Blazor.Auth0
This is a library for Blazor authentication with OIDC Authorization Code-Grant and Implicit-Grant flows, using Auth0's Universal Login and Silent Login for Blazor over .Net Core 3.1.0-preview1 client & server-side solutions, the idea behind this is to have an easy way of using Auth0's services in Blazor without the need of the auth0.js library.
About Auth0
Auth0 is a platform that provides authentication and authorization as a service. Giving developers and companies the building blocks they need to secure their applications without having to become security experts.
You can connect any application (written in any language or on any stack) to Auth0 and define the identity providers you want to use (how you want your users to log in).
Learn more at:
Prerequisites
Blazor
You'll want to follow the Getting Started instructions in Blazor website
Auth0
Basic knowledge of Auth0 IDaaS platform is assumed, otherwise, visiting Auth0 docs is highly recommended.
Installation
Install via Nuget.
Server Side
Install-Package Blazor-Auth0-ServerSide -Version 2.0.0-Preview1
Client Side
Install-Package Blazor-Auth0-ClientSide -Version 2.0.0-Preview1
Usage
Note: Following example is for a server-side with require authenticated user implementation, for client-side and core-hosted example implementations please refer to the examples
Secrets file (recommended)
appsettings.json or
{
"Auth0":{
"Domain": "[Your_Auth0_Tenant_Domain]",
"ClientId": "[Your_Auth0_Client/Application_Id]",
"ClientSecret": "[Your_Auth0_Client/Application_Secret]",
"Audience": "[Your_Auth0_Audience/API_Identifier]"
}
}
Startup.cs
// Import Blazor.Auth0
using Blazor.Auth0;
using Blazor.Auth0.Models;
// ...
public void ConfigureServices(IServiceCollection services)
{
// Other code...
/// This one-liner will initialize Blazor.Auth0 with all the defaults
services.AddDefaultBlazorAuth0Authentication(Configuration.GetSection("Auth0").Get<ClientOptions>());
// Other code...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// Otrher code...
app.UseHttpsRedirection();
app.UseStaticFiles();
// Add Blazor.Auth0 middleware
app.UseBlazorAuth0();
// Other code...
}
Replace App.razor content with the following code
App.razor
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
<Authorizing>
<p>>Determining session state, please wait...</p>
</Authorizing>
<NotAuthorized>
<h1>Sorry</h1>
<p>You're not authorized to reach this page. You may need to log in as a different user.</p>
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<p>Sorry, there's nothing at this address.</p>
</NotFound>
</Router>
Support
If you found a bug, have a consultation or a feature request please feel free to open an issue.
When opening issues please take in account to:
- Avoid duplication: Please search for similar issues before.
- Be specific: Please don't put several problems/ideas in the same issue.
- Use short descriptive titles: You'll have the description box to explain yourself.
- Include images whenever possible: A picture is worth a thousand words.
- Include reproduction steps for bugs: Will be appreciated
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
- Fork it (https://github.com/henalbrod/Blazor.Auth0/fork)
- Create your feature branch (
git checkout -b feature/fooBar
) - Commit your changes (
git commit -am 'Add some fooBar'
) - Push to the branch (
git push origin feature/fooBar
) - Create a new Pull Request
- Especial thanks for its help to all the contributors
Authors
Henry Alberto Rodriguez - Initial work - GitHub - Twitter - Linkedin
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
-
I started this library based on this great post from Vittorio Bertocci
-
This README file is based on the great examples form: makeareadme, PurpleBooth & dbader
Release History
v2.0.0-Preview1
BREAKING CHANGES:
- Upgraded to .Net Core 3.1.0-preview1
- Server side projects upgraded to netcoreapp3.1
- Auth0 permissions are now accesible as an any other array claim:
policy.RequireClaim("permissions", "permission_name")
v1.0.0-Preview3
- Overall upgrade to .Net Core 3.0
v1.0.0-Preview2
- Overall upgrade to .Net Core 3.0 RC1
- Removed Shell.razor in Example projects
- Simplified App.razor in Example projects
- Removed local _imports.razor in Example projects
v0.1.0.0-Preview1
- Upgraded to .Net Core 3.0.0-preview8
- Removed AuthComponent
- New One-Liner instantiation
- Server Side full rewrite
- Better server-side Blazor Authentication compatibility/integration
- Cookie-based session (No more silent login iframe in server-side)
- Refresh token support (Refreshing and Revoking)
- Client secret
- Server-side sliding expiration