Can you provide some general guidance on how to use the jwtprovider only to receive a ss-tok externally. I thought perhaps I could update the GetAuthenticationStateAsync and pass into the Authenticate call something like:
but that doesn’t work. Any help or pointers would be appreciated. Just trying to authenticate the user with an external token as they’ll be redirected to the blazor app from an authenticated link like: 'https://app.domain.com?ss-tok=thetoken` or if there are other options, I’m open to them.
The blazor-wasm template is already configured to authenticate with JWT using the JWT Cookies default which is important for SPAs like Blazor WASM to avoid the app having to maintain the token in memory which is vulnerable to XSS attacks, where as by using the recommended Secure HttpOnly Cookies the Blazor App never needs to maintain JWT Tokens in App whilst still making authenticated API Requests using JWT Cookies.
var client = new JsonApiClient(baseUrl) {
BearerToken = jwtToken
};
Note: JWT Is an IAuthWithRequest Auth Provider meaning there’s no explicit Authentication Step as each API request is authenticated with the JWT, so you would call protected services directly, i.e. not try to call Authenticate API first.
I did a test to set the cookie in the app.razor but it never worked and always shows unauthenticated but you are saying I may need to change the GetAuthenticationStateAsync to remove the authenticate call and just call some custom authenticated endpoint instead and the i guess the session will hydrate. I’ll review that.