blazor web app - oidc options

[bart-auvifox]

Hi

I am trying to connect a blazor web to an API with oidc auth.
But i cannot get it to overwrite the authority per tenant.

the goal is to use subdomains for the tenant:
ex:

• sub01.localhost:7120
• sub02.localhost:7120
• sub03.localhost:7120

each tenant should connect to its own authority:

• authurl/sub01
• authurl/sub02
• authurl/sub03

My config:

`
const string MS_OIDC_SCHEME = "MicrosoftOidc";

var builder = WebApplication.CreateBuilder(args);
string authUrl = builder.Configuration.GetValue("oidc:Authority");

builder.Services.AddAuthentication(MS_OIDC_SCHEME)
.AddOpenIdConnect(MS_OIDC_SCHEME, oidcOptions =>
{
oidcOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

    oidcOptions.Scope.Add(OpenIdConnectScope.OfflineAccess);
    oidcOptions.Scope.Add(OpenIdConnectScope.Email);
    oidcOptions.Scope.Add(OpenIdConnectScope.OpenIdProfile);

    oidcOptions.Authority = "https://__temp";

    oidcOptions.ClientId = builder.Configuration.GetValue<string>("oidc:ClientId");
    oidcOptions.ClientSecret = builder.Configuration.GetValue<string>("oidc:ClientSecret");

    oidcOptions.ResponseType = OpenIdConnectResponseType.Code;

    oidcOptions.MapInboundClaims = false;
    oidcOptions.ProtocolValidator.RequireNonce = false;

    oidcOptions.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
    oidcOptions.TokenValidationParameters.RoleClaimType = "role";
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);

builder.Services.AddMultiTenant()
.WithBasePathStrategy()
.WithHostStrategy()
.WithPerTenantAuthentication();

builder.Services.ConfigurePerTenant<OpenIdConnectOptions, TenantInfo>((oidcOptions, tenant) =>
{
oidcOptions.Authority = $"{authUrl}/{tenant.Name}";
});

builder.Services.ConfigureCookieOidcRefresh(CookieAuthenticationDefaults.AuthenticationScheme, "DmOidc");

builder.Services.AddAuthorization();
builder.Services.AddCascadingAuthenticationState();
builder.Services.AddRazorComponents()
.AddInteractiveServerComponents()
.AddInteractiveWebAssemblyComponents();

builder.Services.AddScoped<AuthenticationStateProvider, PersistingAuthenticationStateProvider>();
builder.Services.AddHttpContextAccessor();

var app = builder.Build();

if (app.Environment.IsDevelopment())
{
IdentityModelEventSource.ShowPII = true;
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error", createScopeForErrors: true);
app.UseHsts();
}

app.Use(async (context, next) =>
{
context.Response.Headers.Append("X-Robots-Tag", "none, noarchive, nositelinkssearchbox");
await next();
});

app.UseHttpsRedirection();

app.UseStaticFiles();

app.UseMultiTenant();

app.UseAuthentication();
app.UseAuthorization();

app.UseAntiforgery();

app.MapRazorComponents()
.AddInteractiveServerRenderMode();

app.MapGroup("/authentication").MapLoginAndLogout();

app.Run();
`

It seems the ConfigurePerTenant is not overriding the setting.

[AndrewTriesToCode]

hi, I am sorry for the late reply. I have to admit I'm not an expert at client side Blazor. Can you confirm if the issue applies if you just try injecting IOptions<OpenIdConnectOptions> somewhere to inspect what it is resolving?