Menu
I am using ASP.NET Core WebAPI (.NET 6.0)
I would like to implement Google Authentication using the guideline shared by Google on https://developers.google.com/identity/gsi/web
My understanding of the process s that - I request a JWT from Google from my Web Client (VueJS) - send the JWT to the WebAPI to verify.
For verification, it seems I need to write some code as per the guidelines shared on https://developers.google.com/identity/sign-in/web/backend-auth.
Then I create a new JWT for the user using the details, role information, and claims stored in my DB and send it back to the client.
The client saves the new JWT to local storage and keeps sending it for every new API request.
The entire process feels a little like reinventing the wheel, is there a more standard method of handling the WebAPI part?
735
asked May 28 '26 22:05
There is not a more standard way. You have described the standard way.
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/external-authentication-services
In short:
In an OAuth2 Authorization setup a 1 time use token is returned to the web client, which then sends it to your web API. Your web API uses that one time use token to request additional user identity information from the identity provider (Google).
119
answered May 31 '26 12:05
I think your understanding of Google Authentication is correct. The best practice regarding webapi using Google Authentication should also be the same.
1. Register your in Google, get client_id and client_secret.
2. Add the services Identity, Authentication and Google in .Net core as follows. And add the attribute [Authorize()] to the APIs you want to secure.
AspNetCore WebAPI - Google Authentication
3. Get access_token from google.
4. append access_token in your every httprequest when access your webapi.
33
answered May 31 '26 13:05
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With