diff --git a/aspnetcore/security/authentication/social/additional-claims.md b/aspnetcore/security/authentication/social/additional-claims.md index c644d69d74a1..265a28d54184 100644 --- a/aspnetcore/security/authentication/social/additional-claims.md +++ b/aspnetcore/security/authentication/social/additional-claims.md @@ -46,7 +46,7 @@ Specify the list of permissions to retrieve from the provider by specifying the | Microsoft | `https://login.microsoftonline.com/common/oauth2/v2.0/authorize` | | Twitter | `https://api.twitter.com/oauth/authenticate` | -In the sample app, Google's `profile`, `email`, and `openid` scopes are automatically added by the framework when is called on the . If the app requires additional scopes, add them to the options. In the following example, the Google `https://www.googleapis.com/auth/user.birthday.read` scope is added to retrieve a user's birthday: +In the sample app, Google's `profile`, `email`, and `openid` scopes are automatically added by the framework when `Microsoft.Extensions.DependencyInjection.GoogleOpenIdConnectExtensions.AddGoogleOpenIdConnect` is called on the . If the app requires additional scopes, add them to the options. In the following example, the Google `https://www.googleapis.com/auth/user.birthday.read` scope is added to retrieve a user's birthday: ```csharp options.Scope.Add("https://www.googleapis.com/auth/user.birthday.read"); @@ -80,7 +80,7 @@ If a large amount of user data is required for processing user requests: defines whether access and refresh tokens should be stored in the after a successful authorization. `SaveTokens` is set to `false` by default to reduce the size of the final authentication cookie. -The sample app sets the value of `SaveTokens` to `true` in : +The sample app sets the value of `SaveTokens` to `true` in : [!code-csharp[](additional-claims/samples/6.x/ClaimsSample/Program.cs?name=snippet_AddGoogle2&highlight=9)] diff --git a/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/Program.cs b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/Program.cs index 3e4801a3d01e..8682cdc602b5 100644 --- a/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/Program.cs +++ b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/Program.cs @@ -8,7 +8,7 @@ var configuration = builder.Configuration; #region snippet_AddGoogle2 -builder.Services.AddAuthentication().AddGoogle(googleOptions => +builder.Services.AddAuthentication().AddGoogleOpenIdConnect(googleOptions => { googleOptions.ClientId = configuration["Authentication:Google:ClientId"]; googleOptions.ClientSecret = configuration["Authentication:Google:ClientSecret"]; @@ -18,17 +18,20 @@ googleOptions.SaveTokens = true; - googleOptions.Events.OnCreatingTicket = ctx => + googleOptions.Events.OnTicketReceived = ctx => { - List tokens = ctx.Properties.GetTokens().ToList(); + List? tokens = ctx.Properties?.GetTokens().ToList(); - tokens.Add(new AuthenticationToken() + tokens?.Add(new AuthenticationToken() { Name = "TicketCreated", Value = DateTime.UtcNow.ToString() }); - ctx.Properties.StoreTokens(tokens); + if (tokens is not null) + { + ctx.Properties?.StoreTokens(tokens); + } return Task.CompletedTask; }; diff --git a/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/README.md b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/README.md index 54a0f52f2080..f80dda0e0191 100644 --- a/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/README.md +++ b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/README.md @@ -8,5 +8,5 @@ The sample app demonstrates how to: To use the sample app: 1. Register the app and obtain a valid client ID and client secret for Google authentication. For more information, see [Google external login setup](https://learn.microsoft.com/aspnet/core/security/authentication/social/google-logins). -1. Provide the client ID and client secret to the app in the [GoogleOptions](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.authentication.google.googleoptions) of `Startup.ConfigureServices`. +1. Provide the client ID and client secret to the app using the Secret Manager. 