Google OAuth on MVC5 ExternalLoginCallback?error=access_denied

Question

I have set up my Google OAuth

And I have added the code into Startup.Auth.cs

 app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
    {
        // LRC
        ClientId = "xxxxxxxxx",
        ClientSecret = "xxxxx"
        //CallbackPath = new PathString("/signin-google")
    });

But after I chose a google account to log in, it redirected me to the login page again,

I checked the network via Chrome and found that the access was denied.

http://www.liferunningclub.com.au/Account/ExternalLoginCallback?error=access_denied

I cannot figure it out.

---

Update Now I did something else:

1. I added an annotation ([RequireHttps]) on the Account Controller
2. I enabled the SSL for my project.
3. I updated the url and re-direct url in Google Console to https

Tried to log in with Google, after I selected my Google account, it returned the same access_denied.

It would be better if the response from Google could give more detailed information.

Answer 1

I had the same problem using the latest ASP.Net MVC template with "Individual Accounts" selected.

The solution was to enable the Google+ API for my project in the Google Developer console.

I found my answer here (scroll down to "Changes to Google OAuth 2.0...").

Answer 2

The same error happened to me for Facebook provider.

Turns out the solution was as simple as updating the nuget package to 3.1.

It turns out that Facebook did a "force upgrade" of their graph API from version 2.2 to 2.3 on 27th March 2017

For the record I'm using the following:

• http://localhost:58364 in iisexpress with NO https

In Facebook I have the following settings configured for a test app:

In addition if you're using a sample template the error parameter returned isn't being consumed which can be misleading. You should add string error to ExternalLoginCallback

    [AllowAnonymous]
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl, string error)
    {
        if (error != null)
        {
            return View("Error");
        }

Answer 3

I had this problem as well. After I enabled the Google+ API the problem is not solved yet. Turns out I haven't set the 'Authorized JavaScript origins' in my google API console. So I set the authorized javascript origins, and the problem solved.