How signin-google in asp.net core authentication is linked to the google handler?

Question

I went into the source code but I can't see where it's wired to the handler. In the GoogleExtensions.cs file, I see the

 => builder.AddOAuth<GoogleOptions, GoogleHandler>(authenticationScheme,
                                                   displayName, configureOptions);

But I don't understand how the route "/signin-google" calls the handler.

Answer 1

How signin-google in asp.net core authentication is linked to the google handler?

The question can be divided into two small questions .

1. How user is redirected to the url of /signin-google
2. How GoogleHandler process the request on /signin-google

How user is redirected to signin-google

Initially, when user clicks the Google button to login with Google Authentication, the browser will post a request to the following url:

https://your-server/Identity/Account/ExternalLogin?returnUrl=%2F

Your server simply redirects the user to Google.com and asks Google to authenticate the current user :

https://accounts.google.com/o/oauth2/v2/auth?
    response_type=code
    &client_id=xxx
    &scope=openid%20profile%20email
    &redirect_uri=https%3A%2F%2Fyour-server%2Fsignin-google
    &state=xxx

When Google has authenticated the user successfully, it will redirect the user to your website with a parameter of code according to redirect_uri above.

 https://your-server/signin-google?
    state=xxx
    &code=yyy
    &scope=zzz
    &authuser=0
    &session_state=abc
    &prompt=none

Note the path here equals /signin-google. That's the first key point.

How GoogleHandler process the signin-google

Before we talk about how GoogleHandler goes , we should take a look at how AuthenticationMiddleware and AuthenticationHandler work:

1. When there's an incoming request, the AuthenticationMiddleware (which is registered by UseAuthentication() in your Configure() method of Startup.cs), will inspect every request and try to authenticate user.

2. Since you've configured authentication services to use google authentication , the AuthenticationMiddleware will invoke the GoogleHandler.HandleRequestAsync() method

3. If needed, the GoogleHandler.HandleRequestAsync() then handle remote authentication with OAuth2.0 protocol , and get the user's identity.

Here the GoogleHandler inherits from RemoteAuthenticationHandler<TOptions> , and its HandleRequestAsync() method will be used by AuthenticationMiddleware to determine if need to handle the request. . When it returns true, that means the current request has been already processed by the authentication handler and there's no further process will be executed.

So how does the HandleRequestAsync() determine whether the request should be processed by itself ?

The HandleRequestAsync() method just checks the current path against the Options.CallbackPath . See source code below :

public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationRequestHandler
    where TOptions : RemoteAuthenticationOptions, new()
{
   // ...

   public virtual Task<bool> ShouldHandleRequestAsync()
        => Task.FromResult(Options.CallbackPath == Request.Path);

    public virtual async Task<bool> HandleRequestAsync()
    {
        if (!await ShouldHandleRequestAsync())
        {
            return false;
        }
        // ... handle remote authentication , such as exchange code from google
    }
}

Closing

The whole workflow will be :

1. The user clicks on button to login with Google
2. Google authenticates the user and redirects him to /signin-google
3. Since the path== signin-google, the middleware will use HandleRequestAsync() to proecess current request, and exchange code with google.
4. ... do some other things