Skip to content
This repository has been archived by the owner on Mar 11, 2020. It is now read-only.

henalbrod/Blazor.Auth0

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

95 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Blazor.Auth0

Blazor Auth0 Library

Blazor.Auth0 Is a library for using the Authorization Code Grant with Proof Key for Code Exchange (PKCE) with Auth0's Universal Login in Blazor SPAs.

The idea behind this is to have an easy way of using Auth0's services with Blazor (especially the client side) without relaying on javascript libraries.

Nuget Nuget Github Actions Codacy Badge GitHub license

About Auth0

Auth0 is a platform that provides authentication and authorization as a service. Giving developers and companies the building blocks they need to secure their applications without having to become security experts.

You can connect any application (written in any language or on any stack) to Auth0 and define the identity providers you want to use (how you want your users to log in).

Learn more at:

JWT Auth for open source projects

Prerequisites

Blazor

You'll want to follow the Getting Started instructions in Blazor website

Auth0

Basic knowledge of Auth0 IDaaS platform is assumed, otherwise, visiting Auth0 docs is highly recommended.

Installation

Install via Nuget.

Server Side

Install-Package Blazor-Auth0-ServerSide -Version 2.0.0-Preview5

Client Side

Install-Package Blazor-Auth0-ClientSide -Version 2.0.0-Preview5

Usage

Note: Following example is for a client-side with require-authenticated-user implementation, for server-side and core-hosted example implementations please refer to the examples

Program.cs

using Blazor.Auth0;

// ...


public static async Task Main(string[] args)
{
	var builder = WebAssemblyHostBuilder.CreateDefault(args);

	builder.Services.AddBlazorAuth0(options =>
	{
		// Required
		options.Domain = "[Auth0_Domain]";

		// Required
		options.ClientId = "[Auth0_Client_Id]";

		//// Required if you want to make use of Auth0's RBAC
		options.Audience = "[Auth0_Audience]";

		//// Uncomment the following line if you don't want your users to be automatically logged-off on token expiration
		// options.SlidingExpiration = true;

		//// Uncomment the following two lines if you want your users to log in via a pop-up window instead of being redirected
		// options.LoginMode = LoginModes.Popup;

		//// Uncomment the following line if you don't want your unauthenticated users to be automatically redirected to Auth0's Universal Login page 
		// options.RequireAuthenticatedUser = false;
	});
	
	builder.Services.AddAuthorizationCore();

	builder.RootComponents.Add<App>("app");

	await builder.Build().RunAsync();
}

Add a reference to Microsoft.AspNetCore.Components.Authorization

_Imports.razor

@using Microsoft.AspNetCore.Components.Authorization
//...

Replace App.razor content with the following code

App.razor

<Router AppAssembly="@typeof(Program).Assembly">
    <Found Context="routeData">
        <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
            <Authorizing>
                <p>>Determining session state, please wait...</p>
            </Authorizing>
            <NotAuthorized>
                <h1>Sorry</h1>
                <p>You're not authorized to reach this page. You may need to log in as a different user.</p>
            </NotAuthorized>
        </AuthorizeRouteView>
    </Found>
    <NotFound>        
        <p>Sorry, there's nothing at this address.</p>        
    </NotFound>
</Router>

Support

If you found a bug, have a consultation or a feature request please feel free to open an issue.

When opening issues please take in account to:

  • Avoid duplication: Please search for similar issues before.
  • Be specific: Please don't put several problems/ideas in the same issue.
  • Use short descriptive titles: You'll have the description box to explain yourself.
  • Include images whenever possible: A picture is worth a thousand words.
  • Include reproduction steps for bugs: Will be appreciated

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

  1. Fork it (https://github.com/henalbrod/Blazor.Auth0/fork)
  2. Create your feature branch (git checkout -b feature/fooBar)
  3. Commit your changes (git commit -am 'Add some fooBar')
  4. Push to the branch (git push origin feature/fooBar)
  5. Create a new Pull Request

Authors

Henry Alberto Rodriguez - Initial work - GitHub - Twitter - Linkedin

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

Release History

v2.0.0-Preview5

  • Fixed issue #41
  • Upgraded to .Net Core v3.1.102

v2.0.0-Preview4

  • Upgraded to .Net Core v3.1.0-preview3

v2.0.0-Preview3

  • Upgraded to .Net core 3.1.0-preview2

v2.0.0-Preview2

This relase comes with Client Side changes primarly

  • New LoginMode parameter in ClientOptions

    Redirect = Classic behavior (default) PopUp = Loads Universal Login inside a popup window

    The new PopUp behavior comes in handy to avoid the full client side app reloading

  • New AuthorizePopup method in Blazor.Auth0.Authentication for client side

v2.0.0-Preview1

BREAKING CHANGES:

  • Upgraded to .Net Core 3.1.0-preview1
  • Server side projects upgraded to netcoreapp3.1
  • Auth0 permissions are now accesible as an any other array claim:
policy.RequireClaim("permissions", "permission_name")

v1.0.0-Preview3

  • Overall upgrade to .Net Core 3.0

v1.0.0-Preview2

  • Overall upgrade to .Net Core 3.0 RC1
  • Removed Shell.razor in Example projects
  • Simplified App.razor in Example projects
  • Removed local _imports.razor in Example projects

v0.1.0.0-Preview1

  • Upgraded to .Net Core 3.0.0-preview8
  • Removed AuthComponent
  • New One-Liner instantiation
  • Server Side full rewrite
    • Better server-side Blazor Authentication compatibility/integration
    • Cookie-based session (No more silent login iframe in server-side)
    • Refresh token support (Refreshing and Revoking)
    • Client secret
    • Server-side sliding expiration