Hi,
I am trying to setup ASP.NET Core 3.1 authentication, as per the article.
However, I am a little confused by the terminology and workflow.
What I want to happen is that when the app is hit, a controller method/action is hit (this just returns a View) and on that page, I have the authorise attribute. My understanding is that the authorise attribute is invoked before the body of the method (returning the view).
Once the user authenticates, the body of the method (the page) is returned.
I’m a bit confused by what the callback url and return url would be in this case?
Your assumption is correct. The authorize attribute will check if the user identity has been setup in the current http context. If the user is not authenticated, it will return 401, and the JWT middleware will intercept the call and redirect the user to the Auth0 authorization server for authentication. The callback url is the location where the JWT middleware expects the ID token to be posted, you configure that URL in the middleware settings as well as in Auth0. The return url is just the url where the user must be redirected right after it was authenticated. This one is optional.