OIDC Solution Doesn't Work With Opaque Access Tokens

[grochoge]

Description

As far as I can tell, the .NET OIDC implementation for a separate Web project and backend API relies on the access token being a JWT. This is not something required by OIDC and thus this solution does not work with our SSO provider.

Page URL

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/blazor-web-app-with-oidc?view=aspnetcore-10.0&pivots=non-bff-pattern#sample-solution

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/blazor-web-app-with-oidc.md

Document ID

c3346d3a-346b-8db4-2650-ec044b3f0dd9

Platform Id

1dd51a4e-f734-569f-f6e9-19a27bcd9f4d

Article author

@guardrex

Metadata

• ID: c3346d3a-346b-8db4-2650-ec044b3f0dd9
• PlatformId: 1dd51a4e-f734-569f-f6e9-19a27bcd9f4d
• Service: aspnet-core
• Sub-service: blazor

Related Issues

[github-actions]

🥳 Happy Holidays! 🍽️

Stand-by! A green dinosaur 🦖 will be along shortly to assist.

[guardrex]

Hello @grochoge ... Yes, I believe it is possible to setup and configure for non-JWT (opaque) access tokens. The question is if the product unit, namely our security guru @halter73, wants the article to flesh out the approach (the changes required) in a section added to the article. Stand-by for him to arrive and comment on this.