OK i think its time we get together and create a sample for this. Mainly becouse there are a lot of questions on SO asking for help and we cant help them if we cant get it to work.

I will be working on it after work. So bare with me if response is slow.

Current Issues.

Login does appear to log me in and will save the user. However. When i try to navigate to the controller with the authorize in it. I get stuck in a login loop where it brings me back to the select user screen where i accept and im back there again.

The only thing i can see in the console is the following. Which makes no sence to me what so ever since i am not attempting to connect to YouTube in any way

configure services

 public void ConfigureServices(IServiceCollection services)
        {
            services.AddDbContext<ApplicationDbContext>(options =>
                options.UseSqlite(
                    Configuration.GetConnectionString("DefaultConnection")));
            services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
                .AddEntityFrameworkStores<ApplicationDbContext>();
            services.AddControllersWithViews();
            services.AddRazorPages();

            services
                .AddAuthentication(options =>
                {
                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
                })
                .AddCookie()
                .AddGoogle(options =>
                {
                    IConfigurationSection googleAuthSection = Configuration.GetSection("Authentication:Google");
                    options.ClientId = googleAuthSection["ClientId"];
                    options.ClientSecret = googleAuthSection["ClientSecret"];
                    options.Scope.Add(Google.Apis.Calendar.v3.CalendarService.Scope.Calendar);
                });
        }

A dummy controller with authorize

  public class CalController : Controller
    {
        private readonly ILogger<CalController> _logger;

        public CalController(ILogger<CalController> logger)
        {
            _logger = logger;
        }

        [Authorize]
        public IActionResult Index()
        {
            return View();
        }

       

        [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
        public IActionResult Error()
        {
            return View(new ErrorViewModel {RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier});
        }
    }

I guess one of the first questions we should addreess is should we be using AddGoogle or should we be using AddGoogleOpenIdConnect? Considering that this should give Oauth2 access to a given api and not just openId connect login.

Using AddGoogleOpenIdConnect results in

InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).

Using GoogleScopedAuthorize

[GoogleScopedAuthorize(CalendarService.ScopeConstants.Calendar)]
       public async Task<IActionResult> Index([FromServices] IGoogleAuthProvider auth)
       {
           var cred = await auth.GetCredentialAsync();
           var service = new CalendarService(new BaseClientService.Initializer
           {
               HttpClientInitializer = cred
           });
           var calendar = await service.Calendars.Get("primary").ExecuteAsync();
           
           return View();
       }

results in the following error

No webpage was found for the web address: https://localhost:5001/Account/AccessDenied?ReturnUrl=%2FCal

Considering the fact that i just consented to access its strange getting an access denied error