Search code examples
c#oauth-2.0owinasp.net-identity-2google-authentication

Why does GetExternalLoginInfoAsync() return null in this case?

I created an app using Identity2 MVC5 and Google login to do SSO to Google...

If I login successfully, then close the browser, then log back in , this code block get a loginInfo == null, 

public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
        {
            var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
            if (loginInfo == null)
            {
                return RedirectToAction( "LogOut" );
                //return RedirectToAction("Login");
            }

My best guess is that the asp.net cookie is session and thus deleted, but the Google Oauth token is still lingering somewhere...

Is this what's going on? How can I clean up the oauth token?

I've tried several approaches, run at the PageReady of the login page (ie clean up all persisting logins when hitting the login page)

var user = UserManager.FindByName( User.Identity.Name );
var AuthenticationManager = HttpContext.GetOwinContext().Authentication;

AuthenticationManager.SignOut();
AuthenticationManager.SignOut( DefaultAuthenticationTypes.ApplicationCookie );
Session.Abandon();

if ( user != null )
{
    UserManager.UpdateSecurityStamp( user.Id ); // remove the old cookie so it cant' be reused to re-log in - EWB
}

and finally 

    return Redirect( "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://"+ Url.Action( "Index", "Home", new { target = "_blank" } ) ); //https://stackoverflow.com/questions/27515518/asp-net-identity-external-login-wont-log-out - f belihocine answer

Which is supposed to be logging out of google (and goes to our custom logout page, so it seems to be true).

but I'm still getting the same behavior

What exactly is going on?

If I wait till the timeout expires (10 min) things work normally...

Solution

  • It was returning null, because I was creating a app cookie and a external cookie, and only deleting the app cookie.

    Calling this logged out the way I wanted 

     Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ApplicationCookie );// https://stackoverflow.com/questions/28999318/owin-authentication-signout-doesnt-seem-to-remove-the-cookie - stralos s answer
 Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ExternalCookie );