Search code examples
c#amazon-elastic-beanstalkasp.net-core-webapigoogle-signinwebauthenticator

Google Authorization Error Error 400: redirect_uri_mismatch

I have a serious issue with my asp.net core web api, the google login works fine on localhost but when publish on the remote server in ElasticBeanstalk it's throws this error. All the authentication process is ok on localhost. Please if someone can help to fix this issue.

Here is the exact same code that i'm using.

`public class AuthController : ControllerBase { const string callbackScheme = "xamarinessentials";

    [HttpGet("{scheme}")]
    public async Task Get([FromRoute]string scheme)
    {
        var auth = await Request.HttpContext.AuthenticateAsync(scheme);

        if (!auth.Succeeded
            || auth?.Principal == null
            || !auth.Principal.Identities.Any(id => id.IsAuthenticated)
            || string.IsNullOrEmpty(auth.Properties.GetTokenValue("access_token")))
        {
            // Not authenticated, challenge
            await Request.HttpContext.ChallengeAsync(scheme);
        }
        else
        {
            var claims = auth.Principal.Identities.FirstOrDefault()?.Claims;
            var email = string.Empty;
            email = claims?.FirstOrDefault(c => c.Type == System.Security.Claims.ClaimTypes.Email)?.Value;

            // Get parameters to send back to the callback
            var qs = new Dictionary<string, string>
            {
                { "access_token", auth.Properties.GetTokenValue("access_token") },
                { "refresh_token", auth.Properties.GetTokenValue("refresh_token") ?? string.Empty },
                { "expires", (auth.Properties.ExpiresUtc?.ToUnixTimeSeconds() ?? -1).ToString() },
                { "email", email }
            };

            // Build the result url
            var url = callbackScheme + "://#" + string.Join(
                "&",
                qs.Where(kvp => !string.IsNullOrEmpty(kvp.Value) && kvp.Value != "-1")
                .Select(kvp => $"{WebUtility.UrlEncode(kvp.Key)}={WebUtility.UrlEncode(kvp.Value)}"));

            // Redirect to final url
            Request.HttpContext.Response.Redirect(url);
        }
    }`

enter image description here enter image description here

Here is the Google auth config in startup.cs or program.cs in .net 6. enter image description here

This is my Google Developper consol enter image description here

Solution

  • You need to accept the XForwardedProto

    In Startup.cs or Program.cs (in .net 6)

    public void ConfigureServices(IServiceCollection services)
{
  ...
    services.Configure<ForwardedHeadersOptions>(options =>
    {
        options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
    });
   ...  
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
 ...
 app.UseForwardedHeaders();
 ...
}