Tutorials ASP.NET Core Complete Tutorial (ShopNest)

OAuth2 and External Login (Google, Facebook, Microsoft)

Learn OAuth2 and External Login (Google, Facebook, Microsoft) in our free ASP.NET Core Complete Tutorial (ShopNest) series. Step-by-step explanations, examples, and interview tips on Toolliyo Academy.

On this page
OAuth2 and External Login (Google, Facebook, Microsoft) — ShopNest
Article 33 of 75 · Module 4: Authentication & Security · ShopNest Social Login E-Commerce
Target keyword: oauth2 asp.net core · Read time: ~30 min · .NET: 8 / 9 · Project: ShopNest Social Login E-Commerce

Introduction

ShopNest customers expect Sign in with Google — OAuth2 lets users authenticate via external providers while Identity stores the local account link.

After this article you will

  • Explain OAuth2 authorization code flow simply
  • Configure Google, Facebook, Microsoft providers
  • Link external logins to existing local accounts
  • Handle email-already-registered conflicts
  • Retrieve profile data from provider claims

Prerequisites

Concept deep-dive

OAuth2 flow (simplified): User clicks Google → redirect to Google → user consents → Google redirects back with code → ShopNest exchanges code for tokens → create/link Identity user → sign in with cookie.

builder.Services.AddAuthentication()
    .AddGoogle(options =>
    {
        options.ClientId = config["Authentication:Google:ClientId"]!;
        options.ClientSecret = config["Authentication:Google:ClientSecret"]!;
    })
    .AddFacebook(options => { ... })
    .AddMicrosoftAccount(options => { ... });

// AccountController external login callback
var info = await _signInManager.GetExternalLoginInfoAsync();
var signInResult = await _signInManager.ExternalLoginSignInAsync(
    info.LoginProvider, info.ProviderKey, isPersistent: false);

if (!signInResult.Succeeded)
{
    var email = info.Principal.FindFirstValue(ClaimTypes.Email);
    var user = await _userManager.FindByEmailAsync(email) ?? new ApplicationUser { ... };
    await _userManager.CreateAsync(user);
    await _userManager.AddLoginAsync(user, info);
    await _signInManager.SignInAsync(user, isPersistent: false);
}

Google setup: Google Cloud Console → OAuth client ID → authorized redirect URI: https://localhost:7xxx/signin-google

Hands-on — ShopNest Social Login E-Commerce

  1. Register Google OAuth app; store ClientId/Secret in User Secrets.
  2. Add Google button on login page.
  3. Link external login to existing email/password account (account settings).
  4. Show provider avatar from claim picture URL.

Common errors & best practices

  • Redirect URI mismatch — exact match required in provider console.
  • Creating duplicate users on each Google login — always AddLoginAsync.
  • Client secret in frontend — secret stays server-side only.

Interview questions

Q: OAuth2 vs OpenID Connect?
A: OAuth2 authorizes API access; OIDC adds identity layer (id_token with user info). Google login uses OIDC.

Q: Link external to local account?
A: UserManager.AddLoginAsync associates provider key with Identity user.

Summary

  • OAuth2 external login reduces password friction
  • Identity stores external login provider + key
  • Handle duplicate email across providers gracefully
  • Secrets in User Secrets, redirect URIs exact match

Previous: JWT with Refresh Tokens
Next: Data Protection and Encryption

FAQ

Facebook app review?

Development mode limited to test users until app review for production.

Store provider access token?

Optional in AspNetUserTokens if calling provider APIs later.

Questions on this lesson 0

Sign in to ask a question or upvote helpful answers.

No questions yet — be the first to ask!

ASP.NET Core Complete Tutorial (ShopNest)
Course syllabus
Module 1: Foundations
Module 2: Entity Framework Core
Module 3: Dependency Injection & Middleware
Module 4: Authentication & Security
Module 5: Web API
Module 6: Advanced Architecture
Module 7: Testing
Module 8: Deployment & DevOps
Module 9: Real-World Projects
Module 10: Advanced Topics
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details