I have to build a Blazor 8 solution with Rendermode InteractiveWebAssembly(probability without Pre-Render).Any page are under authorization and the login process is performed by an external service(a web api controller) that giving username and password return a JWT access and a JWT refresh tokens. The refresh token can be used once to obtains another couple of tokens. With this tokens, I have to authenticate the user for the UI and authenticate calls to an expternal webApi. The calls to external webapi service may be performed from the serverpages(no interactive) and from the webassembly interactive pages.For the UI authentication I want to use AddIdentityCookies of Microsoft.AspNetCore.Identity, I not want to rewrite this part, But I will not use Microsoft.AspNetCore.Identity.EntityFrameworkCore, because manage the users is the role of the external authenticator service.
I am quite new to blazor and not an expert on UI authentication.
I create a Blazor 8 project template and I select RenderMode=InteractiveWebAssembly and for the authentication I choiced Individual users(I will remove the unnecessary generated parts later).
In the generate login page, I removed SignInManager.PasswordSignInAsync and I added the call to authentication service. If I receive the two valid tokens from the service I build a ClaimsPrincipal with the informations included in the access token, I add the two tokens as two new claims and with this new ClaimsPrincipal I complete the login process
await Context.SignInAsync(AuthenticationScheme, newUserPrincipal, authenticationProperties ?? new AuthenticationProperties());Context.User = userPrincipal;in the generated PersistingServerAuthenticationStateProvider, in OnAuthenticationStateChanged, I get my token claim from the current user and if is expired I call the refresh of the external authentication service, I get two new tokens, I perform Context.SignOutAsync and with the informations included in the new token I build a new ClaimsPrincipal, I add to it the new two tokens and I perform another Context.SignInAsync with the new identity(like I did at first login in the login component), with this new user I create a new AuthenticateState and I call SetAuthenticationState(of base class ServerAuthenticationStateProvider) with the new AuthenticateState. All this keep updated the tokens on server side and when OnPersistingAsync fires, it always found a valid access token, so if I navigate to a webassembly interactive component, it found a good access token(I added the two token properties to UserInfo class).But when I navigate to a page in the client project(that use the token to call the external webapi), I can work long on the page, so the token may expire during the time I work on the page. To handle the token expiration, in the generated client PersistentAuthenticationStateProvider, in GetAuthenticationStateAsync I do the same I did in the server AuthenticationStateProvider, if the token is expired I call a refresh from the external authentication service, I build a new claimsPrincipal and I update the local authenticationStateTask with the new identity(I had to remove readonly form variable declaration) and all works.But after a token refresh occurs in a client component, the problem is if I change page and I navigate to a server Page, the browser will send back to the server the cookie where the tokens are not updated, so the PersistingServerAuthenticationStateProvider will try to refresh them but it will fail because the refresh token can be used just once.So the problem is update the cookie(or the server) with the new tokens when the expiration is handled from WebAssebly.Is there any way to fix this problem?