In the previous version we had permissions appended before the claim. While following Example.Clientside, I have been testing the claims based fetch data. But I cannot see the permissions in the claims of the User Identity and hence the page is displayed the UnAuthorized message..

So while the example has @Attribute [Authorize("read:weather_forecast")] , on the MS doc
@Attribute [Authorize( Policy = "read:weather_forecast")]

This was working for preview 8 codebase
On the Auth0 dashboard , the relevant API had the RBAC enabled and the User has the Permission ["read:weather_forecast] set .

1. Generated auth url is only for https//:{domain}. Please add http

2. If possible, add suport for client secret string property in options. (additionally)

Will do a PR but want to make sure our goals align before.
Endpoints should be gathered from the .well-known/openid-configuration file not hardcoded in. This causes incompatibility with auth servers.

Reportedly, the AuthComponent is firing an unnecessary StateHasChanged event when running a silent login even if the session state hasn't change.

This is causing animated elements re-renders its animations sequences, causing the app to not act naturally.

Having the same issue reported in your example post
https://dev.to/evanweeks/comment/jo7l

A very minimal client only app authenticating against an Identity Server 4 instance on local host generated this auth request:

https://localhost:44373/connect/authorize?&response_type=code&code_challenge_method=S256code_challenge=fXsiI0JPtBectyE0/rYp6FqujManyFWfwauxq7YljHI=&state=+j3IlMJ2SIVM6z+KZoRZyJiOoErq1yWLOREznqr4ntQ=&nonce=q7TLYSCLQyiAwqXve7VU12XMPKFYESnjZZRCiB+rk8Y=&client_id=debugClientID&scope=openid%20profile%20email&redirect_uri=https://localhost:44391/

Note the missing ampersand between the code_challenge_method and code_challenge parameters.

Less important: the query string has an unnecessary & before the first parameter name.

Hi. Love the project. I have a problem with CoreHosted Client:
https://github.com/Pegazux/Blazor.Auth0/blob/master/examples/Blazor.Auth0.Examples.CoreHosted.Client/Pages/FetchData.razor
When I browse to this page I get a delay for 30 seconds.
My guess is it is because of " System.Threading.Thread.Sleep(30000); " in:
https://github.com/Pegazux/Blazor.Auth0/blob/master/src/Blazor.Auth0.ServerSide/Components/AuthComponent.razor
Is there a reason for the 30seconds delay? Or just some debug code left behind?

Best regards Joshua Ryder AKA TopSwagCode :)

Hi, Im calling an asp.net core webapi with auth0 authentication enabled from my blazor serverside app, in order to make this plugin more useful it would be great if you can enable access to Retrieved Access Token
"To call your API from a SPA, the application must pass the retrieved Access Token as a Bearer token in the Authorization header of your HTTP request."

Just downloaded the lastest dotnet core release candidate , it errors out with the linker error code
-532462766.

I'm aware that Readme mention that its tested with Preview 8....just wanted to take it for a spin.

Reportedly, the Auth0 iframe for running the silent login is injected too often (every 35 to 40 seconds) ignoring the TTL of the JWT.

HI trying to setup on a Blazor (server side) project, when I replace de Index code with yours as your instructions it marks AuthenticationService, of @Inject AuthenticationService _authService, as:
The type or namespace name 'AuthenticationService' could not be found (are you missing a using directive or an assembly reference?)
Also with SessionState in @if (_authService.SessionState == SessionStates.Active)

I dont know if this is normal, because it compiles but it stays on

Determining session state, please wait...

When a user hits the site, the first thing they see is the unauthorized view, then after a few seconds the authorized content comes into view.

For some reason the Authorizing view/route never gets hit.

Any ideas as to what we can do to fix this?

I added a new SignalR hub to my project but the hub context user is coming through as null. Do I need to do something specific with my app configuration or hub connection to pass things around correctly?

Are you considering adding support for refresh tokens? One thing that our users frequently request is to stay logged in for longer and Auth0 restricts us a bit on how long the tokens last.

Hi!
Possibly the thing is in my Auth0 misconfiguration, but I cannot make this policies work at the end. After authentication is completed and navigating to /fetchdata page I see You're not authorized to reach this page.

Tried to expose identity's claims and they do not contain anything like
'permissions' => 'read:weather_forecast', but contains only basics claims such as nickname, email, sub, phone, updated_at...

How should I add this permissions in Auth0 settings to my users: on the user base, role, rule or api?

Hi,

I am just playing around with this awesome library for Blazor. Thanks for your efforts. But I am currently stuck with the handling of the returning code from Auth0. I completely can login using Auth0 and my Google Account, but when I am redirected back to the Blazor application, I am still recognized as Unauthorized / not logged in.

In my Auth0 Console I see a failing silent login.

Did I miss something?

I also tested your examples (proprietary as well as built-in) with my Auth0 Account but both didn't work.

Any suggestions?

Getting this error on startup of the app.

