Fix up API usage changes for Google

Author: gwilymatgearset

src/Owin.Security.Providers.Google/GoogleAuthenticationHandler.cs

@@ -17,8 +17,9 @@ public class GoogleAuthenticationHandler : AuthenticationHandler<GoogleAuthentic
     {
         private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string";
         private const string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
+        // TODO: This url should come from here: https://accounts.google.com/.well-known/openid-configuration
+        // TODO: as described by https://developers.google.com/identity/protocols/OpenIDConnect#discovery
         private const string UserInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo";
-        private const string GooglePlusUserEndpoint = "https://www.googleapis.com/plus/v1/people/me";
 
         private readonly ILogger _logger;
         private readonly HttpClient _httpClient;
@@ -94,16 +95,9 @@ protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
                     UserInfoEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Request.CallCancelled);
                 graphResponse.EnsureSuccessStatusCode();
                 text = await graphResponse.Content.ReadAsStringAsync();
-                var user = JObject.Parse(text);
+                var userInfo = JObject.Parse(text);
 
-                // Get the Google+ Person Info
-                graphResponse = await _httpClient.GetAsync(
-                    GooglePlusUserEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Request.CallCancelled);
-                graphResponse.EnsureSuccessStatusCode();
-                text = await graphResponse.Content.ReadAsStringAsync();
-                var person = JObject.Parse(text);
-
-                var context = new GoogleAuthenticatedContext(Context, user, person, accessToken, expires, refreshToken)
+                var context = new GoogleAuthenticatedContext(Context, userInfo, accessToken, expires, refreshToken)
                 {
                     Identity = new ClaimsIdentity(
                         Options.AuthenticationType,
@@ -124,11 +118,11 @@ protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
                 }
                 if (!string.IsNullOrEmpty(context.Name))
                 {
-                    context.Identity.AddClaim(new Claim("urn:googleplus:name", context.Name, XmlSchemaString, Options.AuthenticationType));
+                    context.Identity.AddClaim(new Claim("urn:google:name", context.Name, XmlSchemaString, Options.AuthenticationType));
                 }
                 if (!string.IsNullOrEmpty(context.Link))
                 {
-                    context.Identity.AddClaim(new Claim("urn:googleplus:url", context.Link, XmlSchemaString, Options.AuthenticationType));
+                    context.Identity.AddClaim(new Claim("urn:google:url", context.Link, XmlSchemaString, Options.AuthenticationType));
                 }
                 context.Properties = properties;
 

src/Owin.Security.Providers.Google/GoogleAuthenticationOptions.cs

@@ -100,6 +100,7 @@ public GoogleAuthenticationOptions()
             AuthenticationMode = AuthenticationMode.Passive;
             Scope = new List<string>
             {
+                "openid",
                 "profile",
                 "email"
             };

src/Owin.Security.Providers.Google/Provider/GoogleAuthenticatedContext.cs

@@ -2,7 +2,6 @@
 
 using System;
 using System.Globalization;
-using System.Linq;
 using System.Security.Claims;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
@@ -20,16 +19,14 @@ public class GoogleAuthenticatedContext : BaseContext
         /// Initializes a <see cref="GoogleAuthenticatedContext"/>
         /// </summary>
         /// <param name="context">The OWIN environment</param>
-        /// <param name="user">The JSON-serialized user</param>
-        /// <param name="person"></param>
-        /// <param name="accessToken">Google+ Access token</param>
+        /// <param name="userInfo">The JSON-serialized user_info. Format described here: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims</param>
+        /// <param name="accessToken">Google Access token</param>
         /// <param name="expires">Seconds until expiration</param>
         /// <param name="refreshToken"></param>
-        public GoogleAuthenticatedContext(IOwinContext context, JObject user, JObject person, string accessToken, string expires, string refreshToken)
+        public GoogleAuthenticatedContext(IOwinContext context, JObject userInfo, string accessToken, string expires, string refreshToken)
             : base(context)
         {
-            User = user;
-            Person = person;
+            UserInfo = userInfo;
             AccessToken = accessToken;
             RefreshToken = refreshToken;
 
@@ -39,16 +36,15 @@ public GoogleAuthenticatedContext(IOwinContext context, JObject user, JObject pe
                 ExpiresIn = TimeSpan.FromSeconds(expiresValue);
             }
 
-            Id = TryGetValue(person, "id");
-            Name = TryGetValue(person, "displayName");
-            Link = TryGetValue(person, "url");
-            UserName = TryGetValue(person, "displayName").Replace(" ", "");
+            // See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for a list of properties
+            Id = TryGetValue(userInfo, "sub");
+            Name = TryGetValue(userInfo, "name");
+            Link = TryGetValue(userInfo, "profile");
+            UserName = TryGetValue(userInfo, "name").Replace(" ", "");
 
-            var email = (from e in person["emails"]
-                where e["type"].ToString() == "account"
-                select e).FirstOrDefault();
+            var email = TryGetValue(userInfo, "email");
             if (email != null)
-                Email = email["value"].ToString();
+                Email = email;
         }
 
         /// <summary>
@@ -57,16 +53,7 @@ public GoogleAuthenticatedContext(IOwinContext context, JObject user, JObject pe
         /// <remarks>
         /// Contains the Google user obtained from the endpoint https://www.googleapis.com/oauth2/v3/userinfo
         /// </remarks>
-        public JObject User { get; private set; }
-
-        /// <summary>
-        /// Gets the JSON-serialized person
-        /// </summary>
-        /// <remarks>
-        /// Contains the Google+ person obtained from the endpoint https://www.googleapis.com/plus/v1/people/me.  For more information
-        /// see https://developers.google.com/+/api/latest/people
-        /// </remarks>
-        public JObject Person { get; private set; }
+        public JObject UserInfo { get; private set; }
 
         /// <summary>
         /// Gets the Google OAuth access token
@@ -79,12 +66,12 @@ public GoogleAuthenticatedContext(IOwinContext context, JObject user, JObject pe
         public string RefreshToken { get; private set; }
 
         /// <summary>
-        /// Gets the Google+ access token expiration time
+        /// Gets the Google access token expiration time
         /// </summary>
         public TimeSpan? ExpiresIn { get; set; }
 
         /// <summary>
-        /// Gets the Google+ user ID
+        /// Gets the Google user ID
         /// </summary>
         public string Id { get; private set; }
 
@@ -96,12 +83,12 @@ public GoogleAuthenticatedContext(IOwinContext context, JObject user, JObject pe
         public string Link { get; private set; }
 
         /// <summary>
-        /// Gets the Google+ username
+        /// Gets the Google username
         /// </summary>
         public string UserName { get; private set; }
 
         /// <summary>
-        /// Gets the Google+ email address for the account
+        /// Gets the Google email address for the account
         /// </summary>
         public string Email { get; private set; }