We have a collection of applications, all written in .NET 8 and Blazor, that are independently deployable, but collaborating. We use OIDC authentication for all of them. The applications are deployed under subpaths, such aswww.example.org/domain/app1, www.example.org/domain/app2, www.example.org/domain/app3. There will be approximately 50-60 such applications.
Single sign-on is assured with our OIDC infrastructure (it is centralised company-wide, and not one of the usual suspects such as Auth0, but imagine it were Auth0). However, we have to create separate registrations for each application, which is becoming cumbersome and the devops team is complaining. It is also slowing down our ability to spin up a new application. We would like instead to have an OIDC Connect Authentication Code Flow at the higher level (www.example.org/domain, or even www.example.org if possible) and then have each application check the user's rights (we already have a roles-based system).
Is there a way to achieve this in .NET, with Blazor applications? Any pointers to a working example perhaps?