Search code examples
c#asp.net-core-mvcgoogle-oauthgoogle-analytics-apigoogle-api-dotnet-client

Authorize Google analytics data from a web application

I am trying to authorize an ASP.NET Core 6 MVC web app to Google analytics data API.

[GoogleScopedAuthorize("https://www.googleapis.com/auth/analytics.readonly")]
public async Task<IActionResult> Index([FromServices] IGoogleAuthProvider auth)
{
    var cred = await auth.GetCredentialAsync();
    
    var client = await BetaAnalyticsDataClient.CreateAsync(CancellationToken.None);

    var request = new RunReportRequest
    {
        Property = "properties/" + XXXXX,
        Dimensions = {new Dimension {Name = "date"},},
        Metrics = {new Metric {Name = "totalUsers"},new Metric {Name = "newUsers"}},
        DateRanges = {new DateRange {StartDate = "2021-04-01", EndDate = "today"},},
    };

    var response = await client.RunReportAsync(request);
}

The authorization goes though as would be expected; I am getting an access token back.

image

I cant seem to figure out how to apply the credentials to the BetaAnalyticsDataClient.

When I run it without applying it to the BetaAnalyticsDataClient, I get the following error:

InvalidOperationException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.

I am not currently using GOOGLE_APPLICATION_CREDENTIALS as it is configured in programs.cs. I don't see the need to have client id and secret configured in program.cs plus having an added env var.

Why isn't it just picking up the authorization already supplied with the controller runs?

builder.Services
    .AddAuthentication(o =>
    {
        // This forces challenge results to be handled by Google OpenID Handler, so there's no
        // need to add an AccountController that emits challenges for Login.
        o.DefaultChallengeScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
        // This forces forbid results to be handled by Google OpenID Handler, which checks if
        // extra scopes are required and does automatic incremental auth.
        o.DefaultForbidScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
        // Default scheme that will handle everything else.
        // Once a user is authenticated, the OAuth2 token info is stored in cookies.
        o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    })
    .AddCookie()
    .AddGoogleOpenIdConnect(options =>
    {
        options.ClientId = builder.Configuration["Google:ClientId"];
        options.ClientSecret = builder.Configuration["Google:ClientSecret"];
    });

Is there an alternate method for authorizing with a web app that I have not been able to find. I did do some dinging in the source code I can't seem to find a method to apply this.

Solution

  • After quite a bit of digging i managed to find that it was possible to create my own client builder and apply the credentials there.

    var clientBuilder = new BetaAnalyticsDataClientBuilder()
    {
        Credential = await auth.GetCredentialAsync()
    };
    var client = await clientBuilder.BuildAsync();

    Hope this helps someone else.