Blazor.Auth0

This is a library for Blazor authentication with OIDC Authorization Code-Grant and Implicit-Grant flows, using Auth0's Universal Login and Silent Login for Blazor over .Net Core 3.1.0-preview1 client & server-side solutions, the idea behind this is to have an easy way of using Auth0's services in Blazor without the need of the auth0.js library.

About Auth0

Auth0 is a platform that provides authentication and authorization as a service. Giving developers and companies the building blocks they need to secure their applications without having to become security experts.

You can connect any application (written in any language or on any stack) to Auth0 and define the identity providers you want to use (how you want your users to log in).

Learn more at:

Prerequisites

Blazor

You'll want to follow the Getting Started instructions in Blazor website

Auth0

Basic knowledge of Auth0 IDaaS platform is assumed, otherwise, visiting Auth0 docs is highly recommended.

Installation

Install via Nuget.

Server Side

Install-Package Blazor-Auth0-ServerSide -Version 2.0.0-Preview1

Client Side

Install-Package Blazor-Auth0-ClientSide -Version 2.0.0-Preview1

Usage

Note: Following example is for a server-side with require authenticated user implementation, for client-side and core-hosted example implementations please refer to the examples

appsettings.json or Secrets file (recommended)

{
	"Auth0":{
		"Domain": "[Your_Auth0_Tenant_Domain]",
		"ClientId": "[Your_Auth0_Client/Application_Id]",
		"ClientSecret": "[Your_Auth0_Client/Application_Secret]",
		"Audience": "[Your_Auth0_Audience/API_Identifier]"
	}
}

Startup.cs

// Import Blazor.Auth0
using Blazor.Auth0;
using Blazor.Auth0.Models;
// ...

public void ConfigureServices(IServiceCollection services)
{
	// Other code...

	/// This one-liner will initialize Blazor.Auth0 with all the defaults
	services.AddDefaultBlazorAuth0Authentication(Configuration.GetSection("Auth0").Get<ClientOptions>());	

	// Other code...
}

 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 {
    // Otrher code...

	app.UseHttpsRedirection();
	app.UseStaticFiles();
     
	// Add Blazor.Auth0 middleware     
	app.UseBlazorAuth0();

	// Other code...
 }

Replace App.razor content with the following code

App.razor

<Router AppAssembly="@typeof(Program).Assembly">
    <Found Context="routeData">
        <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
            <Authorizing>
                <p>>Determining session state, please wait...</p>
            </Authorizing>
            <NotAuthorized>
                <h1>Sorry</h1>
                <p>You're not authorized to reach this page. You may need to log in as a different user.</p>
            </NotAuthorized>
        </AuthorizeRouteView>
    </Found>
    <NotFound>        
        <p>Sorry, there's nothing at this address.</p>        
    </NotFound>
</Router>

Support

If you found a bug, have a consultation or a feature request please feel free to open an issue.

When opening issues please take in account to:

• Avoid duplication: Please search for similar issues before.
• Be specific: Please don't put several problems/ideas in the same issue.
• Use short descriptive titles: You'll have the description box to explain yourself.
• Include images whenever possible: A picture is worth a thousand words.
• Include reproduction steps for bugs: Will be appreciated

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

1. Fork it (https://github.com/henalbrod/Blazor.Auth0/fork)
2. Create your feature branch (git checkout -b feature/fooBar)
3. Commit your changes (git commit -am 'Add some fooBar')
4. Push to the branch (git push origin feature/fooBar)
5. Create a new Pull Request

• Especial thanks for its help to all the contributors

Authors

Henry Alberto Rodriguez - Initial work - GitHub - Twitter - Linkedin

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

• I started this library based on this great post from Vittorio Bertocci

• This README file is based on the great examples form: makeareadme, PurpleBooth & dbader

Release History

v2.0.0-Preview1

BREAKING CHANGES:

• Upgraded to .Net Core 3.1.0-preview1
• Server side projects upgraded to netcoreapp3.1
• Auth0 permissions are now accesible as an any other array claim:

policy.RequireClaim("permissions", "permission_name")

v1.0.0-Preview3

• Overall upgrade to .Net Core 3.0

v1.0.0-Preview2

• Overall upgrade to .Net Core 3.0 RC1
• Removed Shell.razor in Example projects
• Simplified App.razor in Example projects
• Removed local _imports.razor in Example projects

v0.1.0.0-Preview1

• Upgraded to .Net Core 3.0.0-preview8
• Removed AuthComponent
• New One-Liner instantiation
• Server Side full rewrite
  • Better server-side Blazor Authentication compatibility/integration
  • Cookie-based session (No more silent login iframe in server-side)
  • Refresh token support (Refreshing and Revoking)
  • Client secret
  • Server-side sliding expiration