Happened before the core preview 7 update and remains after the preview 7 update

Error: System.TypeLoadException: Could not load type 'System.Text.Json.Serialization.JsonSerializer' from assembly 'System.Text.Json, Version=4.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51'. at Blazor.Auth0.Shared.Authentication.AuthenticationServiceBase.GetAccessToken(:44325/String code) at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](:44325/TStateMachine& stateMachine) at Blazor.Auth0.Shared.Authentication.AuthenticationServiceBase.GetAccessToken(:44325/String code) at Blazor.Auth0.Shared.Authentication.AuthenticationServiceBase.HandleAuth0Message(:44325/Auth0IframeMessage message) at endInvokeDotNetFromJS (blazor.server.js:8) at blazor.server.js:8 at new Promise (<anonymous>) at e.beginInvokeJSFromDotNet (blazor.server.js:8) at blazor.server.js:1 at Array.forEach (<anonymous>) at e.invokeClientMethod (blazor.server.js:1) at e.processIncomingData (blazor.server.js:1) at e.connection.onreceive (blazor.server.js:1) at WebSocket.i.onmessage (blazor.server.js:1) endInvokeDotNetFromJS @ blazor.server.js:8 (anonymous) @ blazor.server.js:8 beginInvokeJSFromDotNet @ blazor.server.js:8 (anonymous) @ blazor.server.js:1 e.invokeClientMethod @ blazor.server.js:1 e.processIncomingData @ blazor.server.js:1 connection.onreceive @ blazor.server.js:1 i.onmessage @ blazor.server.js:1 Promise.then (async) messageListener @ VM164:34

Hi, upon upgrading to server side preview 5, when I click login (AuthService.Authorize), I'm being redirected to /account/authorize and getting:

Sorry, there's nothing at this address.

Insted of the auth0 login page, this same code was working on preview 4, and does work for client side in preview 5 as it is in a shared library. Looks like the routes for /account are not being registered as before for the server side. If I enable "RequireAuthenticatedUser": true, the login redirect loops infinitely.

I appreciate your help.

The getting started instructions from preview <5 had a login/logout button already coded in, but in the new instructions for preview 6 there isnt, is this intentional?

Hello,
I'm just taking a look at the client-side example and have the following problem:

1. Login
2. Refresh the page
3. User is logged out, has to click Login again (albeit they don't have to re-enter their credentials).

Is there a way to stop this step of having to re-click Login?

Many thanks,
Steve

When the website is rendered by a mobile form factor, the bootstrap responsive mode hides the login/logout button

Hi,

The call to authorize endpoint is failing with an HTTP code 400

Request URL: https://[domain]/authorize?response_type=code&code_challenge_method=S256&code_challenge=[code challenge]&state=[state]&nonce=[nonce]&client_id=[clientid]&scope=openid%20profile%20email&redirect_uri=https://localhost:5001/&response_mode=web_message&prompt=none

But if I lop off the last two parameters from the URL, it works
&response_mode=web_message&prompt=none

This may or may not be something you are working on, but we're attempting to use Blazor's built in Authorization and Authentication with your Auth0 components.

The API is setup correctly and the user has the custom claims, but when trying to see if a user is in a specific role it always acts as if they are not.

Any suggestions on how to fix this or is it even possible?

Every 30 to 45 seconds an iframe will be injected (I assume to validate the users session). During this time it triggers a 'StateHasChanged' method call and causes my components to re-render.

This would be okay for text and other static items but I have on page where we're showing a chart and when it re-renders it animates causing the app to not act naturally.

Is there a way to disable this background refresh?

So far that's the only issue/bug we've seen, we really appreciate you putting in the time on this project!

Hi @henalbrod ,
Decided to experiment with the updated Blazor template
3.2.0-preview1.20073.1 and upgraded Blazor.Auth0 to Preview 5 but it looks like it does not even make a call to Auth0....nothing in the Auth0 dashboard logs.

Is there a flag where we can toggle on the logs generated by Blazor.Auth0.Clientside &/or Blazor.Auth0.Shared?

How can I make my blazor application receive encrypted parameters that contain special characters such as "/" and "+" without it not understanding that the special characters are parameter dividers, please help urgently!

Under .NET Core Preview 9 the above error occurs when loading the app. The exception happens when injecting the service on startup.

Implement a Pop Up login mode.

Ref: https://auth0.com/docs/libraries/lock/v11/authentication-modes#popup-mode

Love what you've done so far, we're using this successfully without any issues so far.

I do have a question however. Is it possible to get the authentication state in the code behind? Specifically we'd like to get access to the claims and user details in Hangfire which is able to get the HTTPContext for the request, but the User is unauthenticated although they are actually authenticated.

Our hangfire issue is a one off I'm sure, the real issue is that the HTTPContext is not showing the user as authenticated.

Any thoughts on how to address this?

Thanks in advance :)

Hi,

First of all, your library is fantastic.

I am trying to integrate in the http://playground.nethereum.com as a client side github social authentication to publish gist to github, but when login in / authenticating the user you have to reload the whole blazor application.

I have seen that you use iframes to logout of the applications, is this something you are considering to enable login in?

Any other thoughts / ideas ?

Many thanks in advance

When I deploy to a storage account my Blazor WebAssembly client I always get the following error:

Please I need your help because I couldn't make it work

Added the following package
Blazor-Auth0-ClientSide -Version 0.7.2-beta.2

and I'm consistently being faced with the following error on running dotnet run under VS Code.

exited with code -532462766

Please check the Nuget package.