Blazor-Auth0-ServerSide 0.4.0-beta.1

This is a prerelease version of Blazor-Auth0-ServerSide.
There is a newer prerelease version of this package available.
See the version list below for details.
dotnet add package Blazor-Auth0-ServerSide --version 0.4.0-beta.1                
NuGet\Install-Package Blazor-Auth0-ServerSide -Version 0.4.0-beta.1                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Blazor-Auth0-ServerSide" Version="0.4.0-beta.1" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Blazor-Auth0-ServerSide --version 0.4.0-beta.1                
#r "nuget: Blazor-Auth0-ServerSide, 0.4.0-beta.1"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Blazor-Auth0-ServerSide as a Cake Addin
#addin nuget:?package=Blazor-Auth0-ServerSide&version=0.4.0-beta.1&prerelease

// Install Blazor-Auth0-ServerSide as a Cake Tool
#tool nuget:?package=Blazor-Auth0-ServerSide&version=0.4.0-beta.1&prerelease                

Blazor Auth0 Library

This is a library for Blazor authentication with OIDC Authorization Code-Grant and Implicit-Grant flows, using Auth0's Universal Login and Silent Login for Blazor over .NET Core v3.0.0-preview6 client & server side solutions, the idea behind this is to have an easy way of using Auth0's services in Blazor without the need of the auth0.js library.

Start using it in 3 simple steps!

  1. Start by adding a reference to Blazor-Auth0-ClientSide.0.7.0-beta.1 for client side and Blazor-Auth0-ServerSide.0.4.0-beta.1 for server side to your Blazor project

Client Side

Install-Package Blazor-Auth0-ClientSide -Version 0.7.0-beta.1

Server Side

Install-Package Blazor-Auth0-ServerSide -Version 0.4.0-beta.1

  1. In Startup.cs, register the service inside ConfigureServices method
        public void ConfigureServices(IServiceCollection services)
        {
            // Uncomment for Server Side implementations
            // services.AddScoped<HttpClient>();

            services.AddScoped((sp) =>
            {
                return new Blazor.Auth0.Shared.Models.ClientSettings()
                {
                    Auth0Domain = "[Auth0_Domain]",
                    Auth0ClientId = "[Auth0_Client_Id]"
                };
            });

            services.AddScoped<Blazor.Auth0.[ClientSide|ServerSide].Authentication.AuthenticationService>();
        }

Other options include:

  • AuthenticationGrant: Allows you to choose between authorization_code (recommended) and implicit_grant authentication flows.

  • RedirectAlwaysToHome: When set to true, forces the redirect_uri param to be the home path, this value overrides Auth0RedirectUri

  • LoginRequired: When set to true, forces a redirection to the login page in case the user is not authenticated.

  • GetUserInfoFromIdToken: When set to true, the serivce will use the id_token payload to build the user info, this is good in case all the user info you require is present in the id_token payload and you want avoid doing an extra call to Auth0, in case that tere's no id_token present in the authentication response the service will fall back gracefully to try to get the user info from an API call to auth0, default value is false

  1. Replace the content of App.razor with the following code
@using Blazor.Auth0.Shared.Models.Enumerations
@using Blazor.Auth0.[ClientSide|ServerSide].Components
@using Blazor.Auth0.[ClientSide|ServerSide].Authentication

@inject AuthenticationService _authService

<AuthComponent ProtectedPaths="protectedPaths">

	@*Will render while determining user's session state*@
	<AuthorizingContent>
		Determining session state, please wait...
	</AuthorizingContent>

	@*Will render after determining session state*@
	<AuthorizedContent>

		<Router AppAssembly="typeof(Startup).Assembly">

			<NotFoundContent>
				<p>Sorry, there's nothing at this address.</p>
			</NotFoundContent>

		</Router>

	</AuthorizedContent>

	<NotAuthorizedContent>
		ERROR 401: Unauthorized
	</NotAuthorizedContent>

</AuthComponent>

@code {

    List<string> protectedPaths = new List<string> {
        "fetchdata"
    };

}

Other options include:

  • ProtectedPaths: Allows you to indicate a list of paths that requires an authenticated user, only affects if LoginRequired is set to false.
  • LoginRequiredOnProtectedPaths: Alters the ProtectedPaths behavior. When set to true redirect the user to the login page automatically, otherwise, the content from the UnAuthorizedContent fragment will be rendered.

Using it with the built-in Blazor Authentication and Authorization

Since v0.7.0-beta.1 for client side version and v0.4.0-beta.1 for server side version, you can make use of the new built-in Blazor Authentication and Authorization capabilities.

In Startup.cs, register a new AuthenticationStateProvider service inside ConfigureServices method


services.AddScoped<AuthenticationStateProvider, Blazor.Auth0.[ClientSide|ServerSide].Authentication.AuthenticationStateProvider>();		
	

Server Side Only!

In the Configure method of the same file, instructs the app to use Authentication and Authorization


app.UseAuthentication();
app.UseAuthorization();
	

IMPORTANT!

If you're planning to use built-in Blazor Authorization capabilities like Claims-based and Policy-based authorization, then you will need to indicate an Auth0 audience/api with the "Enable RBAC" and "Add Permissions in the Access Token" settings set to true, here you have some reading about Auth0's RBAC.

The actual mechanism of authenticating the user, i.e., determining their identity using cookies or other information, is the same in Blazor as in any other ASP.NET Core application. So to control and customize any aspect of it, see documentation about authentication in ASP.NET Core.

SteveSandersonMS

Following are a great sources about how to implement the Authentication and Authorization:

ASP.NET Core and Blazor updates in .NET Core 3.0 Preview SteveSandersonMS/blazor-auth.md Policy-based authorization in ASP.NET Core Claims-based authorization in ASP.NET Core

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp3.0 is compatible.  netcoreapp3.1 was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories (1)

Showing the top 1 popular GitHub repositories that depend on Blazor-Auth0-ServerSide:

Repository Stars
henalbrod/Blazor.Auth0
The library for using Auth0 in Blazor applications.
Version Downloads Last updated
2.0.0-Preview5 1,590 3/4/2020
2.0.0-Preview4 750 11/17/2019
2.0.0-Preview3 286 11/4/2019
2.0.0-Preview2 269 11/4/2019
2.0.0-Preview1 271 10/26/2019
1.0.0-Preview3 910 9/23/2019
1.0.0-Preview2 348 9/19/2019
1.0.0-Preview1 310 8/24/2019
0.4.2-beta.2 353 7/25/2019
0.4.0-beta.1 362 6/15/2019
0.3.0-beta-1 365 6/14/2019
0.2.1-alpha-2 353 6/12/2019
0.2.0-alpha-1 396 6/5/2019
0.1.0-alpha-2 389 5/8/2019
0.1.0-alpha-1 448 4/20/2019

Added support for built-in Blazor Authentication and Authorization

Break Fix:

AuthComponent RenderFragments renamed to better fit built-in Blazor Authentication and Authorization