Skip to content

Add section on app settings configuration to BWA+OIDC article #35322

New issue
New issue
Closed
#35378
Closed
Add section on app settings configuration to BWA+OIDC article#35322
#35378
Assignees
guardrex
Labels
BlazorPri2aspnet-core/svcblazor/subsvcdoc-enhancement
@guardrex

Description

@guardrex
guardrex
opened on Apr 29, 2025

Description

Per offline discussion, we're just going to add a section to the article, not actually adopt app settings config in the sample apps.

NOTE: Add a section on TokenValidationParameters.IssuerValidator.

The following app settings config is ✨ automagically ✨ picked up. No need to adjust anything in the Program file.

BlazorWebAppOidc/BlazorWebAppOidcServer/BlazorWebAppOidcBff:

"Authentication": {
  "Schemes": {
    "MicrosoftOidc": {
      "Authority": "https://login.microsoftonline.com/{TENANT ID (BLAZOR APP)}/v2.0/",
      "ClientId": "{CLIENT ID (BLAZOR APP)}",
      "CallbackPath": "/signin-oidc",
      "SignedOutCallbackPath": "/signout-callback-oidc",
      "RemoteSignOutPath": "/signout-oidc",
      "SignedOutRedirectUri": "/",
      "Scope": [
        "openid",
        "profile",
        "offline_access",
        "{APP ID URI (WEB API)}/Weather.Get"
      ]
    }
  }
},

Remove the following lines from the Program file ...

- oidcOptions.Scope.Add(OpenIdConnectScope.OpenIdProfile);
- oidcOptions.Scope.Add("{APP ID URI}/Weather.Get");
- oidcOptions.CallbackPath = new PathString("/signin-oidc");
- oidcOptions.SignedOutCallbackPath = new PathString("/signout-callback-oidc");
- oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc");
- oidcOptions.Authority = "https://login.microsoftonline.com/{TENANT ID}/v2.0/";
- oidcOptions.ClientId = "{CLIENT ID}";

In the ConfigureCookieOidc method of CookieOidcServiceCollectionExtensions.cs, remove ...

- oidcOptions.Scope.Add(OpenIdConnectScope.OfflineAccess);

MinimalApiJwt project:

"Authentication": {
  "Schemes": {
    "Bearer": {
      "Authority": "https://sts.windows.net/{TENANT ID (WEB API)}/",
      "ValidAudiences": [ "{APP ID URI (WEB API)}" ]
    }
  }
},

Remove the following lines from the Program file ...

- jwtOptions.Authority = "{AUTHORITY}";
- jwtOptions.Audience = "{AUDIENCE}";

Page URL

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/blazor-web-app-with-oidc?view=aspnetcore-9.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/blazor-web-app-with-oidc.md

Document ID

c3346d3a-346b-8db4-2650-ec044b3f0dd9

Platform Id

1dd51a4e-f734-569f-f6e9-19a27bcd9f4d

Article author

@guardrex

Metadata

  • ID: c3346d3a-346b-8db4-2650-ec044b3f0dd9
  • PlatformId: 1dd51a4e-f734-569f-f6e9-19a27bcd9f4d
  • Service: aspnet-core
  • Sub-service: blazor

Related Issues

Metadata

Metadata

Assignees

Labels

BlazorPri2aspnet-core/svcblazor/subsvcdoc-enhancement

Type

No type

Projects

Blazor.Docs

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions