Skip to content

Add configurable token storage type for the Blazor WASM OIDC Authentication#67625

Open
karmegams02 wants to merge 7 commits into
dotnet:mainfrom
karmegams02:40757_oidc_localstorage
Open

Add configurable token storage type for the Blazor WASM OIDC Authentication#67625
karmegams02 wants to merge 7 commits into
dotnet:mainfrom
karmegams02:40757_oidc_localstorage

Conversation

@karmegams02

@karmegams02 karmegams02 commented Jul 7, 2026

Copy link
Copy Markdown

Summary

Add OIDC token storage option for Blazor WebAssembly

Description

This PR adds a configurable option for where Blazor WebAssembly OIDC authentication state and tokens are stored in the browser.

Previously, OIDC authentication state was stored in sessionStorage, which is scoped to a single browser tab or window. As a result, users opening the same Blazor WebAssembly application in another tab or window were required to authenticate again, causing a poor user experience and repeated token requests.

This change introduces RemoteAuthenticationTokenStorage, allowing applications to choose between:

  • SessionStorage

    • Default behavior.
    • Stores authentication state in window.sessionStorage.
    • Cleared when the tab or window is closed.
    • Not shared across tabs or windows.
  • LocalStorage

    • Stores authentication state in window.localStorage.
    • Shared across tabs and windows for the same origin.
    • Persists across browser sessions.

The default remains SessionStorage to preserve existing behavior and avoid introducing a breaking change.

Changes included

  • Added RemoteAuthenticationTokenStorage enum with:

    • SessionStorage
    • LocalStorage
  • Added OidcProviderOptions.TokenStorage.

  • Updated the WebAssembly authentication TypeScript interop to configure the oidc-client userStore using WebStorageStateStore.

  • Added support for resolving token storage values from serialized configuration.

  • Added public API entries for the new enum and option.

  • Added unit tests for:

    • Default TokenStorage value.
    • Setting TokenStorage.
    • JSON serialization and deserialization.
    • Case-insensitive enum deserialization.
    • Invalid token storage values.
    • Missing token storage configuration.
  • Added E2E coverage validating that:

    • TokenStorage = LocalStorage stores OIDC user state in localStorage.
    • Default/session storage behavior stores OIDC user state in sessionStorage.
    • The selected storage option is displayed by the test app.

Usage example

builder.Services.AddOidcAuthentication(options =>
{
    options.ProviderOptions.Authority = $"{builder.HostEnvironment.BaseAddress}oidc";
    options.ProviderOptions.ClientId = "s6BhdRkqt3";
    options.ProviderOptions.ResponseType = "code";
    options.ProviderOptions.TokenStorage = RemoteAuthenticationTokenStorage.LocalStorage;
});

Fixes #40757

@dotnet-policy-service dotnet-policy-service Bot added the community-contribution Indicates that the PR has been added by a community member label Jul 7, 2026
@dotnet-policy-service

Copy link
Copy Markdown
Contributor

Thanks for your PR, @karmegams02. Someone from the team will get assigned to your PR shortly and we'll get it reviewed.

@karmegams02 karmegams02 marked this pull request as ready for review July 7, 2026 07:22
@karmegams02 karmegams02 requested a review from a team as a code owner July 7, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Blazor][Wasm] Set oidc Authentication Options to Local Storage

1 participant