Hi I am a little new to this and was just wondering if there is a good example to follow?
I have a Blazor WASM/Client project that authenticates currently with Okta, I also have an API that said Blazor app calls to retrieve user + inventory data. Right now the API is only accessible from the Blazor site, but I am sure that is not sufficient security…what is the best way/guide to secure an API with the same session/context already obtained from the front end?
Hi, you have two projects? the client is wasm? and your API(.net core) is accessible by blazor? do you have the same port and domain? and works? how do configure your wasm and APi in Okta? you have some example? I have some problems… currently I have my client in http:\example.com:5001 and my API in http:\example.com:5002. my client works I can access by okta but when i try to access to my API I have issues with the token… regards
Sorry I should have been more clear. Yes they are two separate projects in the same solution, running on different ports. Blazor WASM can call via the HTTP client to the API. This works however I have no authentication to the API
You can browse to http://localhost:8000/api/messages to ensure it has started. If you get a 401 HTTP error, it indicates that the resource server is up. You will need to pass an access token to access the resource, which will be done by the front-end below.
My question is, the React examples have things like Okta.GetAccessToken() before they put in the bearer, is there an example on how to do this in Blazor?