Merge pull request #36975 from dotnet/main

Author: guardrex

aspnetcore/security/authentication/social/additional-claims.md

@@ -46,7 +46,7 @@ Specify the list of permissions to retrieve from the provider by specifying the
 | Microsoft | `https://login.microsoftonline.com/common/oauth2/v2.0/authorize` |
 | Twitter   | `https://api.twitter.com/oauth/authenticate`                     |
 
-In the sample app, Google's `profile`, `email`, and `openid` scopes are automatically added by the framework when <xref:Microsoft.Extensions.DependencyInjection.GoogleExtensions.AddGoogle%2A> is called on the <xref:Microsoft.AspNetCore.Authentication.AuthenticationBuilder>. If the app requires additional scopes, add them to the options. In the following example, the Google `https://www.googleapis.com/auth/user.birthday.read` scope is added to retrieve a user's birthday:
+In the sample app, Google's `profile`, `email`, and `openid` scopes are automatically added by the framework when `Microsoft.Extensions.DependencyInjection.GoogleOpenIdConnectExtensions.AddGoogleOpenIdConnect` is called on the <xref:Microsoft.AspNetCore.Authentication.AuthenticationBuilder>. If the app requires additional scopes, add them to the options. In the following example, the Google `https://www.googleapis.com/auth/user.birthday.read` scope is added to retrieve a user's birthday:
 
 ```csharp
 options.Scope.Add("https://www.googleapis.com/auth/user.birthday.read");
@@ -80,7 +80,7 @@ If a large amount of user data is required for processing user requests:
 
 <xref:Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions.SaveTokens*> defines whether access and refresh tokens should be stored in the <xref:Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties> after a successful authorization. `SaveTokens` is set to `false` by default to reduce the size of the final authentication cookie.
 
-The sample app sets the value of `SaveTokens` to `true` in <xref:Microsoft.AspNetCore.Authentication.Google.GoogleOptions>:
+The sample app sets the value of `SaveTokens` to `true` in <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>:
 
 [!code-csharp[](additional-claims/samples/6.x/ClaimsSample/Program.cs?name=snippet_AddGoogle2&highlight=9)]
 

aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/Program.cs

@@ -8,7 +8,7 @@
 var configuration = builder.Configuration;
 
 #region snippet_AddGoogle2
-builder.Services.AddAuthentication().AddGoogle(googleOptions =>
+builder.Services.AddAuthentication().AddGoogleOpenIdConnect(googleOptions =>
 {
     googleOptions.ClientId = configuration["Authentication:Google:ClientId"];
     googleOptions.ClientSecret = configuration["Authentication:Google:ClientSecret"];
@@ -18,17 +18,20 @@
 
     googleOptions.SaveTokens = true;
 
-    googleOptions.Events.OnCreatingTicket = ctx =>
+    googleOptions.Events.OnTicketReceived = ctx =>
     {
-        List<AuthenticationToken> tokens = ctx.Properties.GetTokens().ToList();
+        List<AuthenticationToken>? tokens = ctx.Properties?.GetTokens().ToList();
 
-        tokens.Add(new AuthenticationToken()
+        tokens?.Add(new AuthenticationToken()
         {
             Name = "TicketCreated",
             Value = DateTime.UtcNow.ToString()
         });
 
-        ctx.Properties.StoreTokens(tokens);
+        if (tokens is not null)
+        {
+            ctx.Properties?.StoreTokens(tokens);
+        }
 
         return Task.CompletedTask;
     };

aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/README.md

@@ -8,5 +8,5 @@ The sample app demonstrates how to:
 To use the sample app:
 
 1. Register the app and obtain a valid client ID and client secret for Google authentication. For more information, see [Google external login setup](https://learn.microsoft.com/aspnet/core/security/authentication/social/google-logins).
-1. Provide the client ID and client secret to the app in the [GoogleOptions](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.authentication.google.googleoptions) of `Startup.ConfigureServices`.
+1. Provide the client ID and client secret to the app using the Secret Manager.
 1. Run the app and request the My Claims page. When the user isn't signed in, the app redirects to Google. Sign in with Google. Google redirects the user back to the app (`/MyClaims`). The user is authenticated, and the My Claims page is loaded. The given name and surname claims are present under **User Claims** with the values provided by Google. The access token is displayed under **Authentication Properties**.

aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.csproj

@@ -8,7 +8,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="6.0.2" />
+    <PackageReference Include="Google.Apis.Auth.AspNetCore3" Version="1.73.0" />
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.2" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.2" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.2" />

aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/WebGoogOauth.slnx

@@ -0,0 +1,3 @@
+<Solution>
+  <Project Path="WebGoogOauth.csproj" />
+</Solution>

aspnetcore/security/authentication/social/google-logins.md

@@ -4,7 +4,7 @@ author: wadepickett
 description: This tutorial demonstrates the integration of Google account user authentication into an existing ASP.NET Core app.
 ms.author: wpickett
 ms.custom: mvc
-ms.date: 12/26/2025
+ms.date: 04/09/2026
 uid: security/authentication/google-logins
 ---
 # Google external login setup in ASP.NET Core
@@ -46,7 +46,7 @@ Create the client credentials for the app by opening the **Clients** sidebar men
 * Save the **Client ID** and **Client secret**, which are used later in the ASP.NET app configuration.
 
 > [!NOTE]
-> The URI segment `/signin-google` is set as the default callback of the Google authentication provider. It's possible to change the default callback URI while configuring the Google authentication middleware via the inherited <xref:Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions.CallbackPath%2A?displayProperty=nameWithType> property of the <xref:Microsoft.AspNetCore.Authentication.Google.GoogleOptions> class.
+> The URI segment `/signin-google` is set as the default callback of the Google authentication provider. It's possible to change the default callback URI while configuring the Google authentication middleware via the inherited <xref:Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions.CallbackPath%2A?displayProperty=nameWithType> property.
 
 When deploying the app, either:
 
@@ -71,14 +71,14 @@ Manage API credentials and usage in the [API Console](https://console.developers
 
 ## Configure Google authentication
 
-Add the [`Microsoft.AspNetCore.Authentication.Google`](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.Google) nuget package:
+:::moniker range=">= aspnetcore-6.0"
+
+Add the [`Google.Apis.Auth.AspNetCore3` NuGet package](https://www.nuget.org/packages/Google.Apis.Auth.AspNetCore3) to the app:
 
