Getting access token in Blazor WASM Standalone
I have a Blazor WASM standalone app that uses Azure AD B2C for user and token management.
I've seen other questions/answers about this issue but in my case none of those approaches have worked and my Blazor WASM Standalone app is NOT able to get access tokens.
My Blazor app is set up as a SPA app on Azure AD B2C and it's important to note that "Access Tokens" and "Id Tokens" options are unchecked under "Implicit grant and hybrid flows" section. Also, "Allow public flows" is set to "No" -- see below. For these settings, I just followed the instructions here: https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory-b2c?view=aspnetcore-8.0#register-an-app-in-azure
I also added the "Read" and "Write" scopes for my API under "Configured Permissions" for my Blazor WASM app -- see below:
On the Blazor WASM side, this is what my Program.cs looks like:
...
builder.Services.AddMsalAuthentication(options =>
{
builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);
options.ProviderOptions.LoginMode = "redirect";
//options.ProviderOptions.DefaultAccessTokenScopes.Add("openid");
//options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access");
options.ProviderOptions.DefaultAccessTokenScopes.Add("https://mytenant.onmicrosoft.com/api/MyApiUser.Write");
});
// Add HttpClient for My API calls
builder.Services.AddHttpClient("MyApiClient",
client => client.BaseAddress = new Uri("https://api.test.com"))
.AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();
builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>()
.CreateClient("MyApiClient"));
Please notice that I commented out the scopes for openid and offline_access but I did try it with them as well. Either way, it doesn't work and no access_token is received.
In this SO question/answer, the developer suggests using the Application Id for the Blazor WASM app instead of the scope URI worked for him. I did try the following and that did NOT work either. Here's that question: Blazor Standalone WASM Unable to get Access Token with MSAL
options.ProviderOptions.DefaultAccessTokenScopes.Add("cb3574c0-305e-4e44-a3b7-ac5f045f94e7"); // options.ProviderOptions.DefaultAccessTokenScopes.Add("https://mytenant.onmicrosoft.com/api/MyApiUser.Write");
Here the GUID value of cb3574c0-305e-4e44-a3b7-ac5f045f94e7 is the Application Id for my Blazor WASM app as assigned by Azure AD B2C.
When I inspect the HttpClient where I make my API calls, I see that DefaultRequestHeaders is null.
I don't believe Azure AD B2C is actually sending an access_token at all. Any idea what I'm doing wrong here?
Note that: Generating access token in Azure AD B2C depends on the scope you pass.
- If you are passing invalid scope, access token will not be generated.
The error occurred as you are passing wrong scope https://mytenant.onmicrosoft.com/api/MyApiUser.Write
To resolve the error, make sure to pass scope as var scopes = new[] { "openid", "profile", "offline_access" "https://mytenant.onmicrosoft.com/ClientID/ScopeName" };
Modify the code by passing the valid scope:
...
builder.Services.AddMsalAuthentication(options =>
{
builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);
options.ProviderOptions.LoginMode = "redirect";
//options.ProviderOptions.DefaultAccessTokenScopes.Add("openid");
//options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access");
options.ProviderOptions.DefaultAccessTokenScopes.Add("openid", "profile", "offline_access" "https://mytenant.onmicrosoft.com/ClientID/ScopeName"");
});
// Add HttpClient for My API calls
builder.Services.AddHttpClient("MyApiClient",
client => client.BaseAddress = new Uri("https://api.test.com"))
.AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();
builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>()
.CreateClient("MyApiClient"))
The error "The provided application is not configured to allow public clients." usually occurs if the Azure AD B2C application is not set as public.
To resolve the error, make sure to set Allow public client flows as YES:
Also make sure to configure redirect URL as SPA.
Reference:
c# - Null AccessToken returned from AuthenticationResult - Stack Overflow by me
- Is there any way to communicate to main layout of blazor pages
- Debounce implementation with CancellationTokenSource in Blazor server side
- .NET 8 & Blazor components nullable warning with @ref
- Can we consume a Blazor component as a Web Component within a regular non-Blazor HTML page?
- How to use new UseExceptionHandler and Error page in Blazor net8.0
- SkiaSharp in Blazor for desktop app without WASM ( Blazor Hybrid? )
- How to style individual cells of FluentDataGrid based on their value?
- InputText : unable to implement CSS for InputText
- Why is OnInitializedAsync() called twice on a page reload
- FluentUI: Capture KeyCode [Ctrl] + Mouseclick
- Is it possible to load a server side Blazor pages HTML before the code is executed?
- Blazor page elements other than Body
- Blazor Server: MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call
- Blazor- EditForm InputCheckbox nullable bools issue work around
- blazor - EditorRequired attribute
- Blazor 8 Delegate Type Could Not Be Inferred
- How can I create a new layout using Blazor Bootstrap?
- How to stop Blazor from reloading page and clearing html tag?
- Getting access token in Blazor WASM Standalone
- Making sure BaseAddressAuthorizationMessageHandler attaching access tokens
- render a blazor component with disabled property set after business logic applied
- How can I determine when all child components have completed OnInitializedAsync()?
- Using a named HttpClient in a service in Blazor WASM
- Can we make a Mud Checkbox functionality work as a Radio functionality?
- How Blazor Framework get notifed when the property value gets changed
- Changes to js file not picked up for Blazor server app
- Why is scoped service injected in MainLayout.razor reinstanced? on every page
- ElectronNET Electron.Dialog.ShowOpenDialogAsync never returns
- Page NOT in the shared project does not show correctly in browser
- blazor after visual studio update throws some strange JS warnings