Blazor Web (InteractiveAuto) with BFF + YARP and token exchange api call sample by m3nax · Pull Request #384 · openiddict/openiddict-samples

m3nax · 2026-02-10T09:16:27Z

Esempio blazor che fa uso di BFF with YARP e token exchange.

Pages:

Home page with a brief explanation of the purpose of the example
Unauthenticated page counter
Authenticated weather page that uses token exchange
AdminOnly page that shows how to propagate user roles to the webassembly client when InteractiveMode is enabled

Related to #367

kevinchalet

Thanks for this great PR! 👏🏻

samples/Geonosis/Geonosis.Api/Geonosis.Api.csproj

samples/Geonosis/Geonosis.Api/Program.cs

samples/Geonosis/Geonosis.AppHost/Geonosis.AppHost.csproj

samples/Geonosis/Geonosis.Auth/Services/DatabaseCreatorSeederWorker.cs

samples/Geonosis/Geonosis.Ui/Geonosis.Ui/AuthenticationEndpointsExtensions.cs

kevinchalet · 2026-02-10T15:30:52Z

samples/Geonosis/Geonosis.Ui/Geonosis.Ui/Program.cs

+        transformContext.ProxyRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", exchangeResult.IssuedToken);
+
+        // Remove application cookies
+        transformContext.HttpContext.Request.Headers.Remove("Cookie");


I guess you're doing that to prevent the Cookie header from being propagated to the downstream API? If so, I'm not sure it really works as you expect (and mutating the original HttpRequest isn't ideal anyway).

Consider using transformBuilder.RequestTransforms.Add(new RequestHeaderRemoveTransform("Cookie")) instead 😃

I retested my code without removing cookies, and now everything works. My first attempt solved some issues with the API call, but now it seems to be no longer necessary.

Removing the cookies isn't a bad idea at all (no point sending cookies that won't be used by the API).

Let's add transformBuilder.RequestTransforms.Add(new RequestHeaderRemoveTransform("Cookie")), it's the simplest option.

OpenIddict.Samples.slnx

README.md

samples/Geonosis/Geonosis.Ui/Geonosis.Ui/Program.cs

…r .csproj files

Co-authored-by: Kévin Chalet <kevinchalet@gmail.com>

samples/Geonosis/Geonosis.Auth/Services/DatabaseCreatorSeederWorker.cs

…orker.cs Co-authored-by: Kévin Chalet <kevinchalet@gmail.com>

Directory.Packages.props

kevinchalet · 2026-02-28T12:50:16Z

Merged, thanks for your PR, @m3nax! 🎉

m3nax added 22 commits February 6, 2026 09:27

Addes Ui, Auth, Aspire projects

1266bac

Fixed aspire project naming and folder structure

dfd7865

Added api project, configured project startup ordering

25d84eb

Updated aspire to the latest version

c049384

Added db creation

7b4bb47

Implemented Auth project

eb518a8

Added example user seeding

d83801d

Added sample admin user seeding

0f4aa66

Added auth stack to UI.Client

ecc4660

Disable UI auto opening

3248d82

Added login/logout buttons

393481e

Configured OpenIddict client

de461a1

Added UI client seeding

12b78ea

Add Authorize attribute to Weather.razor page

dadd848

Simplyfied callback registration

99bcaab

Added simple example of user roles

e670cc6

Updated the api project

f9e9f98

Removed unsed code

48b52a0

Fixed data seeding

bcf81c9

Updated UserClaims page

2b620a2

Updated the description of page Weather.razor

e7b0c97

Updated page description

d377e31

kevinchalet reviewed Feb 10, 2026

View reviewed changes

kevinchalet added the enhancement label Feb 10, 2026

kevinchalet self-assigned this Feb 10, 2026

kevinchalet reviewed Feb 10, 2026

View reviewed changes

samples/Geonosis/Geonosis.Ui/Geonosis.Ui/Program.cs Outdated Show resolved Hide resolved

m3nax added 4 commits February 10, 2026 17:26

Updated spacing in .csproj, defined in editorconfig the style rule fo…

e5548f7

…r .csproj files

Removed the scope splitting

c045a0d

Centralized Aspire sdk version

1b51aef

Used CreateAsyncScope

92cd140

m3nax mentioned this pull request Feb 10, 2026

Added .csproj indent rules openiddict/openiddict-core#2423

Merged

m3nax and others added 8 commits February 10, 2026 21:27

Used CreateAsync overload with password parameter

bc88108

Removed manual AF check

cb09deb

Removed cookie deletion when proxying calls

5f48798

Update README.md

05b4f47

Co-authored-by: Kévin Chalet <kevinchalet@gmail.com>

Removed projects id from slnx file

0a74f17

Fixed commend in Api AddValidation

66709f3

Removed unsed AddValidation from UI project

1b6c612

Used RedirectHttpResult.IsLocalUrl

8c0f34c

m3nax requested a review from kevinchalet February 11, 2026 19:44

kevinchalet reviewed Feb 25, 2026

View reviewed changes

samples/Geonosis/Geonosis.Auth/Services/DatabaseCreatorSeederWorker.cs Outdated Show resolved Hide resolved

m3nax and others added 3 commits February 26, 2026 08:13

Update samples/Geonosis/Geonosis.Auth/Services/DatabaseCreatorSeederW…

364f63c

…orker.cs Co-authored-by: Kévin Chalet <kevinchalet@gmail.com>

Handled review comment

ef7800d

Merge branch 'dev' into blazor-web-auto-exchange-sample

290a131

kevinchalet reviewed Feb 28, 2026

View reviewed changes

Directory.Packages.props Outdated Show resolved Hide resolved

kevinchalet added 2 commits February 28, 2026 13:41

Apply suggestion from @kevinchalet

a6d8cd8

Update Directory.Packages.props

d7fdafd

kevinchalet merged commit 718a23d into openiddict:dev Feb 28, 2026
3 checks passed

Uh oh!

Conversation

m3nax commented Feb 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

kevinchalet left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kevinchalet Feb 10, 2026

Choose a reason for hiding this comment

Uh oh!

m3nax Feb 10, 2026

Choose a reason for hiding this comment

Uh oh!

kevinchalet Feb 25, 2026

Choose a reason for hiding this comment

Uh oh!

m3nax Feb 26, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kevinchalet commented Feb 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

m3nax commented Feb 10, 2026 •

edited

Loading