Blazor-Auth0-ServerSide 0.4.0-beta.1

Library for Blazor authentication with OIDC Authorization Code-Grant and Implicit-Grant flows, using Auth0's Universal Login and Silent Login

This is a prerelease version of Blazor-Auth0-ServerSide.
This package has a SemVer 2.0.0 package version.
This package will only be available to download with SemVer 2.0.0 compatible NuGet clients, such as Visual Studio 2017 (version 15.3) and above or NuGet client 4.3.0 and above. Read more
Install-Package Blazor-Auth0-ServerSide -Version 0.4.0-beta.1
dotnet add package Blazor-Auth0-ServerSide --version 0.4.0-beta.1
<PackageReference Include="Blazor-Auth0-ServerSide" Version="0.4.0-beta.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Blazor-Auth0-ServerSide --version 0.4.0-beta.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Blazor Auth0 Library

This is a library for Blazor authentication with OIDC Authorization Code-Grant and Implicit-Grant flows, using Auth0's Universal Login and Silent Login for Blazor over .NET Core v3.0.0-preview6 client & server side solutions, the idea behind this is to have an easy way of using Auth0's services in Blazor without the need of the auth0.js library.

Start using it in 3 simple steps!

  1. Start by adding a reference to Blazor-Auth0-ClientSide.0.7.0-beta.1 for client side and Blazor-Auth0-ServerSide.0.4.0-beta.1 for server side to your Blazor project

Client Side

Install-Package Blazor-Auth0-ClientSide -Version 0.7.0-beta.1

Server Side

Install-Package Blazor-Auth0-ServerSide -Version 0.4.0-beta.1

  1. In Startup.cs, register the service inside ConfigureServices method
        public void ConfigureServices(IServiceCollection services)
        {
            // Uncomment for Server Side implementations
            // services.AddScoped<HttpClient>();

            services.AddScoped((sp) =>
            {
                return new Blazor.Auth0.Shared.Models.ClientSettings()
                {
                    Auth0Domain = "[Auth0_Domain]",
                    Auth0ClientId = "[Auth0_Client_Id]"
                };
            });

            services.AddScoped<Blazor.Auth0.[ClientSide|ServerSide].Authentication.AuthenticationService>();
        }

Other options include:

  • AuthenticationGrant: Allows you to choose between authorization_code (recommended) and implicit_grant authentication flows.

  • RedirectAlwaysToHome: When set to true, forces the redirect_uri param to be the home path, this value overrides Auth0RedirectUri

  • LoginRequired: When set to true, forces a redirection to the login page in case the user is not authenticated.

  • GetUserInfoFromIdToken: When set to true, the serivce will use the id_token payload to build the user info, this is good in case all the user info you require is present in the id_token payload and you want avoid doing an extra call to Auth0, in case that tere's no id_token present in the authentication response the service will fall back gracefully to try to get the user info from an API call to auth0, default value is false

  1. Replace the content of App.razor with the following code
@using Blazor.Auth0.Shared.Models.Enumerations
@using Blazor.Auth0.[ClientSide|ServerSide].Components
@using Blazor.Auth0.[ClientSide|ServerSide].Authentication

@inject AuthenticationService _authService

<AuthComponent ProtectedPaths="protectedPaths">

	@*Will render while determining user's session state*@
	<AuthorizingContent>
		Determining session state, please wait...
	</AuthorizingContent>

	@*Will render after determining session state*@
	<AuthorizedContent>

		<Router AppAssembly="typeof(Startup).Assembly">

			<NotFoundContent>
				<p>Sorry, there's nothing at this address.</p>
			</NotFoundContent>

		</Router>

	</AuthorizedContent>

	<NotAuthorizedContent>
		ERROR 401: Unauthorized
	</NotAuthorizedContent>

</AuthComponent>

@code {

    List<string> protectedPaths = new List<string> {
        "fetchdata"
    };

}

Other options include:

  • ProtectedPaths: Allows you to indicate a list of paths that requires an authenticated user, only affects if LoginRequired is set to false.
  • LoginRequiredOnProtectedPaths: Alters the ProtectedPaths behavior. When set to true redirect the user to the login page automatically, otherwise, the content from the UnAuthorizedContent fragment will be rendered.

Using it with the built-in Blazor Authentication and Authorization

Since v0.7.0-beta.1 for client side version and v0.4.0-beta.1 for server side version, you can make use of the new built-in Blazor Authentication and Authorization capabilities.

In Startup.cs, register a new AuthenticationStateProvider service inside ConfigureServices method


services.AddScoped<AuthenticationStateProvider, Blazor.Auth0.[ClientSide|ServerSide].Authentication.AuthenticationStateProvider>();		
	

Server Side Only!

In the Configure method of the same file, instructs the app to use Authentication and Authorization


app.UseAuthentication();
app.UseAuthorization();
	

IMPORTANT!

If you're planning to use built-in Blazor Authorization capabilities like Claims-based and Policy-based authorization, then you will need to indicate an Auth0 audience/api with the "Enable RBAC" and "Add Permissions in the Access Token" settings set to true, here you have some reading about Auth0's RBAC.

