-
Notifications
You must be signed in to change notification settings - Fork 25.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blazor ROPC #33749
Blazor ROPC #33749
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A++ work as usual for you.
Co-authored-by: Rick Anderson <[email protected]>
I think we'll go ahead and merge this tomorrow (Monday) EOD. I think the only significant question is on if env vars offer enough protection for test/staging. Right now, the updates on this PR advise not to use them except in local dev testing, along with the Secret Manager tool. |
BTW ... As soon as this goes in, I'll be updating the BWA+OIDC sample app and article with guidance to use the Secret Manager tool for the client secret. Tracked by 👉 #33804. As for the upcoming BWA+Entra sample app and article, it will be set up in the PR that establishes the article. |
@Rick-Anderson ... Try it now. I ended up using "recommendation" language similar to what you used on your PR. |
Fixes #33744
Fixes #33784
I needed a special INCLUDE for Blazor to distinguish between client-side/SPA and server-side Blazor projects. I also prefer to use the word "project" in the BWA/server-side context over "app" because BWA/hosted WASM is a solution of two or more projects that have different security requirements.
Internal previews
Toggle expand/collapse