Blazor.Auth0 Is a library for using the Authorization Code Grant with Proof Key for Code Exchange (PKCE) with Auth0's Universal Login in Blazor SPAs.
The idea behind this is to have an easy way of using Auth0's services with Blazor (especially the client side) without relaying on javascript libraries.
Auth0 is a platform that provides authentication and authorization as a service. Giving developers and companies the building blocks they need to secure their applications without having to become security experts.
You can connect any application (written in any language or on any stack) to Auth0 and define the identity providers you want to use (how you want your users to log in).
Learn more at:
You'll want to follow the Getting Started instructions in Blazor website
Basic knowledge of Auth0 IDaaS platform is assumed, otherwise, visiting Auth0 docs is highly recommended.
Install via Nuget.
Server Side
Install-Package Blazor-Auth0-ServerSide -Version 2.0.0-Preview5
Client Side
Install-Package Blazor-Auth0-ClientSide -Version 2.0.0-Preview5
Note: Following example is for a client-side with require-authenticated-user implementation, for server-side and core-hosted example implementations please refer to the examples
using Blazor.Auth0;
// ...
public static async Task Main(string[] args)
{
var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.Services.AddBlazorAuth0(options =>
{
// Required
options.Domain = "[Auth0_Domain]";
// Required
options.ClientId = "[Auth0_Client_Id]";
//// Required if you want to make use of Auth0's RBAC
options.Audience = "[Auth0_Audience]";
//// Uncomment the following line if you don't want your users to be automatically logged-off on token expiration
// options.SlidingExpiration = true;
//// Uncomment the following two lines if you want your users to log in via a pop-up window instead of being redirected
// options.LoginMode = LoginModes.Popup;
//// Uncomment the following line if you don't want your unauthenticated users to be automatically redirected to Auth0's Universal Login page
// options.RequireAuthenticatedUser = false;
});
builder.Services.AddAuthorizationCore();
builder.RootComponents.Add<App>("app");
await builder.Build().RunAsync();
}
Add a reference to Microsoft.AspNetCore.Components.Authorization
@using Microsoft.AspNetCore.Components.Authorization
//...
Replace App.razor content with the following code
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
<Authorizing>
<p>>Determining session state, please wait...</p>
</Authorizing>
<NotAuthorized>
<h1>Sorry</h1>
<p>You're not authorized to reach this page. You may need to log in as a different user.</p>
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<p>Sorry, there's nothing at this address.</p>
</NotFound>
</Router>
If you found a bug, have a consultation or a feature request please feel free to open an issue.
When opening issues please take in account to:
- Avoid duplication: Please search for similar issues before.
- Be specific: Please don't put several problems/ideas in the same issue.
- Use short descriptive titles: You'll have the description box to explain yourself.
- Include images whenever possible: A picture is worth a thousand words.
- Include reproduction steps for bugs: Will be appreciated
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
- Fork it (https://github.com/henalbrod/Blazor.Auth0/fork)
- Create your feature branch (
git checkout -b feature/fooBar
) - Commit your changes (
git commit -am 'Add some fooBar'
) - Push to the branch (
git push origin feature/fooBar
) - Create a new Pull Request
- Especial thanks for its help to all the contributors
Henry Alberto Rodriguez - Initial work - GitHub - Twitter - Linkedin
This project is licensed under the MIT License - see the LICENSE file for details.
-
I started this library based on this great post from Vittorio Bertocci
-
This README file is based on the great examples form: makeareadme, PurpleBooth & dbader
v2.0.0-Preview5
- Fixed issue #41
- Upgraded to .Net Core v3.1.102
v2.0.0-Preview4
- Upgraded to .Net Core v3.1.0-preview3
v2.0.0-Preview3
- Upgraded to .Net core 3.1.0-preview2
v2.0.0-Preview2
This relase comes with Client Side changes primarly
-
New LoginMode parameter in ClientOptions
Redirect = Classic behavior (default) PopUp = Loads Universal Login inside a popup window
The new PopUp behavior comes in handy to avoid the full client side app reloading
-
New AuthorizePopup method in Blazor.Auth0.Authentication for client side
v2.0.0-Preview1
BREAKING CHANGES:
- Upgraded to .Net Core 3.1.0-preview1
- Server side projects upgraded to netcoreapp3.1
- Auth0 permissions are now accesible as an any other array claim:
policy.RequireClaim("permissions", "permission_name")
v1.0.0-Preview3
- Overall upgrade to .Net Core 3.0
v1.0.0-Preview2
- Overall upgrade to .Net Core 3.0 RC1
- Removed Shell.razor in Example projects
- Simplified App.razor in Example projects
- Removed local _imports.razor in Example projects
v0.1.0.0-Preview1
- Upgraded to .Net Core 3.0.0-preview8
- Removed AuthComponent
- New One-Liner instantiation
- Server Side full rewrite
- Better server-side Blazor Authentication compatibility/integration
- Cookie-based session (No more silent login iframe in server-side)
- Refresh token support (Refreshing and Revoking)
- Client secret
- Server-side sliding expiration