I am using GoogleOAuth2AuthenticationMiddleware (version 3.0.0) with a call back path of '/login/google'. When google redirects to that path (with all the correct query params), the middleware works its magic and then redirects to the original referring URI
(or what ever is set in the AuthenticationProperties.RedirectUri).
In my case, I don't want it to redirect to the AuthenticationProperties.RedirectUri. I want the pipeline to continue processing. I have a route for '/login/google' set up to point to a MVC controller action so after the google middleware does its stuff, I want
it to return an HTML page in the response. This is because I have a custom cookie middleware component that issues a cookie containing only some of the claims returned from google. And I want the web page to display the claims that are not in my cookie.
To achieve this I've added the following properties to the authentication options:
ClientId = "myclientid",
ClientSecret = "mysecret",
CallbackPath = new PathString("/login/google"),
Provider = new GoogleOAuth2AuthenticationProvider()
OnReturnEndpoint = (context) =>
// Remove RedirectUri so it doesn't redirect. I want processing to continue and the MCV controller action to be called.
context.RedirectUri = null;
This works fine, although it seems like a hack. And I am worried that future releases wont allow me to do this.
Is there a better way I could be doing this?
Also, is there any reason I shouldn't be doing this? (e.g. some security risk)