Skip to main content

Google

Integration Guide

Step 1: Installing the Package

Install the PrimusSaaS.Identity.Validator package via NuGet:

dotnet add package PrimusSaaS.Identity.Validator

Step 2: Configuring Program.cs

Register the Primus Identity services and middleware in your Program.cs:

using PrimusSaaS.Identity.Validator;

var builder = WebApplication.CreateBuilder(args);

// Add Primus Identity Validator
builder.Services.AddPrimusIdentity(opts => 
    builder.Configuration.GetSection("PrimusIdentity").Bind(opts));

builder.Services.AddControllers();
builder.Services.AddAuthorization();

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();

Step 3: Configuring App Settings

Configure the Google provider in your appsettings.json:

{
  "PrimusIdentity": {
    "RequireHttpsMetadata": true,
    "ValidateLifetime": true,
    "ClockSkew": "00:05:00",
    "Issuers": [
      {
        "Name": "Google",
        "Type": "Google",
        "Issuer": "https://accounts.google.com/",
        "Authority": "https://accounts.google.com",
        "Audiences": [ "YOUR_GOOGLE_CLIENT_ID.apps.googleusercontent.com" ]
      }
    ]
  }
}
How to create Google OAuth credentials and get Client ID

1. Create a Google Cloud Project

  1. Go to Google Cloud Console
  2. Click Select a project New Project
  3. Enter a project name (e.g., My API Project)
  4. Click Create

2. Enable OAuth APIs

  1. Go to APIs & Services Library
  2. Search for and enable:
    • Google+ API (for basic profile)
    • Any other APIs your app needs
  1. Go to APIs & Services OAuth consent screen
  2. Select External (or Internal for Google Workspace)
  3. Fill in required fields:
    • App name: Your application name
    • User support email: Your email
    • Developer contact: Your email
  4. Click Save and Continue
  5. Add scopes if needed, then continue
  6. Add test users if using External type

4. Create OAuth Credentials

  1. Go to APIs & Services Credentials
  2. Click Create Credentials OAuth client ID
  3. Select Web application
  4. Enter a name (e.g., My API)
  5. Add Authorized redirect URIs (for web flow): 
    https://localhost:5001/signin-google
  6. Click Create
  7. Copy the Client ID (looks like xxxxx.apps.googleusercontent.com)

5. Generate ID Token (for testing)

For web apps, use the OAuth 2.0 Playground:

  1. Go to OAuth 2.0 Playground
  2. Click the gear icon Check "Use your own OAuth credentials"
  3. Enter your Client ID and Client Secret
  4. Select scopes: openid, email, profile
  5. Click Authorize APIs and sign in
  6. Click Exchange authorization code for tokens
  7. Copy the id_token from the response

Step 4: Configuring Endpoint

Create a protected endpoint to test the authentication.

[HttpGet("google")]
[Authorize]
public IActionResult Get()
{
    return Ok(new { 
        validated = true,
        issuer = User.FindFirst("iss")?.Value,
        email = User.FindFirst("email")?.Value,
        name = User.FindFirst("name")?.Value
    });
}

Step 5: Testing the Endpoint

Get an ID token from Google and test the endpoint:

curl -k -X GET "https://localhost:5001/google" \
     -H "Authorization: Bearer <ID_TOKEN>"

Alternative: Fluent API Configuration

You can also configure Google using the fluent API:

builder.Services.AddPrimusIdentity(opts =>
{
    opts.UseGoogle(
        audience: "YOUR_GOOGLE_CLIENT_ID.apps.googleusercontent.com"
    );
});

Google-Specific Notes

FeatureSupport
ID TokensFully supported
Access TokensNot for API auth (use ID tokens)
Service AccountsUse JWT with custom issuer
Firebase AuthUse Google issuer with Firebase client ID