The actual mechanism of authenticating the user, i.e., determining their identity using cookies or other information, is the same in Blazor as in any other ASP.NET Core application. So to control and customize any aspect of it, see documentation about authentication in ASP.NET Core.
> SteveSandersonMS

Following are a great sources about how to implement the Authentication and Authorization:

ASP.NET Core and Blazor updates in .NET Core 3.0 Preview
SteveSandersonMS/blazor-auth.md
Policy-based authorization in ASP.NET Core
Claims-based authorization in ASP.NET Core

Blazor Auth0 Library

This is a library for Blazor authentication with OIDC Authorization Code-Grant and Implicit-Grant flows, using Auth0's Universal Login and Silent Login for Blazor over .NET Core v3.0.0-preview6 client & server side solutions, the idea behind this is to have an easy way of using Auth0's services in Blazor without the need of the auth0.js library.

Start using it in 3 simple steps!

  1. Start by adding a reference to Blazor-Auth0-ClientSide.0.7.0-beta.1 for client side and Blazor-Auth0-ServerSide.0.4.0-beta.1 for server side to your Blazor project

Client Side

Install-Package Blazor-Auth0-ClientSide -Version 0.7.0-beta.1

Server Side

Install-Package Blazor-Auth0-ServerSide -Version 0.4.0-beta.1

  1. In Startup.cs, register the service inside ConfigureServices method
        public void ConfigureServices(IServiceCollection services)
        {
            // Uncomment for Server Side implementations
            // services.AddScoped<HttpClient>();

            services.AddScoped((sp) =>
            {
                return new Blazor.Auth0.Shared.Models.ClientSettings()
                {
                    Auth0Domain = "[Auth0_Domain]",
                    Auth0ClientId = "[Auth0_Client_Id]"
                };
            });

            services.AddScoped<Blazor.Auth0.[ClientSide|ServerSide].Authentication.AuthenticationService>();
        }

Other options include:

  • AuthenticationGrant: Allows you to choose between authorization_code (recommended) and implicit_grant authentication flows.

  • RedirectAlwaysToHome: When set to true, forces the redirect_uri param to be the home path, this value overrides Auth0RedirectUri

  • LoginRequired: When set to true, forces a redirection to the login page in case the user is not authenticated.

  • GetUserInfoFromIdToken: When set to true, the serivce will use the id_token payload to build the user info, this is good in case all the user info you require is present in the id_token payload and you want avoid doing an extra call to Auth0, in case that tere's no id_token present in the authentication response the service will fall back gracefully to try to get the user info from an API call to auth0, default value is false

  1. Replace the content of App.razor with the following code
@using Blazor.Auth0.Shared.Models.Enumerations
@using Blazor.Auth0.[ClientSide|ServerSide].Components
@using Blazor.Auth0.[ClientSide|ServerSide].Authentication

@inject AuthenticationService _authService

<AuthComponent ProtectedPaths="protectedPaths">

	@*Will render while determining user's session state*@
	<AuthorizingContent>
		Determining session state, please wait...
	</AuthorizingContent>

	@*Will render after determining session state*@
	<AuthorizedContent>

		<Router AppAssembly="typeof(Startup).Assembly">

			<NotFoundContent>
				<p>Sorry, there's nothing at this address.</p>
			</NotFoundContent>

		</Router>

	</AuthorizedContent>

	<NotAuthorizedContent>
		ERROR 401: Unauthorized
	</NotAuthorizedContent>

</AuthComponent>

@code {

    List<string> protectedPaths = new List<string> {
        "fetchdata"
    };

}

Other options include:

  • ProtectedPaths: Allows you to indicate a list of paths that requires an authenticated user, only affects if LoginRequired is set to false.
  • LoginRequiredOnProtectedPaths: Alters the ProtectedPaths behavior. When set to true redirect the user to the login page automatically, otherwise, the content from the UnAuthorizedContent fragment will be rendered.

Using it with the built-in Blazor Authentication and Authorization

Since v0.7.0-beta.1 for client side version and v0.4.0-beta.1 for server side version, you can make use of the new built-in Blazor Authentication and Authorization capabilities.

In Startup.cs, register a new AuthenticationStateProvider service inside ConfigureServices method


services.AddScoped<AuthenticationStateProvider, Blazor.Auth0.[ClientSide|ServerSide].Authentication.AuthenticationStateProvider>();		
	

Server Side Only!

In the Configure method of the same file, instructs the app to use Authentication and Authorization


app.UseAuthentication();
app.UseAuthorization();
	

IMPORTANT!

If you're planning to use built-in Blazor Authorization capabilities like Claims-based and Policy-based authorization, then you will need to indicate an Auth0 audience/api with the "Enable RBAC" and "Add Permissions in the Access Token" settings set to true, here you have some reading about Auth0's RBAC.

The actual mechanism of authenticating the user, i.e., determining their identity using cookies or other information, is the same in Blazor as in any other ASP.NET Core application. So to control and customize any aspect of it, see documentation about authentication in ASP.NET Core.
> SteveSandersonMS

Following are a great sources about how to implement the Authentication and Authorization:

ASP.NET Core and Blazor updates in .NET Core 3.0 Preview
SteveSandersonMS/blazor-auth.md
Policy-based authorization in ASP.NET Core
Claims-based authorization in ASP.NET Core

Release Notes

Added support for built-in Blazor Authentication and Authorization

Break Fix:

AuthComponent RenderFragments renamed to better fit built-in Blazor Authentication and Authorization

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
0.4.0-beta.1 98 6/15/2019
0.3.0-beta-1 57 6/14/2019
0.2.1-alpha-2 57 6/12/2019
0.2.0-alpha-1 92 6/5/2019
0.1.0-alpha-2 97 5/8/2019
0.1.0-alpha-1 155 4/20/2019