Blazor OIDC 刷新令牌

Question

I have a Blazor WASM app that uses OIDC authenication. I have the OIDC working.

            builder.Services.AddOidcAuthentication(options =>
            {
                options.ProviderOptions.ResponseType = "code";
                options.ProviderOptions.DefaultScopes.Add("offline_access");
                options.ProviderOptions.Authority = "Oauth URL";
                options.ProviderOptions.ClientId = "client ID";
            });

I have the offline_access scope defined so that a refresh token is generated.

Once the user logins, the response from the token end point gets stored in session storage. This works great as long as the user doesn't exit the app. However, once the user closes the browser and then opens the browser again they have to log back into the site, even it the refresh token has not expired.

How can an Blazor WASM app using OIDC make use of the refresh token?

Thank you, Travis

Answer 1

I think in your case since you are storing the data in the session storage, the data is lost as soon as the browser is closed. The sessionStorage is scoped to the browser's tab If the user reloads the tab, the state persists. If the user closes the tab or the browser, the state is lost. If the user opens multiple browser tabs, each tab has its own independent version of the data.

To address the issue you should use the localStorage in which case the if the user reloads the page or closes and re-opens the browser, the state persists.

Though from the security perspective sessionStorage is the preferred choice.