I'm trying to create a blazor web app with an external dedicated API service that should also provide authentication for both app and service.
Some specifications:
- none of the app pages will be available without authentication except login and registration
- login and registration pages should be part of the blazor app
- the app should preserve the authentication
I already tried JWT but I need a refresh token and I didn't find a secure way to store it.I also tried Authorization Code Flow with Proof Key for Code Exchange (PKCE) but i didn't find a way to use the app login page, but I had to send an html page from the service.Any suggestions are appreciated, whether to improve previous approaches or to recommend a different method.At the moment I'm working with blazor server but it would be nice to have a solution also valid for webassembly