OIDC auth

[gilm0079]

Hi, the hybrid blazor is a great idea. I've tried to adapt the code to our solution, but as with most projects we start running into issues as the app gets built out into a larger enterprise app. I'm struggling with a few things and I'm not sure if you've tried expanding this hybrid blazor app out further and ran into the same issues.

We are trying to setup the app for OIDC authentication against and external IdentityServer4 deployment. Most code snippets I've seen they use the Microsoft.AspNetCore.Components.WebAssembly.Authentication library's AddOidcAuthentication IServiceCollection extension on the client app to tie the OIDC middleware to the AuthenticationStateProvider and an AddAuthentication().AddCookie().AddOpenIdConnect() chain on the server startup. These seem to work independently ok, but I don't know if it works as well as your solution to share the client/server authentication. I've also run into issues when running WASM runtime (hybrid or webassembly as the mode). The WASM app will continuously generate OIDC checksession iframe's non-stop. Which might be these server/client middlewares both spinning up in the same deployment. The recommended way I'm seeing to do Blazor WASM authentication is OIDC w/ code+pkce flow (no secret, since wasm blazor can't be secure).

I can try to provide code or modify your solution if you have ideas on how to integrate OIDC. It would be nice to have a clean seamless app that shares blazor server/blazor wasm authentication and still allow for runtime switching between the two.

[jdtcn]

Hi Adam!

It will be great if you send the code of your test solution, I'll see how the OIDC integration can be done.

[buvinghausen]

@gilm0079 the challenge of running OIDC in hybrid mode rests on the fact that for WASM mode you should use the back-end-for frontend approach and for Server mode you don't need all the BFF ceremony and can just use basic access token management.

Server Access Token sample

WASM BFF sample

You can see Dom's comments here