2
votes

I'm having trouble logging in using Google OIDC as an identity provider with my Blazor WASM Standalone app. Here is my appsettings.json. I currently have the ResponseType set to code. This is what is causing it to break. If I set it to id_token I can log in, but then cannot get the access token in my component.

 "Local": {
    "Authority": "https://accounts.google.com/",
    "ClientId": "4....apps.googleusercontent.com",
    "PostLogoutRedirectUri": "https://localhost:44380/authentication/logout-callback",
    "RedirectUri": "https://localhost:44380/authentication/login-callback",
    "ResponseType": "code"
  }

My component:

@using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
@page "/projects"
@inject AuthenticationStateProvider _authenticationStateProvider
@inject IAccessTokenProvider _tokenProvider
<h3>Projects</h3>

@code {

    protected override async Task OnInitializedAsync()
    {
        var authstate = await _authenticationStateProvider.GetAuthenticationStateAsync();
        var accessTokenResult = await _tokenProvider.RequestAccessToken();
    }

}

Program.cs

public class Program
{
    public static async Task Main(string[] args)
    {
        var builder = WebAssemblyHostBuilder.CreateDefault(args);
        builder.RootComponents.Add<App>("#app");

        builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });

        builder.Services.AddOidcAuthentication(options =>
        {
            // Configure your authentication provider options here.
            // For more information, see https://aka.ms/blazor-standalone-auth
            builder.Configuration.Bind("Local", options.ProviderOptions);
            
        });

        await builder.Build().RunAsync();
    }
}
1

1 Answers

1
votes

The problem is with your the value you have set for the ResponseType. OIDC allows for hybrid flows and multiple types to be used. You need to add token to your response type if you want to be able to access the access token with the IAccessTokenProvider.

The following will work:

 "Local": {
    "Authority": "https://accounts.google.com/",
    "ClientId": "4....apps.googleusercontent.com",
    "PostLogoutRedirectUri": "https://localhost:44380/authentication/logout-callback",
    "RedirectUri": "https://localhost:44380/authentication/login-callback",
    "ResponseType": "id_token token"
  }

For more info on this check out this answer: OpenIDConnect Response Type Confusion