I am using the Auth0.ASPNetCore.Authentication SDK in my Blazor Server app. Using persistent sessions, all is working. However, after a user closes their browser, then re-accesses the site, Blazor does not restore the authentication session. Instead, the user needs to hit the Login page which then restores the session (without having to log in again).
Is there a way to configure the app to determine this without having to revisit the login page?
Base on the concept of Auth0, the end-user is authenticated by the access_token, it will be generated when the sign in is success, and it is the communication key of Auth0 vs your application. My suggestion is keeping the access_token in the cookie, collect it when the end-user re-access your application, then verify it with Auth0 platform.
The step by step should be:
- Collect the access_token from the cookie. Verify it with Auth0 platform.
- If it is valid, then go to step 3
- If not, redirect the end-user to the login page (step 2)
- Login, collect the access_token and store it in the cookie
- Collect the end-user information, keep them going on your application.
Hope this helps.
The issue is not Auth0.
It is due to Blazor working client side. When you close the browser the blazor signalr circuit (in the case of blazor server) is disposed so the user session is removed.
The way around this is to store the user session information in distributed storage or local storage.
This page on state management with blazor explains it