 ```dotnetcli
-dotnet add package Microsoft.AspNetCore.Authentication.Google
+dotnet add package Google.Apis.Auth.AspNetCore3
 ```
 
-:::moniker range=">= aspnetcore-6.0"
-
 Add the authentication service to the `Program` file:
 
 :::code language="csharp" source="~/security/authentication/social/social-code/6.x/ProgramGoogle.cs" id="snippet1":::
@@ -87,6 +87,12 @@ Add the authentication service to the `Program` file:
 
 :::moniker range="< aspnetcore-6.0"
 
+Add the [`Microsoft.AspNetCore.Authentication.Google` NuGet package](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.Google) to the app:
+
+```dotnetcli
+dotnet add package Microsoft.AspNetCore.Authentication.Google
+```
+
 Add the authentication service to `Startup.ConfigureServices`:
 
 ```csharp

aspnetcore/security/authentication/social/social-code/6.x/ProgramGoogle.cs

@@ -3,7 +3,7 @@
 var configuration = builder.Configuration;
 
 // <snippet1>
-services.AddAuthentication().AddGoogle(googleOptions =>
+services.AddAuthentication().AddGoogleOpenIdConnect(googleOptions =>
 {
     googleOptions.ClientId = configuration["Authentication:Google:ClientId"];
     googleOptions.ClientSecret = configuration["Authentication:Google:ClientSecret"];

aspnetcore/security/authentication/social/social-without-identity.md

@@ -4,7 +4,7 @@ author: serpent5
 description: Use Facebook, Google, Twitter, etc. account user authentication without ASP.NET Core Identity.
 monikerRange: '>= aspnetcore-3.1'
 ms.author: tdykstra
-ms.date: 04/05/2022
+ms.date: 04/09/2026
 uid: security/authentication/social/social-without-identity
 ---
 # Use social sign-in provider authentication without ASP.NET Core Identity
@@ -38,7 +38,7 @@ The call to <xref:Microsoft.Extensions.DependencyInjection.AuthenticationService
 * <xref:Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignInAsync%2A>
 * <xref:Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync%2A>
 
-Setting the app's `DefaultScheme` to <xref:Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme?displayProperty=nameWithType> ("Cookies") configures the app to use Cookies as the default scheme for these extension methods. Setting the app's <xref:Microsoft.AspNetCore.Authentication.AuthenticationOptions.DefaultChallengeScheme> to <xref:Microsoft.AspNetCore.Authentication.Google.GoogleDefaults.AuthenticationScheme?displayProperty=nameWithType> ("Google") configures the app to use Google as the default scheme for calls to `ChallengeAsync`. `DefaultChallengeScheme` overrides `DefaultScheme`. See <xref:Microsoft.AspNetCore.Authentication.AuthenticationOptions> for more properties that override `DefaultScheme` when set.
+Setting the app's `DefaultScheme` to <xref:Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme?displayProperty=nameWithType> ("Cookies") configures the app to use Cookies as the default scheme for these extension methods. Setting the app's <xref:Microsoft.AspNetCore.Authentication.AuthenticationOptions.DefaultChallengeScheme> to `Google.Apis.Auth.AspNetCore3.GoogleOpenIdConnectDefaults.AuthenticationScheme` ("`GoogleOpenIdConnect`") configures the app to use Google as the default scheme for calls to `ChallengeAsync`. `DefaultChallengeScheme` overrides `DefaultScheme`. See <xref:Microsoft.AspNetCore.Authentication.AuthenticationOptions> for more properties that override `DefaultScheme` when set.
 
 In `Program.cs`, call <xref:Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions.UseAuthentication%2A> and <xref:Microsoft.AspNetCore.Builder.AuthorizationAppBuilderExtensions.UseAuthorization%2A>. This middleware combination sets the <xref:Microsoft.AspNetCore.Http.HttpContext.User%2A?displayProperty=nameWithType> property and runs the Authorization Middleware for requests:
 

aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Program.cs

@@ -1,17 +1,17 @@
 // <snippet_AddAuthentication>
 using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Authentication.Google;
+using Google.Apis.Auth.AspNetCore3;
 
 var builder = WebApplication.CreateBuilder(args);
 
 builder.Services
     .AddAuthentication(options =>
     {
         options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-        options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
+        options.DefaultChallengeScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
     })
     .AddCookie()
-    .AddGoogle(options =>
+    .AddGoogleOpenIdConnect(options =>
     {
         options.ClientId = builder.Configuration["Authentication:Google:ClientId"];
         options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];

aspnetcore/security/authentication/social/social-without-identity/samples/6.x/SocialWithoutIdentitySample/Snippets/Pages/Privacy.cshtml.cs

@@ -1,5 +1,5 @@
 using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Google;
+using Google.Apis.Auth.AspNetCore3;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc.RazorPages;
 
@@ -12,7 +12,7 @@ public class PrivacyModel : PageModel
     public async Task OnGetAsync()
     {
         var accessToken = await HttpContext.GetTokenAsync(
-            GoogleDefaults.AuthenticationScheme, "access_token");
+            GoogleOpenIdConnectDefaults.AuthenticationScheme, "access_token");
 
         // ...
     }