Securing Blazor WebAssembly Apps

Learn how to secure Blazor WebAssembly applications with Auth0.
Read more

Brought for you by @andrea.chiarelli

What are you thoughts guys? Share it in the comments! :speech_balloon:

Thanks for the article!

What is the best way to add additional custom parameters to the login url?

In Blazor server side you could modify a property in the OnRedirectToIdentityProvider event in options.Events when adding open id connect authentication in startup.cs to add these parameters but I don’t see a way to do this in wasm…

Hi @afrank,
The current implementation of Microsoft.AspNetCore.Components.WebAssembly.Authentication doesn’t support passing additional parameters, as documented by this issue.
This is the reason why you need to use a default audience to work around passing the audience parameter.

1 Like

Thanks for the answer @andrea.chiarelli!

Hopefully they will add this in the future.

1 Like

Hi @andrea.chiarelli the post was great. Can you write one to access de profile and claims? When there will be a SDK for blazor in Auth0?

1 Like

First thank you for the article. A couple questions:
The issue you mentioned about Blazor’s inability to provide additional query arguments at login would seem to suggest it is not possible to specify a particular Auth0 connection at login. Is there some way you can see to work around this and log in with a specified connection?
When I log out the application appears to have logged me out but if I select the login link again I’m immediately authenticated again without actually going through the login process. Something appears to be preserved in the application state that is not being cleared by logout. Any thoughts?

I’m sure Andrea will try to address that once he’s online. Thanks for all the input!

Hey @dane.vinson,
The Authentication.razor component implements logout by disconnecting the client from Auth0.
However, as highlighted in a note in the article, it seems that in some circumstances the HTTP request to the logout endpoint doesn’t happen.
I think it is a Blazor issue because this behavior is random on my side.

Hi @lprada, thanks for appreciating it :slight_smile:
I will take into account your suggestion for a future blog post.
Regarding an Auth0 SDK for Blazor, as far as I know, currently there is no plan for this.

In working through this article I’ve found that when I assign the RemoteAuthenticationOptions.ProviderOptions.ResponseType to “code” I get a 401 response with the message “There was an error trying to log you in: ‘’”. If I do not assign the ResponseType (defaults to token?) the login succeeds, however, after successful login attempts access my API fail at the TryGetToken method. Inspection of the AccessTokenResult shows it’s Status is RequiredRedirect. Any thoughts on what I can try here?