Add pivot for Server-rendering sample #34611
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
halter73
reviewed
Jan 31, 2025
Comment on lines
320
to
324
| * <xref:Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions.SaveTokens%2A>: Defines whether access and refresh tokens should be stored in the <xref:Microsoft.AspNetCore.Authentication.AuthenticationProperties> after a successful authorization. This property is set to `false` to reduce the size of the final authentication cookie. | ||
|
|
||
| ```csharp | ||
| oidcOptions.SaveTokens = false; | ||
| ``` |
Member
There was a problem hiding this comment.
We can only set SaveTokens to false if we aren't using the CookieOidcRefresher because we need the refresh token. It's set to true here in the server project, and the comment here explains more in depth why it's needed.
Suggested change
| * <xref:Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions.SaveTokens%2A>: Defines whether access and refresh tokens should be stored in the <xref:Microsoft.AspNetCore.Authentication.AuthenticationProperties> after a successful authorization. This property is set to `false` to reduce the size of the final authentication cookie. | |
| ```csharp | |
| oidcOptions.SaveTokens = false; | |
| ``` | |
| * <xref:Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions.SaveTokens%2A>: Defines whether access and refresh tokens should be stored in the <xref:Microsoft.AspNetCore.Authentication.AuthenticationProperties> after a successful authorization. This property is set to `true` so the refresh token gets stored for non-interactive token refresh. | |
| ```csharp | |
| oidcOptions.SaveTokens = true; |
Collaborator
Author
There was a problem hiding this comment.
I guess you want it changed on the other spot (without BFF Auto) because the CookieOidcRefresher is in use in that spot as well. I changed it to true with your text.
halter73
reviewed
Jan 31, 2025
halter73
approved these changes
Jan 31, 2025
Member
halter73
left a comment
halter73
left a comment
There was a problem hiding this comment.
Looks good other than the SaveTokens bit.
Co-authored-by: Stephen Halter <[email protected]>
Co-authored-by: Stephen Halter <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #34605
cc: @ngboardway ... It's a fairly simple chop-job 🔪 on the "without BFF pattern Auto" pivot. I just cut out the bits about the client project and client-server behaviors here and make a few language changes from "Auto" to "Server" rendering and two projects to one project. Everything else remains the same. I think Stephen will review this today before he takes off OOF. If so, I'll merge it and merge it LIVE ⚡ immediately for quick appearance in the article today.
The sample apps that I put up last night to go with this are at ...
WRT a BFF pivot server sample and "Server" section, we'll consider it if devs ask. Right now, I think we should go with this and see what kind of feedback we get.
Internal previews