1. Run the app and request the My Claims page. When the user isn't signed in, the app redirects to Google. Sign in with Google. Google redirects the user back to the app (`/MyClaims`). The user is authenticated, and the My Claims page is loaded. The given name and surname claims are present under **User Claims** with the values provided by Google. The access token is displayed under **Authentication Properties**. diff --git a/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.csproj b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.csproj index c72b7a351297..ca680204ab77 100644 --- a/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.csproj +++ b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.csproj @@ -8,7 +8,7 @@ - + diff --git a/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.slnx b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.slnx new file mode 100644 index 000000000000..e787023c7343 --- /dev/null +++ b/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.slnx @@ -0,0 +1,3 @@ + + + diff --git a/aspnetcore/security/authentication/social/google-logins.md b/aspnetcore/security/authentication/social/google-logins.md index 1b2776c1bdae..5cfeecfc23eb 100644 --- a/aspnetcore/security/authentication/social/google-logins.md +++ b/aspnetcore/security/authentication/social/google-logins.md @@ -4,7 +4,7 @@ author: wadepickett description: This tutorial demonstrates the integration of Google account user authentication into an existing ASP.NET Core app. ms.author: wpickett ms.custom: mvc -ms.date: 12/26/2025 +ms.date: 04/09/2026 uid: security/authentication/google-logins --- # Google external login setup in ASP.NET Core @@ -46,7 +46,7 @@ Create the client credentials for the app by opening the **Clients** sidebar men * Save the **Client ID** and **Client secret**, which are used later in the ASP.NET app configuration. > [!NOTE] -> The URI segment `/signin-google` is set as the default callback of the Google authentication provider. It's possible to change the default callback URI while configuring the Google authentication middleware via the inherited property of the class. +> The URI segment `/signin-google` is set as the default callback of the Google authentication provider. It's possible to change the default callback URI while configuring the Google authentication middleware via the inherited property. When deploying the app, either: @@ -71,14 +71,14 @@ Manage API credentials and usage in the [API Console](https://console.developers ## Configure Google authentication -Add the [`Microsoft.AspNetCore.Authentication.Google`](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.Google) nuget package: +:::moniker range=">= aspnetcore-6.0" + +Add the [`Google.Apis.Auth.AspNetCore3` NuGet package](https://www.nuget.org/packages/Google.Apis.Auth.AspNetCore3) to the app: ```dotnetcli -dotnet add package Microsoft.AspNetCore.Authentication.Google +dotnet add package Google.Apis.Auth.AspNetCore3 ``` -:::moniker range=">= aspnetcore-6.0" - Add the authentication service to the `Program` file: :::code language="csharp" source="~/security/authentication/social/social-code/6.x/ProgramGoogle.cs" id="snippet1"::: @@ -87,6 +87,12 @@ Add the authentication service to the `Program` file: :::moniker range="< aspnetcore-6.0" +Add the [`Microsoft.AspNetCore.Authentication.Google` NuGet package](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.Google) to the app: + +```dotnetcli +dotnet add package Microsoft.AspNetCore.Authentication.Google +``` + Add the authentication service to `Startup.ConfigureServices`: ```csharp diff --git a/aspnetcore/security/authentication/social/social-code/6.x/ProgramGoogle.cs b/aspnetcore/security/authentication/social/social-code/6.x/ProgramGoogle.cs index ab8f7166ea18..4bd61366ca28 100644 --- a/aspnetcore/security/authentication/social/social-code/6.x/ProgramGoogle.cs +++ b/aspnetcore/security/authentication/social/social-code/6.x/ProgramGoogle.cs @@ -3,7 +3,7 @@ var configuration = builder.Configuration; // -services.AddAuthentication().AddGoogle(googleOptions => +services.AddAuthentication().AddGoogleOpenIdConnect(googleOptions => { googleOptions.ClientId = configuration["Authentication:Google:ClientId"]; googleOptions.ClientSecret = configuration["Authentication:Google:ClientSecret"]; diff --git a/aspnetcore/security/authentication/social/social-without-identity.md b/aspnetcore/security/authentication/social/social-without-identity.md index 633bf31c75d0..222378656c5f 100644 --- a/aspnetcore/security/authentication/social/social-without-identity.md +++ b/aspnetcore/security/authentication/social/social-without-identity.md @@ -4,7 +4,7 @@ author: serpent5 description: Use Facebook, Google, Twitter, etc. account user authentication without ASP.NET Core Identity. monikerRange: '>= aspnetcore-3.1' ms.author: