I have a .NET 8.0 Blazor web app:
- BlazorApp.Client- Blazor.Server- BlazorApp.SharedThe app uses JWT-based auth between client and server. I need to use an external third-party API to fetch some data which needs OAuth 2.0-based authentication. The code to fetch this data is in the Blazor.Server app.
0Auth 2.0 authorization_code flow of third-party API:
- Redirect the user to the external site using the generated auth login URL.
- Get the
authorization_codein return. - Send the
authorization_codeto another endpoint and exchange it for anaccess_tokenandrefresh_token.
Then, add this access token to the Bearer <access_token> to every API call towards the third-party's endpoints in the Blazor.Server app. I am using an auth handler:
public class ThirdPartyApiAuthHandler : DelegatingHandler{ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { try { var accessToken = @"// harcoded access token //"; if (string.IsNullOrEmpty(accessToken)) { throw new UnauthorizedAccessException("User not authenticated with eBay."); } request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); return await base.SendAsync(request, cancellationToken); } catch (Exception ex) { throw new InvalidOperationException($"Error in Authentication Handler while sending request to {request.RequestUri}", ex); } }}I am a bit confused about implementing the OAuth flow in the above handler. How can I redirect the user to the external API's authentication URL in the handler? Is it right to handle this in the auth handler?