Problem getting ASP.NET Core Google login to work

Question

I have an ASP.NET Core MVC web app, in which I want to add Google login.

I followed this description: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0

When I run the app, choosing the Google login button/option, adding my mail to the login screen at the Google site (https://accounts.google.com/v3/signin/identifier ...) I get to the next page which says:

This browser or app may not be secure. ...

I tried a few things of editing settings at my apps Google credentials page (https://console.cloud.google.com/apis/credentials/oauthclient/).

I have added: https://localhost:7049 for the "Authorized JavaScript origins" part and: https://localhost:7049/signin-google for the "Authorized redirect URIs" part.

Am I missing something else that's important here?

Thanks for any assistance!

Updated with picture of my settings in the Google Console.

Updated with my settings in the "OAuth consent screen": I have added two email addresses and have tried both to login. No luck here ...

Update. This code is added in the Program.cs file:

.AddGoogle(options =>
{
    // For compatibility between platforms ":" shall be
    // replaced with "__" / double underscore
    IConfigurationSection googleAuthNSection =
        builder.Configuration.GetSection("Authentication:Google");
    // Instead use ( TODO ???, BOTH seems to work ..):
    // options.ClientId = 
        configuration["Authentication:Google:ClientId"];
    // options.ClientSecret = configuration["Authentication:Google:ClientSecret"];
    // When to use ":" and when to use "__" ???
    // Probably in the config file (that do not seem to work!? ...) ???
        options.ClientId = googleAuthNSection["ClientId"];
        options.ClientSecret = googleAuthNSection["ClientSecret"];
    })

and also added this:

app.Use(async (context, next) =>
{
    context.Response.Headers.Add("Referrer-Policy", "no-referrer-when-downgrade");
    await next();
});

The last piece is in relation to the info written here: https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid

It says:

When you perform local tests or development, you must add both http://localhost and http://localhost:<port_number> to the Authorized JavaScript origins box. The Referrer-Policy header must also be set to no-referrer-when-downgrade when using http and localhost.

Unsure what this exactly does or means, or if it is relevant in my case.

A short description how I got her is something like this:

• Followed this description at Microsoft: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0 and this description at Google: https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid
• Created an ASP.NET CORE app with authentication. .NET 7 with latest version of C#. Added the Nuget package: Microsoft.AspNetCore.Authentication.Google
• Created a project at the Google site for developers (https://console.cloud.google.com/) and added there the OAuth 2.0 Client credentials parts with the added URIs as in the picture above. Also added/edited the settings at the "OAuth consent screen" page. See above!
• Added the key and link for the created Google OAuth 2.0 credentials to the "developer local storage" as described in the Microsoft link which makes it possible to use the "configuration" parts in my added code for the Program.cs file.
• Added the code as described above.
• Started the web app and then tried to use my own two Google accounts to login. I get to the point where you add your email adress and continue. And here I get the message "This browser or app may not be secure. ...".

A note here is that I have my Google account set for two factor authentication. There are a few links and videos online that says that this can cause this problem. And here they reference that you need to enable "unsecure app login" and due to this remove the two factor authentication. However! You can now no longer disable this at the Google site as of last year (I think it was last year ...). And it seems strange/not ok that this solution should Not support two factor login when this is more or less the general standard to increase your accounts security!?

Answer 1

Setting in Google Console.

Your code in Program.cs file should be like below:

builder.Services.AddAuthentication().AddGoogle(googleOptions =>
{
    googleOptions.ClientId = "103****7s.apps.googleusercontent.com";
    googleOptions.ClientSecret = "GOCSPX-****_b3-jMPKHe";
}).AddMicrosoftAccount(microsoftOptions =>
{
    microsoftOptions.ClientId = "b3fb++_if_you_have_++c5fe2d";
    microsoftOptions.ClientSecret = "R****cbku";
});

Test Result