
BlazorBFFOidc and DevTunnel - Auth to MS Entra works for swagger SPA and ALMOST works for Blazor website.

YAY! With https://localhost, I got Aspire/Blazor/API auth working with MS Entra for Customers.
Thank you so much for this sample code and docs!

Using this authority:
oidcOptions.Authority = "https://<mydomain><tenantid>/oauth2/v2.0/authorize";

FYI - The only trouble was the code automatically tries to get OIDC meta-data from the wrong url.
So I had to do this manually:
oidcOptions.MetadataAddress = "https://<mydomain><tenantid>/v2.0/.well-known/openid-configuration";

OK so now I have setup a dev-tunnel with 2 ports to reach BOTH the WebAPI swagger page AND the Blazor web site.
I start the dev-tunnel in aspire AppHost program.cs like so:
var mydevtunnel = builder.AddExecutable("my-dev-tunnel", "c:/tools/devtunnel.exe", builder.AppHostDirectory, "host");

Works great!. I can navigate to the devtunnel from a browser:

  • WebAPI
    • nav to swagger (success)
    • authenticate with MS (success)
    • redirect back to site (success)
    • start exploring endpoints :-)
  • Blazor Website
    • nav to Blazor site (success)
    • authenticate with MS (success)
    • redirect back to site (fails)

No matter what I try, after coming back from Microsoft, I always end up seeing that the path got changed somehow back to https://localhost:7327 even though it initiated from when I got sent to MS for auth.
Thus the signin-oidc page/middleware kicks out a 500 error saying "failed to correlate".

I have quadruple checked all the combinations of Azure AppRegistration Redirect URLs - those are all fine.

I think it is related to how the code does the redirect to auth and back via the following:


But I can't figure it out.

I think this would be REALLY cool to prove/show that the dev Inner-Loop with Aspire can include DevTunnels.
I'm half way there with it working for the WebAPI swagger/OpenAPI site.

