How to Request offline_access from Google Using .AddOpenIdConnect() in ASP.NET Core

Learn how to request offline access from Google in ASP.NET Core using the AddOpenIdConnect method. This step-by-step guide breaks down the process and provides essential tips.
---
This video is based on the question stackoverflow.com/q/65910981/ asked by the user 'thankyoussd' ( stackoverflow.com/u/683202/ ) and on the answer stackoverflow.com/a/65911159/ provided by the user 'thankyoussd' ( stackoverflow.com/u/683202/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.

Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: How to request offline_access from Google using .AddOpenIdConnect() in ASP.NET Core?

Also, Content (except music) licensed under CC BY-SA meta.stackexchange.com/help/licensing
The original Question post is licensed under the 'CC BY-SA 4.0' ( creativecommons.org/licenses/by-sa/4.0/ ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( creativecommons.org/licenses/by-sa/4.0/ ) license.

If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
How to Request offline_access from Google Using .AddOpenIdConnect() in ASP.NET Core

When working with Google authentication in ASP.NET Core applications, you may encounter a common requirement: obtaining offline_access to allow your application to refresh tokens when the user is not actively engaged. While the Microsoft-specific Google OIDC package makes this easier by allowing you to set AccessType, many developers wonder if it's possible to request offline_access using the standard ASP.NET Core OpenID Connect package.

In this guide, we'll delve into how to achieve this using the .AddOpenIdConnect() method and provide you with a clear, step-by-step solution to seamlessly integrate offline_access into your application.

Understanding the Problem

The challenge here stems from the fact that when using the OpenID Connect (OIDC) implementation provided by Microsoft, requesting offline_access doesn’t yield the desired result for Google authentication. Instead, it leads to an error indicating an invalid_scope. Unlike Microsoft accounts, which smoothly accommodate the request for this scope, Google has its own parameter for accessing offline functionality.

Solution Overview

Key Insight

Google requires the use of the access_type parameter to enable offline access rather than relying solely on the offline_access scope. To implement this, we need to handle the OnRedirectToIdentityProvider event in the OpenIdConnectOptions. This will allow us to specify the desired parameter at the right time during the authentication flow.

Step-by-Step Implementation

Follow these steps to successfully request offline_access from Google using .AddOpenIdConnect():

Configure the OIDC options: In your Startup.cs, or where you configure services, locate the section where you add OpenID Connect services.

Handle OnRedirectToIdentityProvider Event: You will need to add an event handler for OnRedirectToIdentityProvider that sets the access_type parameter. Here’s how that can look in your code:

[[See Video to Reveal this Text or Code Snippet]]

In this code:

context.ProtocolMessage allows you to manipulate the OIDC protocol messages.

The SetParameter method is used to set access_type to offline.

Add other necessary configurations: Ensure you have other required settings in place, like your Client ID and Client Secret, as well as redirects for successful and failed logins.

Test the Implementation: After implementing the above code, test the entire authentication process to confirm that you are able to acquire an access token that allows for refresh tokens when the user is offline.

Conclusion

By adjusting the OIDC parameters for Google authentication in your ASP.NET Core application, you can effectively request offline_access using the .AddOpenIdConnect() method. This solution not only makes your application more robust but also enhances user experience by allowing background token refreshing.

With just a few lines of code, you've mastered an important aspect of integrating Google authentication into your application! If you have any other questions or need further clarification, feel free to reach out or check the official documentation for additional resources.