Raymond Raymond | ASP.NET Core

with Google Error - {"error": "invalid_client", "error_description": "Unauthorized" }

event 2020-06-10 visibility 2,045 comment 0 insights toc
insights Stats

Sign-in with social accounts like Google, Microsoft, Twitter and Facebook accounts are very commonly used in websites to allow website users to logon easily without registering an separate account.

Issue summary

During the implementation of Kontext Google sign-in function, I encountered an error:

Exception: An error was encountered while handling the remote login.

And the details look like the following:

An unhandled exception occurred while processing the request.Exception: OAuth token endpoint failure: Status: Unauthorized;Headers: Vary: X-Origin, Referer, Origin,Accept-EncodingDate: Wed, 10 Jun 2020 09:39:00 GMTServer: scaffolding on HTTPServer2Cache-Control: privateX-XSS-Protection: 0X-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffAlt-Svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneTransfer-Encoding: chunked;Body: {"error": "invalid_client","error_description": "Unauthorized"};Unknown locationException: An error was encountered while handling the remote login.Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

I have been following exactly the following page to implement this function:

Google external login setup in ASP.NET Core

All the Google API credential and consent screen are setup correctly too. 


  • ASP.NET Core 3.1.4

  • Microsoft.AspNetCore.Authentication.Google 3.1.4

Solution to fix this error

After a lot of searching on the websites, I could not fix this issue. And then I revisited my code again:

AddGoogle(options =>
                    options.ClientId = Configuration["Authentication:Google:ClientId"];
                    options.ClientSecret = Configuration["Authentication:Google:ClientId"];

As you can see in the above code snippet, Google authentication service is setup using ClientId and ClientSecret from configurations (can be environment variables, secret manager, application settings, etc.). 

However there was a typo for ClientSecret as the configuration value should be definitely from ClientID settings. Thus to fix this issue, I just need to change the value to the following:

AddGoogle(options =>
                    options.ClientId = Configuration["Authentication:Google:ClientId"];
                    options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];

I made a very simple mistake which cost me a few hours to fix it. So if you encounter similar error, please make sure you have configured the ClientID and ClientSecret for Google OAuth correctly. And also make sure these two values match exactly with the values in your Google Developer or Google Cloud Console settings.

More from Kontext
comment Comments
No comments yet.

Please log in or register to comment.

account_circle Log in person_add Register

Log in with external accounts