Microsoft.AspnetCore.Authentication.Google -> Google.Apis.Auth.AspNetCore3

Author: maartenba

src/content/docs/identityserver/quickstarts/2-interactive.md

@@ -45,7 +45,7 @@ To enable OIDC in IdentityServer you need:
 ### Add The UI
 
 Support for the OpenID Connect protocol is already built into IdentityServer.
-You need to provide the User Interface for login, logout, consent and error.
+You need to provide the User Interface for login, logout, consent, and error.
 
 While the look & feel and workflows will differ in each implementation, we
 provide a Razor Pages-based UI that you can use as a starting point. You can use
@@ -542,82 +542,90 @@ Adding support for external authentication to your IdentityServer can be done
 with very little code; all that is needed is an authentication handler.
 
 ASP.NET Core ships with handlers for Google, Facebook, Twitter, Microsoft
-Account and OpenID Connect. In addition, you can find handlers for many
+Account, and OpenID Connect. In addition, you can find handlers for many
 other authentication providers
 [here](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers).
 
 #### Add Google support
 
+:::note[`Microsoft.AspnetCore.Authentication.Google` no longer maintained]
+Before .NET 10, a package `Microsoft.AspnetCore.Authentication.Google` was provided by Microsoft. Starting with .NET 10,
+Microsoft [stopped shipping new versions of the `Microsoft.AspnetCore.Authentication.Google` package](https://github.com/dotnet/aspnetcore/issues/61817).
+
+Starting with .NET 5, Google started shipping the [`Google.Apis.Auth.AspNetCore3`](https://www.nuget.org/packages/Google.Apis.Auth.AspNetCore3/)
+package. We recommend using this package going forward.
+:::
+
 To use Google for authentication, you need to:
 
-- Add the `Microsoft.AspNetCore.Authentication.Google` NuGet package to
-  the IdentityServer project.
-- Register with Google and set up a client.
-- Store the client id and secret securely with *dotnet user-secrets*.
-- Add the Google authentication handler to the middleware pipeline and configure
-  it.
+- Add the `Google.Apis.Auth.AspNetCore3` NuGet package to the IdentityServer project.
+- Register with Google and [set up a client](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-9.0#create-the-google-oauth-20-client-id-and-secret).
+- Store the client id and secret securely with `dotnet user-secrets`.
+- Add the Google authentication handler to the middleware pipeline and configure it.
 
-See  [Microsoft's
-guide](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-8.0#create-a-google-api-console-project-and-client-id)
+See [Microsoft's guide](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-9.0#create-the-google-oauth-20-client-id-and-secret)
 for details on how to register with Google, create the client, and store the
-secrets in user-secrets. **Stop before adding the authentication middleware and
+secrets in user secrets. **Stop before adding the authentication middleware and
 Google authentication handler to the pipeline.** You will need an
 IdentityServer specific option.
 
-Add the following to `ConfigureServices` in
-`src/IdentityServer/HostingExtensions.cs`:
+Add the following to `ConfigureServices` in `src/IdentityServer/HostingExtensions.cs`:
 
 ```cs
 // Program.cs
 builder.Services.AddAuthentication()
-    .AddGoogle("Google", options =>
-    {
-        options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
-
-        options.ClientId = builder.Configuration["Authentication:Google:ClientId"];
-        options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
-    });
+    .AddGoogleOpenIdConnect(
+        authenticationScheme: GoogleOpenIdConnectDefaults.AuthenticationScheme,
+        displayName: "Google",
+        configureOptions: options =>
+        {
+            options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
+  
+            options.ClientId = builder.Configuration["Authentication:Google:ClientId"];
+            options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
+          
+            options.CallbackPath = "/signin-google";
+        });
 ```
 
-When authenticating with Google, there are again two [authentication
-schemes](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-8.0#authentication-scheme).
-`AddGoogle` adds the Google scheme, which handles the protocol flow back and
-forth with Google. After successful login, the application needs to sign in to
-an additional scheme that can authenticate future requests without needing a
-roundtrip to Google - typically by issuing a local cookie. The `SignInScheme`
-tells the Google handler to use the scheme named
-`IdentityServerConstants.ExternalCookieAuthenticationScheme`, which is a cookie
-authentication handler automatically created by IdentityServer that is intended
-for external logins.
+:::note
+Note that the `authenticationScheme` and `displayName` parameters are optional. They are added here to make the login
+button display a short and concise "Google" instad of the default "Google OpenIdConnect".
+:::
+
+When authenticating with Google, there are again two [authentication schemes](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/#authentication-scheme).
+`AddGoogleOpenIdConnect` adds the `GoogleOpenIdConnect` scheme, which handles the protocol flow back and forth with Google.
+After successful login, the application needs to sign in to an additional scheme that can authenticate future requests without
+needing a roundtrip to Google - typically by issuing a local cookie. The `SignInScheme` tells the Google handler to use
+the scheme named `IdentityServerConstants.ExternalCookieAuthenticationScheme`, which is a cookie authentication handler
+automatically created by IdentityServer that is intended for external logins.
 
