BlazorBFFOidc and DevTunnel - Auth to MS Entra works for swagger SPA and ALMOST works for Blazor website.

[swegele]

YAY! With https://localhost, I got Aspire/Blazor/API auth working with MS Entra for Customers.
Thank you so much for this sample code and docs!

Using this authority:
oidcOptions.Authority = "https://<mydomain>.ciamlogin.com/<tenantid>/oauth2/v2.0/authorize";

FYI - The only trouble was the code automatically tries to get OIDC meta-data from the wrong url.
So I had to do this manually:
oidcOptions.MetadataAddress = "https://<mydomain>.ciamlogin.com/<tenantid>/v2.0/.well-known/openid-configuration";

OK so now I have setup a dev-tunnel with 2 ports to reach BOTH the WebAPI swagger page AND the Blazor web site.
I start the dev-tunnel in aspire AppHost program.cs like so:
var mydevtunnel = builder.AddExecutable("my-dev-tunnel", "c:/tools/devtunnel.exe", builder.AppHostDirectory, "host");

Works great!. I can navigate to the devtunnel from a browser:

• WebAPI
  • nav to swagger (success)
  • authenticate with MS (success)
  • redirect back to site (success)
  • start exploring endpoints :-)
• Blazor Website
  • nav to Blazor site (success)
  • authenticate with MS (success)
  • redirect back to site (fails)

No matter what I try, after coming back from Microsoft, I always end up seeing that the path got changed somehow back to https://localhost:7327 even though it initiated from https://xxxxx-7182.usw3.devtunnels.ms/ when I got sent to MS for auth.
Thus the signin-oidc page/middleware kicks out a 500 error saying "failed to correlate".

I have quadruple checked all the combinations of Azure AppRegistration Redirect URLs - those are all fine.

I think it is related to how the code does the redirect to auth and back via the following:

LoginLogoutEndpointRouteBuilderExtensions
and
app.MapGroup("/authentication").MapLoginAndLogout();

But I can't figure it out.

I think this would be REALLY cool to prove/show that the dev Inner-Loop with Aspire can include DevTunnels.
I'm half way there with it working for the WebAPI swagger/OpenAPI site.

---

Issue Details

⚠ Do not edit this section. It is required for issue processing.

• Content Source: dotnet/blazor-samples
• GitHub Login: @guardrex

[guardrex]

Hello @swegele ... Open for the product unit at ...

https://github.com/dotnet/aspnetcore/issues

Please add ...

cc: @guardrex https://github.com/dotnet/blazor-samples/issues/288

... to the bottom of your opening comment so that I can follow along.

Note that an issue wouldn't be worked here from the samples repo. It would be opened from the bottom of the article. We work from the docs repo, and that's where the issue is opened when the Open a documentation issue link is used. Issues/PRs here are usually just for patch updates. The article for this is at ...

https://learn.microsoft.com/aspnet/core/blazor/security/blazor-web-app-with-oidc?view=aspnetcore-8.0&pivots=with-bff-pattern