Quantcast
Channel: Active questions tagged blazor - Stack Overflow
Viewing all articles
Browse latest Browse all 4839

Blazor server side, sending 302 IDP redirect for XHR, negotiate calls and accumulating cookies

$
0
0

How do we stop our blazor to send oauth 302 redirect for xhr calls, which will never be processed at browser.

Problem is that before sending 302 redirect it created nonce and correlation cookies, which gets sent to browser and they keep accumulating.

Now even a page refresh might fail because of large number of cookies being sent, like NGINX and similar others have some kind of limit.

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))    .EnableTokenAcquisitionToCallDownstreamApi()    .AddInMemoryTokenCaches()    .Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>    {        Uri baseUri = new Uri(azureAdOptions.Instance);        Uri metadataUri = new Uri(baseUri, $"/{azureAdOptions.TenantId}/v2.0/.well-known/openid-configuration?appid={options.ClientId}");        options.MetadataAddress = metadataUri.ToString();        options.Events = new OpenIdConnectEvents        {            OnAuthenticationFailed = context =>            {                context.HandleResponse();                context.Response.Redirect("/Error?message=" + context.Exception.Message);                return Task.CompletedTask;            },            OnTokenValidated = context =>            {            return Task.CompletedTask;            },            OnRedirectToIdentityProvider = context =>            {                var defaultSite = builder.Configuration["DefaultSite"]?.ToString();                context.ProtocolMessage.RedirectUri = $"{defaultSite}/signin-oidc";                return Task.CompletedTask;            }        };    });

Viewing all articles
Browse latest Browse all 4839

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>