I reached out to AWS Support and they told to enable "Google Analytics ADMIN API" in addition to "Google Analytics API". This resolved the issue.
They did mention they are working to update the documentation to mention that both api's need to be enabled.
We found the solution to the problem described above.
Basically, the container within Kubernetes needs that, in addition to the health check end-points, the base url of the application is also up, that is, I could not be trying to add the [Authorize] annotation directly to my HomeController as it was the first to be displayed by the application.
I was defining the "default" End-point of my application as follows:
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}");
});
However, HomeController was completely covered by [Authorize] and the application was being considered unhealth in the kubernetes backend.
Therefore, what solved the key problem was creating a Login screen (without applying [Authorize]) to call Google's login and changing the default endpoint for it:
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Login}/{action=Index}/");
});
So the backend became heath and the application went up, first calling the Login screen and then clicking on "Login with Google" we called Google's OAuth 2.0, here's another problem...
the application was redirecting to OAuth using HTTP, but we needed to correct this so that it redirected to HTTPS. We tried all the suggested solutions, but what worked in our case was:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
// Only loopback proxies are allowed by default. Clear that restriction because forwarders are
// being enabled by explicit configuration.
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
....
}
The Microsoft documentation we used as a basis was: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0
However this doc. it became confusing for us, we tried all the suggestions and nothing was working in our case... until the Clear settings for KnownNetworks and KnownProxies made our application finally use our redirect for HTPPS.
Best Answer
You state because the redirect_uri is still using http://. What is using that URI? Do you have paths hardcoded in your application?
Or do you mean that the callback from Google is going to your HTTP endpoint? Your code informs Google of the callback URI. Google verifies that the URI is on the approved callback list. Double-check your application code for hardcoded URIs.
Another possibility is that you are behind a proxy (load balancer) and your app thinks the scheme is HTTP when it is really HTTPS. That will require updating your app to support the HTTP header X-Forwarded-Proto.