access_time 11 months ago languageEnglish
more_vert

Sign-in with Google Error - {"error": "invalid_client", "error_description": "Unauthorized" }

visibility 388 comment 0

Sign-in with social accounts like Google, Microsoft, Twitter and Facebook accounts are very commonly used in websites to allow website users to logon easily without registering an separate account.

Issue summary

During the implementation of Kontext Google sign-in function, I encountered an error:

Exception: An error was encountered while handling the remote login.

And the details look like the following:

An unhandled exception occurred while processing the request.

Exception: OAuth token endpoint failure: Status: Unauthorized;Headers: Vary: X-Origin, Referer, Origin,Accept-Encoding
Date: Wed, 10 Jun 2020 09:39:00 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Transfer-Encoding: chunked
;Body: {
"error": "invalid_client",
"error_description": "Unauthorized"
};

Unknown location

Exception: An error was encountered while handling the remote login.

Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

I have been following exactly the following page to implement this function:

Google external login setup in ASP.NET Core

All the Google API credential and consent screen are setup correctly too. 

Environment 

  • ASP.NET Core 3.1.4
  • Microsoft.AspNetCore.Authentication.Google 3.1.4

Solution to fix this error

After a lot of searching on the websites, I could not fix this issue. And then I revisited my code again:

AddGoogle(options =>
                {
                    options.ClientId = Configuration["Authentication:Google:ClientId"];
                    options.ClientSecret = Configuration["Authentication:Google:ClientId"];
                });

As you can see in the above code snippet, Google authentication service is setup using ClientId and ClientSecret from configurations (can be environment variables, secret manager, application settings, etc.). 

However there was a type for ClientSecret as the configuration value should be definitely from ClientID settings. Thus to fix this issue, I just need to change the value to the following:

AddGoogle(options =>
                {
                    options.ClientId = Configuration["Authentication:Google:ClientId"];
                    options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
                });
I made a very simple mistake which cost me a few hours to fix it. So if you encounter similar error, please make sure you have configured the ClientID and ClientSecret for Google OAuth correctly. And also make sure these two values match exactly with the values in your Google Developer or Google Cloud Console settings.

copyright This page is subject to Site terms.
Like this article?
Share on

Please log in or register to comment.

account_circle Log in person_add Register

Log in with external accounts

Follow Kontext

Get our latest updates on LinkedIn or Twitter.

Want to contribute on Kontext to help others?

Learn more