tdykstra -ms.date: 04/05/2022 +ms.date: 04/09/2026 uid: security/authentication/social/social-without-identity --- # Use social sign-in provider authentication without ASP.NET Core Identity @@ -38,7 +38,7 @@ The call to * -Setting the app's `DefaultScheme` to ("Cookies") configures the app to use Cookies as the default scheme for these extension methods. Setting the app's to ("Google") configures the app to use Google as the default scheme for calls to `ChallengeAsync`. `DefaultChallengeScheme` overrides `DefaultScheme`. See for more properties that override `DefaultScheme` when set. +Setting the app's `DefaultScheme` to ("Cookies") configures the app to use Cookies as the default scheme for these extension methods. Setting the app's to `Google.Apis.Auth.AspNetCore3.GoogleOpenIdConnectDefaults.AuthenticationScheme` ("`GoogleOpenIdConnect`") configures the app to use Google as the default scheme for calls to `ChallengeAsync`. `DefaultChallengeScheme` overrides `DefaultScheme`. See for more properties that override `DefaultScheme` when set. In `Program.cs`, call and . This middleware combination sets the property and runs the Authorization Middleware for requests: diff --git a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Program.cs b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Program.cs index 85e4406ee253..389af84b0253 100644 --- a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Program.cs +++ b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Program.cs @@ -1,6 +1,6 @@ // using Microsoft.AspNetCore.Authentication.Cookies; -using Microsoft.AspNetCore.Authentication.Google; +using Google.Apis.Auth.AspNetCore3; var builder = WebApplication.CreateBuilder(args); @@ -8,10 +8,10 @@ .AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; - options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme; + options.DefaultChallengeScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() - .AddGoogle(options => + .AddGoogleOpenIdConnect(options => { options.ClientId = builder.Configuration["Authentication:Google:ClientId"]; options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"]; diff --git a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Pages/Privacy.cshtml.cs b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Pages/Privacy.cshtml.cs index 5d9c621cf63c..fd82cd01b184 100644 --- a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Pages/Privacy.cshtml.cs +++ b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Pages/Privacy.cshtml.cs @@ -1,5 +1,5 @@ using Microsoft.AspNetCore.Authentication; -using Microsoft.AspNetCore.Authentication.Google; +using Google.Apis.Auth.AspNetCore3; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc.RazorPages; @@ -12,7 +12,7 @@ public class PrivacyModel : PageModel public async Task OnGetAsync() { var accessToken = await HttpContext.GetTokenAsync( - GoogleDefaults.AuthenticationScheme, "access_token"); + GoogleOpenIdConnectDefaults.AuthenticationScheme, "access_token"); // ... } diff --git a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Program.cs b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Program.cs index efed5ecd15e2..65951227a493 100644 --- a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Program.cs +++ b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Program.cs @@ -1,5 +1,5 @@ using Microsoft.AspNetCore.Authentication.Cookies; -using Microsoft.AspNetCore.Authentication.Google; +using Google.Apis.Auth.AspNetCore3; namespace SocialWithoutIdentitySample.Snippets; @@ -12,10 +12,10 @@ public static void SaveTokens(WebApplicationBuilder builder) .AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; - options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme; + options.DefaultChallengeScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() - .AddGoogle(options => + .AddGoogleOpenIdConnect(options => { options.ClientId = builder.Configuration["Authentication:Google:ClientId"]; options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"]; diff --git a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/SocialWithoutIdentitySample.csproj b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/SocialWithoutIdentitySample.csproj index 08b0b6c0f16d..ed0af8992053 100644 --- a/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/SocialWithoutIdentitySample.csproj +++ b/aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/SocialWithoutIdentitySample.csproj @@ -7,7 +7,7 @@ - +