Sign-in with Google Error - {"error": "invalid_client", "error_description": "Unauthorized" }

access_time 8 months ago visibility225 comment 0

Sign-in with social accounts like Google, Microsoft, Twitter and Facebook accounts are very commonly used in websites to allow website users to logon easily without registering an separate account.

Issue summary

During the implementation of Kontext Google sign-in function, I encountered an error:

Exception: An error was encountered while handling the remote login.

And the details look like the following:

An unhandled exception occurred while processing the request.

Exception: OAuth token endpoint failure: Status: Unauthorized;Headers: Vary: X-Origin, Referer, Origin,Accept-Encoding
Date: Wed, 10 Jun 2020 09:39:00 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Transfer-Encoding: chunked
;Body: {
"error": "invalid_client",
"error_description": "Unauthorized"
};

Unknown location

Exception: An error was encountered while handling the remote login.

Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

I have been following exactly the following page to implement this function:

Google external login setup in ASP.NET Core

All the Google API credential and consent screen are setup correctly too. 

Environment 

  • ASP.NET Core 3.1.4
  • Microsoft.AspNetCore.Authentication.Google 3.1.4

Solution to fix this error

After a lot of searching on the websites, I could not fix this issue. And then I revisited my code again:

AddGoogle(options =>
                {
                    options.ClientId = Configuration["Authentication:Google:ClientId"];
                    options.ClientSecret = Configuration["Authentication:Google:ClientId"];
                });

As you can see in the above code snippet, Google authentication service is setup using ClientId and ClientSecret from configurations (can be environment variables, secret manager, application settings, etc.). 

However there was a type for ClientSecret as the configuration value should be definitely from ClientID settings. Thus to fix this issue, I just need to change the value to the following:

AddGoogle(options =>
                {
                    options.ClientId = Configuration["Authentication:Google:ClientId"];
                    options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
                });
I made a very simple mistake which cost me a few hours to fix it. So if you encounter similar error, please make sure you have configured the ClientID and ClientSecret for Google OAuth correctly. And also make sure these two values match exactly with the values in your Google Developer or Google Cloud Console settings.

copyright This page is subject to Site terms.
Like this article?
Share on

Please log in or register to comment.

account_circle Log in person_add Register

Log in with external accounts

Follow Kontext

Get our latest updates on LinkedIn or Twitter.

Want to publish your article on Kontext?

Learn more

More from Kontext

visibility 28881
thumb_up 0
access_time 4 years ago

The identity system in ASP.NET has evolved over time. If you are using ASP.NET Core, you probably found User property is an instance of ClaimsPrincipal in Controller or Razor views. Thus to retrieve the information, you need to utilize the claims.

visibility 225
thumb_up 0
access_time 8 months ago

Sign-in with social accounts like Google, Microsoft, Twitter and Facebook accounts are very commonly used in websites to allow website users to logon easily without registering an separate account. During the implementation of Kontext Google sign-in function, I encountered an error: Exception ...

visibility 1450
thumb_up 0
access_time 5 months ago

Microsoft 365 and Office 365 supports using licensed user account to send emails in client applications. SMTP protocol can be used to send emails in ASP.NET Core applications. This article shows how to use SMTP AUTH to send emails in ASP.NET Core 3.1 applications. warning  This guide is ...