2020 年 3 月 12 日
要使用现有 OAuth 身份提供商将 OIDC 添加到现有 Blazor WASM 应用程序,请阅读使用身份验证库保护 ASP.NET Core Blazor WebAssembly 独立应用程序 https://learn.microsoft.com/en-us/aspnet/core/security/blazor/webassembly/standalone-with-authentication-library?view=aspnetcore-3.1.
新的Microsoft.AspNetCore.Components.WebAssembly.Authentication https://www.nuget.org/packages/Microsoft.AspNetCore.Components.WebAssembly.Authentication/3.2.0-preview2.20160.5支持自动静默续订。
如果您更喜欢使用配置文件而不是硬编码值,您可以像这样设置应用程序
Visit theidserver.herokuapp.com/ https://theidserver.herokuapp.com/以获得完整功能的示例。
dotnet add package Microsoft.AspNetCore.Components.WebAssembly.Authentication::3.2.0-preview2.20160.5
- 将 AuthenticationService.js 添加到 index.html
<!DOCTYPE html>
<html>
<head>
...
</head>
<body>
<app>Loading...</app>
...
<script src="_content/Microsoft.AspNetCore.Components.WebAssembly.Authentication/AuthenticationService.js"></script>
<script src="_framework/blazor.webassembly.js"></script>
</body>
</html>
- 使用此结构在应用程序的 wwwroot 文件夹中添加 oidc.json 文件
{
"authority": "https://myidp.com", // Uri to your IDP server
"client_id": "myclientid", // Your client id
"redirect_uri": "https://localhost:44333/authentication/login-callback", // Uri to the application login callback
"post_logout_redirect_uri": "https://localhost:44333/authentication/logout-callback", // Uri to the application logout callback
"response_type": "code", // OAuth flow response type. For `authorization_code` flow the response type is 'code'. For `implicit` flow, the response type is 'id_token token'
"scope": "BlazorIdentityServer.ServerAPI openid profile" // list of scope your application wants
}
-
配置 Api 授权以从 oidc.json 文件中读取配置
更新你的程序.cs to be :
using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
using Microsoft.Extensions.DependencyInjection;
using System.Threading.Tasks;
namespace BlazorIdentityServer.Client
{
public class Program
{
public static async Task Main(string[] args)
{
var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.RootComponents.Add<App>("app");
builder.Services.AddBaseAddressHttpClient();
builder.Services.AddApiAuthorization(options => options.ProviderOptions.ConfigurationEndpoint = "oidc.json");
await builder.Build().RunAsync();
}
}
}
2020 年 3 月 11 日
3.2.0-预览版2 https://devblogs.microsoft.com/aspnet/blazor-webassembly-3-2-0-preview-2-release-now-available/提供了一种将 Blazor Wasm 与 IdentityServer 结合使用的方法
Read
- 使用 Identity Server 保护 ASP.NET Core Blazor WebAssembly 托管应用程序 https://learn.microsoft.com/en-us/aspnet/core/security/blazor/webassembly/hosted-with-identity-server?view=aspnetcore-3.1
- ASP.NET Core Blazor WebAssembly 附加安全场景 https://learn.microsoft.com/en-us/aspnet/core/security/blazor/webassembly/additional-scenarios?view=aspnetcore-3.1#save-app-state-before-an-authentication-operation
2020 年 3 月 9 日
目前,您可以使用一些 blazor OIDC 库,但没有一个经过认证并实现所有功能。
-
HLSoft.BlazorWebAssembly.Authentication.OpenIdConnect https://github.com/sounj142/HLSoft.BlazorWebAssembly.Authentication.OpenIdConnect
-
Authfix/Blazor-Oidc https://github.com/Authfix/Blazor-Oidc
-
sotsera/sotsera.blazor.oidc https://github.com/sotsera/sotsera.blazor.oidc
-
MV10/BlazorOIDC https://github.com/MV10/BlazorOIDC/tree/master/ClientSite
如果你好奇,我写my own https://github.com/aguacongas/TheIdServer/tree/master/src/Blazor/Aguacongas.Blazor.Oidc支持令牌静默更新,但它尚未完成,我坚持这个问题:[wasm] WasmHttpMessageHandler,为每条消息提供获取选项 https://github.com/mono/mono/issues/17808.
该问题已在此解决尚未合并 PR https://github.com/mono/mono/pull/17932。所以必须等待或实施我自己的WasmHttpMessageHandler.
第二种方法是包裹oidc.js https://github.com/IdentityModel/oidc-client-js using JS 互操作 https://learn.microsoft.com/en-us/aspnet/core/blazor/call-javascript-from-dotnet?view=aspnetcore-3.1
