Google Authentication ASP.NET Core Web Api

Question

I have some problem while google redirects to a callback method it throws Exception: The oauth state was missing or invalid.

Startup.cs

public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<Conte>(config =>
            config.UseSqlServer(Configuration.GetConnectionString("Identity")));
        services.AddIdentity<IdentityUser, IdentityRole>()
            .AddEntityFrameworkStores<Conte>()
            .AddDefaultTokenProviders();

        services.AddAuthentication()
                .AddCookie("Cook")
                .AddGoogle(config =>
                {
                    config.SignInScheme = "Cook";
                    config.ClientId = Configuration["Authentication:Google:Client_Id"];
                    config.ClientSecret = Configuration["Authentication:Google:Client_Secret"];

                    config.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "UserId");
                    config.ClaimActions.MapJsonKey(ClaimTypes.Email, "EmailAddress", ClaimValueTypes.Email);
                    config.ClaimActions.MapJsonKey(ClaimTypes.Name, "Name");

                });

                    services.AddMvc();
    }

AccountController.cs

[AllowAnonymous]
    [HttpGet]
    [Route("/api/google-login")]
    public async Task LoginGoogle()
    {
        await HttpContext.ChallengeAsync("Google", new AuthenticationProperties() { RedirectUri = "/signin-google" });
    }

    [AllowAnonymous]
    [HttpGet]
    [Route("/signin-google")]
    public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
    {   
        var info = await _signInManager.GetExternalLoginInfoAsync();

        // Sign in the user with this external login provider if the user already has a login.
        var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
        if (result.Succeeded)
        {
            return Redirect(returnUrl);
        }
        return BadRequest();
    }

It go to Google Account

And when I tying to authorize i throws an exception

Answer 1

According to the tutorial from MS:

The Google authentication configured later in this tutorial will automatically handle requests at /signin-google route to implement the OAuth flow.

The /signin-google route is handled by the middleware, not by your MVC controller. Your external login should route to something like /ExternalLoginCallback