.net core blazor wasm hosted using oidc connect

dotnet new blazorwasm --hosted -o BlazorOidcDemo
dotnet new webapi -o IdentityServerOidc

1. BlazorOidcDemo Client/Program.cs

• we need to configure authorize with oidc into wasm application.
• we need to create AuthenticationView which provide odic login-callback and logout-callback
• we need to set up a HttpClient and CustomAuthorizationMessageHandler to handle our thirdparty oidc provider.

2.BlazorOidcDemo Server/Program.cs

• we need set up authorzation and jwtbearer to authorize the requesting user is valid.

// client/Program.cs
builder.Services.AddScoped<CustomAuthorizationMessageHandler>();
builder.Services
    .AddHttpClient("ServerAPI", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
    .AddHttpMessageHandler<CustomAuthorizationMessageHandler>();
builder.Services.AddScoped(sp =>
{
    var client = sp.GetRequiredService<IHttpClientFactory>().CreateClient("ServerAPI");
    // not to use. can delete it 
    client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin","*");
    return client;
});

builder.Services.AddOidcAuthentication(option =>
{
    // option.ProviderOptions.Authority = "https://access.corporate.ge.com";
    option.ProviderOptions.Authority = "https://localhost:7018";
    option.ProviderOptions.ClientId = "mvc";
    option.ProviderOptions.ResponseType = "code";
    option.ProviderOptions.RedirectUri = "http://localhost:8090/authentication/login-callback";
    option.ProviderOptions.PostLogoutRedirectUri = "http://localhost:8090/authentication/logout";
    option.ProviderOptions.DefaultScopes.Add("profile");
    option.ProviderOptions.DefaultScopes.Add("openid");
});

builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("ServerAPI"));

public class CustomAuthorizationMessageHandler : AuthorizationMessageHandler
{
    public CustomAuthorizationMessageHandler(IAccessTokenProvider provider, NavigationManager navigation) : base(
        provider, navigation)
    {
        ConfigureHandler(new string[] { "https://localhost:7018" }, new[] { "api" });
    }
}

// Authentication.razor
@page "/authentication/{action}"
@using Microsoft.AspNetCore.Components.WebAssembly

<Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticatorView Action="@Action">
</Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticatorView>

@code {
    [Parameter]
    public string Action { get; set; }
}

// App.razor
@using Microsoft.AspNetCore.Components.Authorization
<CascadingAuthenticationState>
<Router AppAssembly="@typeof(App).Assembly">
    <Found Context="routeData">
        <Microsoft.AspNetCore.Components.Authorization.AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
    </Found>
    <NotFound>
        <PageTitle>Not found</PageTitle>
        <LayoutView Layout="@typeof(MainLayout)">
            <p role="alert">Sorry, there's nothing at this address.</p>
        </LayoutView>
    </NotFound>
</Router>
</CascadingAuthenticationState>

// server/Program.cs 
builder.Services
    .AddAuthentication("Bearer")
    .AddJwtBearer("Bearer", options =>
    {
        options.Authority = "https://localhost:7018"; options.RequireHttpsMetadata = false;
        options.Audience = "api";
        options.TokenValidationParameters = new TokenValidationParameters
        {
            
            // The following made the difference.  
            
            /// ValidateAudience = false,
        };
    });

app.UseRouting();

app.UseCors();

app.UseAuthentication();
app.UseAuthorization();

app.MapRazorPages();

You can find repository right here code.