Thank you so much. I’ve managed to get that working passing the loginResult.IdentityToken through. I had tried that method, but didn’t realize it needed the token.
I was then having problems getting the WebBrowser to close after logout. It would just redirect to the login page and stay open. I finally figured out that I needed to add the RedirectUri to the PostLogoutRedirectUri option for the OidcClient:
public Auth0Client(Auth0ClientOptions options)
{
oidcClient = new OidcClient(new OidcClientOptions
{
Authority = $"https://{options.Domain}",
ClientId = options.ClientId,
Scope = options.Scope,
RedirectUri = options.RedirectUri,
PostLogoutRedirectUri = options.RedirectUri, //Needed for Okta!
Browser = options.Browser
});
}
It now is working great! I sincerely appreciate your reply, and I hope that this might also help anyone else in my position trying to get this all figured out for the first time using Okta with .NET MAUI. Thanks again!
1 Like
Awesome! Thank you very much for sharing your solution 
1 Like
Hello @andrea.chiarelli,
Thanks for the document, I followed the document and able to login successfully and get the Access token successfully, but if try to pass the access token to the api it is returning as unauthorized.
In our existing application we are using Xamarin.OpenId.AppAuth.Android. for that we need to pass auth serverId. to get the access token and in the API we are validating the Token with the auth server id.
I did not see any option to pass auth server id during login. We are using OKTA as the login provider.
Please suggest me how to achieve the functionality using the OidcClient. Our app is live we cannot change the API authentication.
Please suggest your thoughts.
Thanks
Bala
Hi @sbkrishnan2506,
Welcome to the Auth0 Community!
The code sample described in this article is strictly related to Auth0. Unfortunately, I’m unfamiliar with Okta, and I can’t tell you how to pass the authorization server id.
Have you checked out Okta documentation or the Okta Developer Forum?
In the meantime, I will try to get more info internally.
1 Like
The blog/sample works lovely for me on .NET 7 here. Is there any advice or best practices for storing the login result? or does the await auth0Client.LoginAsync(); need to be called on every viewmodel / controller that might need the token?
Hi @ed_giardina,
Welcome to the Auth0 Community! 
Calling the auth0Client.LoginAsync() method on every viewmodel is not the best approach, as you can guess 
. Things become even more complicated with access and refresh tokens. This is a topic I want to discuss in a future article.
To avoid logging in on each view, you can store the login result in a global variable, for example. You may take a look at the Call a Protected API from a .NET MAUI App article to get an idea. In this article, the access token is stored in a property of a static class.
Alternatively, if you want to persist your tokens, you can use Secure Storage. Of course, the different strategies depend on the needs of your application.
2 Likes
Hello! I’m trying to get this example (for Android) to work authenticating to Google, but I’m running into a problem. When I click the login button I’m getting the error
“Error loading discovery document: Endpoint is on a different host than authority”
I have changed a few lines in MauiProgram.cs:
builder.Services.AddSingleton(new Auth0Client(new()
{
Domain = "accounts.google.com",
ClientId = "<client_id>.apps.googleusercontent.com",
Scope = "openid profile",
#if WINDOWS
RedirectUri = "http://localhost/callback"
#else
RedirectUri = "myapp://callback"
#endif
}));
I have download the code from the Git repository. Am I missing something?
Tagging @andrea.chiarelli for visibility
Hey @jasper76,
Welcome to the Auth0 Community and thank you for reading my article.
The sample code built throughout this article has been tested with Auth0.
If I understand correctly, you are using Google as your ID provider.
While most of the code should work as expected, I can’t rule out problems.
Anyway, the message you share tells that the application is not requesting the OIDC configuration data to the expected Google’s endpoint.
This could be a configuration issue or something related to the Android setup.
You should take a look at the actual HTTP requests your application is sending to the authorization server to confirm this assumption.
Here Google’s discovery document is described, so that you can compare the expected URL with the actual one.
BTW, you can use Auth0 to let your users access your app via Google.
1 Like
Hello
In Xamarin we used OpenId.AppAuth package and in that OKTA discovery url consists of Authserver id as shown below.
https://xxxxxx.okta.com/oauth2/xxxxxxxxxxxxxxxxxxx/.well-known/openid-configuration.
The authorize end point looks below.
https://xxxxxx.okta.com/oauth2/xxxxxxxxxxxxxx/v1/authorize
But here we are passing the base domain only, is there any option to pass the authserverId in the URL.
Please suggest.
Thanks
Bala
Hey @sbkrishnan2506,
I’m not familiar with Okta configuration, but I think you can manage to specify your authorization server ID by properly composing the Authority option in the Auth0Client()constructor of the Auth0Client class.
I mean something like this:
// Auth0/Auth0Client.cs
public class Auth0Client
{
private readonly OidcClient oidcClient;
public Auth0Client(Auth0ClientOptions options)
{
oidcClient = new OidcClient(new OidcClientOptions{
Authority = $"https://{options.Domain}/oauth2/xxxxxxxxxxxxxxxxxxx",
ClientId = options.ClientId,
Scope = options.Scope,
RedirectUri = options.RedirectUri,
Browser = options.Browser
});
}
...
}
``
Have you tried this?
1 Like
I Tried that, but the app getting crashed and throws error as below.
'Error loading discovery document: Endpoint belongs to different authority: https://xxxxxxxxx.com/oauth2/v1/clients.
Hey @sbkrishnan2506,
Your case looks similar to this one on the OktaDev forum. In that thread, someone suggested a workaround.
I have asked for some help internally, but in the meantime, I suggest you submit your request on that forum as well to get more appropriate help.
I will let you know as soon as I have news.
1 Like
Cool! Thanks for letting me know. I hope a solution is found quickly
1 Like
Hello, sir! All of my Android emulators look like this when I click on the “Log In” button to bring up the log in page. Have you ever seen this? I’ve tried creating new emulators with no luck.
Using a real Android device does not have an issue. I also got it to launch as a Windows app with the web view, and that works/looks fine as well.
Thanks again for all of your help.
Hey @TheQuaybee, honestly I didn’t have this problem when I did my tests. However, this may depend on your specific release of .NET MAUI and Android emulator or something related to your setup.
Other readers experienced some issues with Android and they were able to fix them. Take a look at this post and this one, for example.
@joey.devilla any thoughts on this?
1 Like
Hi
What is common practice in many mobile apps is to use Biometrics to authenticate yourself , so when using FaceId or fingerprint , do you have any suggestion or what part the PKCE flow plays?
many thanks
Hi @developer9969,
Welcome to the Auth0 Community!
Enabling biometrics has no relation with OAuth flows. Biometrics is just an authentication factor and you get it out of the box in Auth0. You just need to apply some settings in your Auth0 dashboard.
Read this article for a quick introduction to biometrics configuration.
1 Like
Hey @sbkrishnan2506,
In case you haven’t solved the authorization server ID issue yet, I have news: my colleague built a MAUI sample project using Okta. Here is the repo and here is how they managed the multiple authorization servers.
Hope it helps.
2 Likes
