MVC google login - OpenID auth request contains an unregistered domain

Question

When I try to login today via google in my web app, I get that error:

400 That’s an error.

OpenID auth request contains an unregistered domain: http://XXX.XXX.XXX/ (IP here)

But on localhost everything works fine. What is more - on other project also everything works nice.

I'm using default OAuth:

OAuthWebSecurity.RegisterGoogleClient();

How to resolve it?

Answer 1

I would like to add some context to this thread together with a potential solution to developers that are currently blocked.

Back in February we announced the deprecation of OpenID 2.0 (OID2) scheduled for April 2015. We also announced that new OID2 relying parties (RPs) registrations** will no longer be accepted after April 2014.

Given that the API will be shut-down in less than a year’s time, our intention is to avoid having new RPs integrating with Google's OID2 API. Instead, we suggest to use our OpenID Connect API which we consider more secure and easier to implement.

Registrations were effectively closed on May 19th (as documented in the Google’s OID2 developer documentation). All RPs already using OID2 should not be affected by this the closure.

As for developers currently working on an integration with our OID2 API (presumably because they missed the announcement and warnings in our OID2 documentation), we will do our best to minimize the friction caused by the registration closure. If you are in such situation, please let us know by posting a registration request before June 15th. The post should contain a sample OID2 request used by your application, in case you prefer not to disclose such information, please post an email address and we will reach out. We plan to look into each case and try to get you unblocked in the best possible way.

Miguel.

** OID2 does not have a registration procedure for RPs integrating with an identity provider. RPs are associated to the realm value (e.g., www.example.com) used when contacting Google OID2 API. Thus, a RP is considered "registered" if its realm value has been used to contact our OID2 API.

Answer 2

This approach is obsolete as Google changed their auth to OAuth2

I didn't delete this answer because formerly approved api users are still valid to use.

== Original post below ==

If you are OWIN-based MVC5 user, just change Startup.Auth.cs file

        app.UseGoogleAuthentication();

to

app.UseGoogleAuthentication(
 clientId: "000-000.apps.googleusercontent.com",
 clientSecret: "00000000000");

according to the http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on page.

Answer 3

Google has disabled OpenID2 for new domains. Existing relying parties can continue to use the API at least until the end of the deprecation period that runs through to April 2015. The announcement is at: https://developers.google.com/+/api/auth-migration#timetable