }
}

[PureKrome]

When I revert the commit, including everything in the issue (auth configuration and the nuget dependency changes) then Google OAuth works again.

I thought u said that, after you reverted then the google api was giving you that quoted Forbidden error??

[fschwiet]

Oops ok that was confusing. I tried to update the issue to clarify the exception (occuring when Google OAuth is used) is what I saw after adding Forms auth.

[fschwiet]

I was hoping the exception was a known issue on upgrade. Since its not I should break up the commit to isolate the issue.

[fschwiet]

I was able to fix things by going back from 0.6.0 to 0.3.14. The new documentation has a lot of problems (wrong nuget package name, wrong class/namespace for config section, how do I configure google provider in code?) I just couldn't work through it.

[fschwiet]

(just to be clear, forms auth and Google OAuth now work for me with 0.3.14)

[zahidmadeel]

Hi,
I am having the exact same problem and I tried reverting to version 0.3.14 but with that version, it stops fetching the AccessTokenSecret from twitter. I am lost. can anyone point me to right direction
adeel

[PureKrome]

@zahidmadeel

• Is this issue, the same as your SO question ? That SO question is about Google. Above, you said it's with Twitter?
• Can you please provide more info, like a reproducible project so I can see in depth what you're trying to do?

[zahidmadeel]

@PureKrome
The problem with twitter arises when, I revert to version 0.3.14 of SA. with that version Google auth works fine with Nancy.Authentication.Forms but this version fails to fetch AccessTokenSecret from twitter.
On the other hand if I use SA version 0.6.0, google auth fails. Updated the SO question

[PureKrome]

OK @fschwiet and @zahidmadeel

I've had a crack at trying to reproduce this error with a sample project.

This is the Sample Branch with the code i'm using to try and reproduce your google error.

The actual new project is found in Samples/Demo which is what i made to try and repo this.

ONCE AGAIN - THIS IS A BRACH, FOUND UNDER MY OWN FORKED REPO.

I can't seem to reproduce it. You can download my code (a branch, in my own fork).

What I did was the following:

• Create a new empty ASP.NET project.
• Install the nancy.hosting.aspnet dll's.
• Create some simple code. ie. setup the view and the module. add keys to web.config (but missing real data).
• Reference the Nancy.SimpleAuthentication dll (because it's local ... and easier for me to debug).
• Create a new twitter OAuth app. Grab that public/secret keys. update web.config.
• Log in against twitter. works.
• Create a new google OAuth app. Grab the public/secret keys and update web.config again.
• Log in against Google. Works.

so far so good....

• Install the nancy.whatever.forms dll
• created a dummy class which impliments IUserMapper
• update the bootstrap to EnableFormsAuthentication.
• run site. can log in with google.

NOTE:

• i'm not using your crazy crypto stuff @fschwiet . just normal forms auth settings.
• I'm not trying to log in with forms auth. just have it enababled.
• i'm not writing up any simple auth stuff. I'm letting the Nancy.SimpleAuthentication dll auto do all that for me ✨

Is there any chance I could get you guys to pull down my branch and run my code and see if it works for you. if so, can you to a mental-diff between my code and your private code (which i cannot see).

[fschwiet]

Thanks for putting the project up. I was able to run it and login with Google fine. I made some changes and didn't find the issue, there are more changes I can still try though.

[andreipet]

I had same error on retrieving user info.
In GoogleProvider.RetrieveUserInformation() the actual content from google response was:

{
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "accessNotConfigured",
    "message": "Access Not Configured. Google+ API has not been used in project xxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus/overview?project=xxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
    "extendedHelp": "https://console.developers.google.com/apis/api/plus/overview?project=xxx"
   }
  ],
  "code": 403,
  "message": "Access Not Configured. Google+ API has not been used in project xxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus/overview?project=xxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
 }
}

which was a little bit helpful than:
"Failed to obtain some UserInfo data from the Google Api OR the the response was not an HTTP Status 200 OK. Response Status: Forbidden. Response Description: Forbidden...."

After enabling Google+ Api everything was fine.

Another remark is that 0.3.14 package is working without Google+ Api enabled (retrieving user info and no exception).
I've seen same behavior on demo sample in the branch for this issue.

I don't think that it is related to forms auth.

Thank you.

[farzonl]

I had a similar issue when writing my flask app

your issue is with the GoogleProvider constructor

protected GoogleProvider (string name, ProviderParams providerParams) : base (name, providerParams)
{
    base.AuthenticateRedirectionUrl = new Uri ("https://accounts.google.com/o/oauth2/auth");
}

the URi needs to be https://accounts.google.com/o/oauth2/v2/auth . in case it changes again you should populate from https://accounts.google.com/.well-known/openid-configuration

this is my workaround

var googleProvider = new GoogleProvider(new ProviderParams { PublicApiKey = m_Google.id, SecretApiKey = m_Google.secret });
            googleProvider.AuthenticateRedirectionUrl = new System.Uri("https://accounts.google.com/o/oauth2/v2/auth");
var authenticationProviderFactory = new AuthenticationProviderFactory();
            authenticationProviderFactory.AddProvider(googleProvider);

Also you only get your users email if you don't have google+ enabled in your google api dashboard. to get the display name make sure to enable google+.