
vr4n1 (vr4n1) さんが質問をしました。
we have the sample how to secure Blazor WASM PWA here:
https://developer.okta.com/blog/2020/09/30/blazor-webassembly-wasm-dotnetcore
our question is how to do it with Blazor WASM ASP.NET core hosted app?
this will have 3 projects:
Thanks in advance!
John

Hi @vr4n1 (vr4n1),
Thank you for posting on the Okta community page!
I have done some research and managed to find the bellow articles that might help you, achieve this integration:
Additionally, my advice would be to also leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
I hope the above information is useful!
Thank you very much!
I managed to get the client authentication work by following this link How To Add Okta Authentication to Blazor WASM - YouTube but the [authorize] does not work.
for .NET 6, you need to add Microsoft.IdentityModel.Tokens nuget package to server project get it working.
I checked that the token is stored in sessionstorage:
oidc.user:{{your_okta_domain}}/oauth2/default:0oajhf0akzw1YfG1w0h7 contains
access_token: “”
expires_at: 1658723964
id_token: “”
profile: {sub: “00u17vftfpmmUi3lr0h8”, name: “”, ver: 1,…}
scope: “openid profile”
token_type: “Bearer”
I also verified that the bearer token is attached to Blazor client Http request due to these line in Program.cs (Client project):
builder.Services.AddHttpClient(“ServerAPI”, client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
.AddHttpMessageHandler();
// Supply HttpClient instances that include access tokens when making requests to the server project
builder.Services.AddScoped(sp => sp.GetRequiredService().CreateClient(“ServerAPI”));
but at server project, if you put [Authorize] on the controller, you will get 401 unauthorized, I checked the the User context is not constructed in server project. but the bearer token is passed … I followed this link Secure Your .NET 6 Web API | Okta Developer, I was able to validate the token.
I still need to find a solution on following:
I was able to create a custom claim groups in the default authorization server so now the groups claim is included in the access_token and id_token, but the claim is not populated in the user's claim.