Hi,
I’m trying to connect the Duende BFF solution to Auth0. In Auth0, I’ve created a Single Page Application. The dotnet part looks like, coming from the Duende BFF WASM dotnet 6 sample:
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = "cookie";
options.DefaultChallengeScheme = "oidc";
options.DefaultSignOutScheme = "oidc";
})
.AddCookie("cookie", options =>
{
options.Cookie.Name = "__Host-blazor";
options.Cookie.SameSite = SameSiteMode.Strict;
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://MY-ORGANIZATION.eu.auth0.com";
options.ClientId = "MY-CLIENTID";
options.ClientSecret = "MY-CLIENTSECRET";
options.ResponseType = "code";
options.ResponseMode = "query";
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("api");
options.Scope.Add("offline_access");
options.MapInboundClaims = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
});
In Auth0 dashboard I’ve added a rule to add the sid to a response’s user claim. I’ve got this solution from a forum/community post, but I’m not sure if this is correct as I cannot observe any effect:
function (user, context, callback) {
var namespace = 'https://localhost:7189/';
context.idToken[namespace + 'sid'] = user.sid;
callback(null, user, context);
}
When debugging, then I don’t see the expected session id (sid) which is needed for properly logout:
Is there any hint what is going wrong here or how this can be better debugged to understand how and where the session id can be taken from?
Regards