Skip to content

[Blazor] Blazor Web App with multiple secure API not working with OIDC #60868

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
mihirpatelipsos opened this issue Mar 11, 2025 · 3 comments
Closed
1 task done

[Blazor] Blazor Web App with multiple secure API not working with OIDC #60868

mihirpatelipsos opened this issue Mar 11, 2025 · 3 comments
Labels
area-security

Comments

@mihirpatelipsos
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

I was looking for the solution to work with Blazor Web App with multiple downstream secure APIs which were not part of the BWA project.
I've been following the BWA with OIDC (BFF pattern) article and sample based on following documents:

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/blazor-web-app-with-oidc?view=aspnetcore-9.0&pivots=with-bff-pattern
https://github.com/dotnet/blazor-samples/tree/main/9.0/BlazorWebAppOidcBff

It is working fine when I am connecting to single secure API, but failing with following error when I try to add more than one API scopes:

It seems OIDC was failing with static scope limit exceeded error.

Image

Code:
Image

How can I work with the multiple secure APIs using OIDC or Entra Id based Identity through BWA?

Expected Behavior

Blazor Web App (BWA) should be able to access multiple secure APIs which are outside of Blazor project.

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

dotnet 9.0

Anything else?

cc: @guardrex dotnet/AspNetCore.Docs#34927
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-blazor Includes: Blazor, Razor Components label Mar 11, 2025
@mihirpatelipsos mihirpatelipsos mentioned this issue Mar 11, 2025
Closed
@javiercn javiercn added area-security and removed area-blazor Includes: Blazor, Razor Components labels Mar 12, 2025
@halter73
Copy link
Member

@jennyf19 @jmprieur I haven't seen this AADSTS70011 "static scope limit exceeded"AADSTS70011 "static scope limit exceeded" error before. Do you know what could cause it?

How many scopes are in the PredictorAPIScopes section?

@mihirpatelipsos
Copy link
Author

@halter73 - Here is what I am using in Program.cs

Image

And following is list of Scopes registered under App Registration for this API:

Image

@MackinnonBuck
Copy link
Member

Thanks for reaching out. This looks like an issue with Entra rather than ASP.NET Core, so we're going to close this out.

We'd recommend trying out Microsoft.Identity.Web. The docs can be found here: https://learn.microsoft.com/aspnet/core/blazor/security/blazor-web-app-with-entra?view=aspnetcore-9.0&pivots=non-bff-pattern. It's very similar to OIDC but uses the Entra-specific package. If you encounter a similar issue when using Microsoft.Identity.Web, you could open an issue in the microsoft-identity-web GitHub repo.

@MackinnonBuck MackinnonBuck closed this as not planned Won't fix, can't repro, duplicate, stale Mar 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@halter73 @javiercn @mihirpatelipsos @MackinnonBuck