How to use Access Token in Down Stream API calls?

[AmitBhatnagar24]

Blazorade-MSAL has made authenticating super easy - so thank you for creating this great library.

However, I'm wondering what you would suggest in being able to use the Access Token for downstream API requests. (I am using Blazor Server w/ .net6). My API requests live in a Scoped service and and I seem to loose all session state when I navigate to another page, (and I have to use the "force" flag to even get it to navigate to the page). This leaves me with using ProtectedLocalStorage where I can get the auth information.

I have tried everything outlined ASP.NET Core Blazor authentication and authorization, and then the Blazor Server specific stuff at Secure ASP.NET Core Blazor Server apps, but these approaches didn't even work for me when I was using the project template to generate a project using Microsoft Identity, (not using Blazorade-MSAL).

Just wondering if you, or anyone else can suggest the proper technique.

I have studied https://docs.microsoft.com/en-gb/aspnet/core/blazor/state-management?view=aspnetcore-6.0&pivots=server and it seems I that since upon every page navigation that a new session is being created, I have to rely on persisting in browser local storage.

Am I missing something?

[MikaBerglund]

I thought I'd update the Blazorade MSAL library and make sure it works with .NET6 and MAUI. I could at the same time add an example of how you can acquire an access token for Microsoft Graph and use that for accessing it.

I guess that would be adequate for your purposes?

[AmitBhatnagar24]

@MikaBerglund yes, I think that would indeed help, and would be greatly appreciated.

[AmitBhatnagar24]

or more specifically.. .an update to .net6 and sample that illustrates how we can use <CascadingAuthenticationState> (if this would still make sense when authenticating with Blazorade rather than when using the MS ID scaffolding) to share the authentication token for downstream API requests.

Obviously the technique outlined Pass tokens to a Blazor Server app doesn't work... so what is the alternative when using Blazorade-msal?

One down side to storing everything in the protected local storage is that there are some chances that the user doesn't properly log out, and the authToken exists for a stale user..not yet sure how to dance around this.

[MikaBerglund]

There is now a sample application that demonstrates how you use Blazorade MSAL to acquire access tokens that you can use to access Microsoft Graph. You find the sample application here: https://github.com/Blazorade/Blazorade-MSAL/tree/main/GraphClient

I will still polish it a bit, but it now works. Here are the basic principles for the sample application.

• Register an application with Azure AD that represents your Blazor application (this sample)
• Add Blazorade MSAL to your application (in Program.cs) and configure it to use the application you registered
• Use Blazorade MSAL to acquire tokens (through the HttpClientFactory service) to get an HTTP client that is authorized with the permissions you need for a particular task in your app (like User.Read, Mail.Send etc.)
• Use the HttpClient instance returned by the factory to call into Microsoft Graph, like https://graph.microsoft.com/v1.0/me

As I mentioned, I will polish this sample a bit, and also write a blob article about the sample on my blog, but I hope this gets you going in the right direction at least.

If you feel this has answered your question, please let me know and I'll close the issue.

[MikaBerglund]

The Graph Client sample is now updated to use the new BlazoradeRequestFactory that I've added in #20.

I'll close the issue for now, but feel free to open it should you have any further questions in the subject.