-Now run `IdentityServer` and `WebClient` and try to authenticate (you may need
-to log out and log back in). You will see a Google button on the login page.
+Now run `IdentityServer` and `WebClient` and try to authenticate (you may need to log out and log back in)
+You will see a *Google* button on the login page.
 
 ![IdentityServer login page showing Google as an external login option](./images/2_google_login.png)
 
-Click on Google and authenticate with a Google account. You should land back on
+Click on *Google* and authenticate with a Google account. You should land back on
 the `WebClient` home page, showing that the user is now coming from Google with
 claims sourced from Google's data.
 
 :::note
-The Google button is rendered by the login page automatically when there are
-external providers registered as authentication schemes. See the
-`BuildModelAsync` method in `src/IdentityServer/Pages/Account/Login/Index.cshtml.cs` and
+The Google button is rendered by the login page automatically when there are external providers registered as
+authentication schemes. See the `BuildModelAsync` method in `src/IdentityServer/Pages/Account/Login/Index.cshtml.cs` and
 the corresponding Razor template for more details.
 :::
 
-#### Adding an additional OpenID Connect-based external provider
+#### Adding An Additional OpenID Connect-Based External Provider
 
 A [cloud-hosted demo](https://demo.duendesoftware.com) version of Duende
 IdentityServer can be added as an additional external provider.
 
-Register and configure the services for the OpenId Connect handler in
-`src/IdentityServer/HostingExtensions.cs`:
+Register and configure the services for the OpenId Connect handler in`src/IdentityServer/HostingExtensions.cs`:
 
 ```cs
 // HostingExtensions.cs
 builder.Services.AddAuthentication()
-    .AddGoogle("Google", options => { /* ... */ })
+    .AddGoogleOpenIdConnect(/* ... */)
     .AddOpenIdConnect("oidc", "Demo IdentityServer", options =>
     {
         options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

src/content/docs/identityserver/ui/login/external.md

@@ -329,18 +329,20 @@ authentication and configuring it.
 
 In this section, find a non-exhaustive list of first-party and third-party ASP.NET authentication handlers that you can use in any ASP.NET Core application.
 
-| Authentication handler / Service                                                                                                                                                                                            | Type         |
-|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|
-| [Cookie authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie)                                                                                                                       | Part of .NET |
-| [OpenID Connect](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication)                                                                                                   | Part of .NET |
-| [JWT Bearer authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-jwt-bearer-authentication)                                                                                      | Part of .NET |
-| [Certificate authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth)                                                                                                                | Part of .NET |
-| [Windows authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth)                                                                                                                 | Part of .NET |
-| [WS-Federation](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation)                                                                                                                        | Part of .NET |
-| [Facebook / Meta](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/facebook-logins)                                                                                                             | Part of .NET |
-| [Microsoft Account](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins)                                                                                                          | Part of .NET |
-| [Twitter / X](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/twitter-logins)                                                                                                                  | Part of .NET |
-| [Sustainsys Saml2](https://sustainsys.com/sustainsyssaml2-libraries)                                                                                                                                                        | Open-source |
-| Many social providers in [AspNet.Security.OAuth.Providers](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers)<br /><em><small>Airtable, Apple ID, GitHub, Hubspot, Instagram, Okta, Slack, ...</small></em> | Open-source |
-| [Rock Solid Knowledge SAML2P](https://www.identityserver.com/products/saml2p)                                                                                                                                               | Commercial |
-| [Rock Solid Knowledge WS-Federation](https://www.identityserver.com/products/ws-federation)                                                                                                                                 | Commercial |
+| Authentication handler / Service                                                                                                                                                                                            | Vendor               |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------|
+| [Cookie authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie)                                                                                                                       | Part of .NET         |
+| [OpenID Connect](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication)                                                                                                   | Part of .NET         |
+| [JWT Bearer authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-jwt-bearer-authentication)                                                                                      | Part of .NET         |
+| [Certificate authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth)                                                                                                                | Part of .NET         |
+| [Windows authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth)                                                                                                                 | Part of .NET         |
+| [WS-Federation](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation)                                                                                                                        | Part of .NET         |
+| [Facebook / Meta](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/facebook-logins)                                                                                                             | Part of .NET         |
+| [Microsoft Account](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins)                                                                                                          | Part of .NET         |
+| [Twitter / X](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/twitter-logins)                                                                                                                  | Part of .NET         |
+| [Entra ID / Microsoft Account / ...](https://www.nuget.org/packages/Microsoft.Identity.Web)                                                                                                                                 | Microsoft            |
+| [Google](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins)                                                                                                                        | Google               |
+| [Sustainsys Saml2](https://sustainsys.com/sustainsyssaml2-libraries)                                                                                                                                                        | Open-source          |
+| Many social providers in [AspNet.Security.OAuth.Providers](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers)<br /><em><small>Airtable, Apple ID, GitHub, Hubspot, Instagram, Okta, Slack, ...</small></em> | Open-source          |
+| [Rock Solid Knowledge SAML2P](https://www.identityserver.com/products/saml2p)                                                                                                                                               | Rock Solid Knowledge |
+| [Rock Solid Knowledge WS-Federation](https://www.identityserver.com/products/ws-federation)                                                                                                                                 | Rock Solid Knowledge |