This project has moved and is read-only. For the latest updates, please go here.

Google + nonce

Sep 18, 2014 at 3:22 PM
Anyone tried to use the OpenIdConnect middleware with google? Google doesn't seem to like the nonce parameter that this middleware set on the request to googles auth endpoint and gives me an error saying this middleware generated a bad request with the nonce value being the culprit. If I manually edit the url and remove the nonce query param, it works.

Google's "fault" not complying to the spec, or is it this middleware?
      app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = "myclientidingoogledevelopersconsole",
                Authority = "https://accounts.google.com/",
                RedirectUri = "http://localhost:2671/",
                ResponseType = "id_token token",
                Scope = "openid email",
Sep 18, 2014 at 3:43 PM
Google and Katana both have implementations of OIDC, but the OIDC spec includes multiple ways to do everything and Goolge requires one set while Katana implemented another. They can't be used together, and it's not just the nonce that's the problem. We plan to expand the Katana implementation in the future to work with more providers like Google.
Sep 19, 2014 at 2:21 PM
Okay, thanks! What exactly in OIDC is it that Google does different?

We're working on IdentityServer v3 from ThinkTecture, and that seems to work ok with this MW. Was hoping my clients could use Google for testing meanwhile we get it IdSrv up and running in production using this middleware, and then just swap it later.

And if you know, how far off are you supporting Googles way of implementing OIDC (are we talking next year, or is it not in any road map yet maybe) ?
Sep 24, 2014 at 10:43 PM
Everything. We use form-posts's, they use query strings. We use Token + Code, they use Code. etc..
Sep 24, 2014 at 10:44 PM
The additional work hasn't been scheduled yet, so it will be at least a few months.
Sep 25, 2014 at 8:32 AM
Allright, thanks for the heads up. Auth0 does not support form post either, so the only OIDC provider that matches this middleware is Thinktecture's IdentityServer v3 (?).
Sep 25, 2014 at 1:51 PM
Hi all,

Since I was also trying to use OpenIdConnect middleware to get logged with google, I take the oppotunity of this thread to ask a related questions :
Does anyone know if we can use OpenIdConnect middleware with any other 'well known' providers than Microsoft (Azure Active Directory) ?

Thanks
Sep 25, 2014 at 2:55 PM
Read my prev post again