I’m not proud to admit that I spent hours trying to figure out this very simple problem. The goal was simple: when a user logs into my web application using Google authentication, I want to be able to grab their email address so I can store it as part of their user profile. As expected, this is very simple.

I’m assuming you’ve already enabled Google authentication by uncommenting app.UseGoogleAuthentication() in your Startup.Auth.cs.

To get the email address, just hop on over to AccountController.ExternalLoginCallback. Here, after the user has successfully authenticated with Google, you can grab the external identity. That external identity has some default claims in it, one of which (for Google Authentication at least) is the user’s email address.

    // GET: /Account/ExternalLoginCallback
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
        var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
        if (loginInfo == null)
            return RedirectToAction("Login");

        var externalIdentity = await AuthenticationManager

        var emailClaim = externalIdentity.Claims.FirstOrDefault(x => 

        var emailAddress = emailClaim != null 
            ? emailClaim.Value 
            : null;

        // Remainder of method excluded for brevity...

The email address claim is identified by the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress type. If you find that claim, it’s Value is the user’s email address.

If you find that you need other information that is not provided in the external identity by default, John Palmer has some great examples for adding claims on the IdentityUserPropertiesSample GitHub project.