Blazor Server Quickstart Issues

Product Feedback
, ,
1

I just went through the process of adding Auth0 to a Blazor Server application using the Blazor Server Quickstart. I had some issues and figured I’d report them so that they can be fixed and the next developers to use the Quickstart have an easier time.

The Blazor Server Quickstart I’m referencing throughout: Add Login to Your Blazor Server Application - Auth0 Docs

  1. Step 3 says to add the Client Secret to appsettings.json. This works, but it does mean that the Client Secret could be exposed if the developer commits their code to a remote repository. It may be worth adding a note mentioning ASP.NET’s secrets.json feature: Safe storage of app secrets in development in ASP.NET Core | Microsoft Learn

  2. Step 5 says to add 6 files to handle login and logout. Some of those are Razor pages, which seem a bit out of place in a Blazor app. In my opinion, this is a lot of extra fluff and clutter that is unnecessary. I believe a simpler and easier option would be to use Minimal API endpoints to map /login and /logout. Here’s the code I used in my own app. This code can be added to Program.cs directly or split off into a separate file.

app.MapGet("/Login", async (HttpContext httpContext, string returnUrl = "/") =>
{
    var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
        .WithRedirectUri(returnUrl)
        .Build();

    await httpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
});

app.MapGet("/logout", async (HttpContext httpContext) =>
{
    var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
        .WithRedirectUri("/")
        .Build();

    await httpContext.SignOutAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);

    await httpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
});

This code has the advantage of being less work to set up, fewer files in the repo, and less boilerplate while accomplishing the same thing.

  1. When I referenced a particular step to the on-page AI, it kept getting the step number wrong. For example, if I say “Which step says to add values to appsettings.json?”, it replies with “Step 2: Setup Auth0 Application Configuration is the step that instructs you to add your Auth0 Domain, ClientId, and ClientSecret values to appsettings.json.” (it’s actually step 3). The AI consistently said the wrong step number every time it mentioned a step. This came up a few times during normal queries, not just a direct question like this.

  2. The Sample Application link at the bottom of the guide https://github.com/auth0-samples/auth0-aspnetcore-blazor-server-samples/tree/main/Quickstart/Sample is not relevant to this guide. It uses an old version of .NET and doesn’t follow the steps in the Quickstart guide, so the code is significantly different from what the guide says to do. It seems like the guide was updated, but the sample app wasn’t.

I hope this is helpful!

2

Hi @Jon-Corey

Welcome back to the Auth0 Community!

Thank you for submitting this feedback card regarding the SDK. I would highly recommend to also open an Issue on the repository’s page stating the above in order to raise attention to the team in charge of it as well!

Kind Regards,
Nik

1 Like
3

Some corrections/additions since I can’t edit the original post:

  1. The login and logout URLs should be /Account/Login and /Account/Logout since those are the default URLs that ASP.NET/OIDC will redirect to.

  2. The alternate solution I suggested in issue #2 is the recommended approach from another official Auth0 guide: Add Auth0 Authentication to Blazor Web Apps

  3. As recommended by @nik.baleca, I have created an issue on the GitHub repo for the sample app: Quickstart Guide Issues · Issue #18 · auth0-samples/auth0-aspnetcore-blazor-server-samples · GitHub