Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer 10.0.7

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer --version 10.0.7
                    


                    

                
NuGet\Install-Package Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer -Version 10.0.7
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer" Version="10.0.7" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer" Version="10.0.7" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer --version 10.0.7
                    


                    

                
#r "nuget: Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer, 10.0.7"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer@10.0.7
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer&version=10.0.7
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer&version=10.0.7
                    


                            Install as a Cake Tool

What is Rystem?

Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer

NuGet NuGet Downloads

Blazor Server authentication helpers for Rystem.RepositoryFramework.Api.Client.

This package plugs concrete token managers into the API client's interceptor pipeline so repository calls can automatically add bearer tokens in Blazor Server hosts.

Resources

Installation

dotnet add package Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer

The current package metadata in src/Repository/RepositoryFramework.Api.Client.Authentication.BlazorServer/RepositoryFramework.Api.Client.Authentication.BlazorServer.csproj is:

  • package id: Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer
  • version: 10.0.6
  • target framework: net10.0
  • main auth dependency: Microsoft.Identity.Abstractions 11.0.0
  • companion dependency: Rystem.Authentication.Social.Blazor

Package architecture

Area Purpose
TokenManager Microsoft Identity / MSAL path via IAuthorizationHeaderProvider
SocialTokenManager Social-login path via SocialLoginManager
Convenience extensions Register the right token manager into the base API-client interceptor pipeline
Shared AuthenticatorSettings Reuse the settings model from Rystem.RepositoryFramework.Api.Client

Mental model

This package does not implement a new HTTP client. It only provides Blazor Server-specific token sources for the base repository API client.

The actual HTTP behavior still comes from Rystem.RepositoryFramework.Api.Client:

  • request interceptors add headers
  • response interceptors can retry after 401 Unauthorized
  • repository calls still use the same API-client routes and payload shapes

This package only decides how the bearer token is acquired.

Option 1: Microsoft Identity / MSAL

This path is built on IAuthorizationHeaderProvider from Microsoft.Identity.Abstractions.

Typical setup

builder.Services
    .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
    .EnableTokenAcquisitionToCallDownstreamApi(["api://your-api-id/.default"])
    .AddInMemoryTokenCaches();

builder.Services.AddDefaultAuthorizationInterceptorForApiHttpClient(settings =>
{
    settings.Scopes = ["api://your-api-id/.default"];
});

builder.Services.AddRepository<Product, int>(repositoryBuilder =>
{
    repositoryBuilder.WithApiClient(apiBuilder =>
    {
        apiBuilder.WithHttpClient("https://api.example.com");
    });
});

How TokenManager works

  • it asks IAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(...) for a full authorization header value
  • it expects that value to look like Bearer {token}
  • it splits the returned string and applies it to HttpClient.DefaultRequestHeaders.Authorization
  • if token acquisition fails, it returns null and the request proceeds without an auth header

Scope requirement

In practice you should provide settings.Scopes for this path, because the underlying token-manager implementation passes _settings.Scopes! to CreateAuthorizationHeaderForUserAsync(...).

Option 2: Rystem social login

This path is built on SocialLoginManager from Rystem.Authentication.Social.Blazor.

Typical setup

builder.Services.AddDefaultSocialLoginAuthorizationInterceptorForApiHttpClient();

builder.Services.AddRepository<Product, int>(repositoryBuilder =>
{
    repositoryBuilder.WithApiClient(apiBuilder =>
    {
        apiBuilder.WithHttpClient("https://api.example.com");
    });
});

How SocialTokenManager works

  • it calls SocialLoginManager.FetchTokenAsync()
  • when a token exists, it sends Authorization: Bearer {accessToken}
  • when a token is missing, it calls LogoutAsync()
  • if NavigationManager is available, it forces a page refresh so the login flow can restart

This makes the social-login path more aggressive than the MSAL path: missing auth state can immediately push the user back into a sign-in flow.

Scope of the helper

This package only exposes the social-login convenience method in its global form:

builder.Services.AddDefaultSocialLoginAuthorizationInterceptorForApiHttpClient();

There is no package-level convenience overload for model-only or model-plus-key-only social auth.

Extension methods

All convenience methods are registered on IServiceCollection.

Method Token source Scope
AddDefaultAuthorizationInterceptorForApiHttpClient(settings?) TokenManager all repository clients
AddDefaultAuthorizationInterceptorForApiHttpClient<T>(settings?) TokenManager one model
AddDefaultAuthorizationInterceptorForApiHttpClient<T, TKey>(settings?) TokenManager one model + key
AddDefaultSocialLoginAuthorizationInterceptorForApiHttpClient(settings?) SocialTokenManager all repository clients

AuthenticatorSettings

This package reuses the shared settings model from the core API client package.

public class AuthenticatorSettings
{
    public string[]? Scopes { get; set; }
    public Func<Exception, IServiceProvider, Task>? ExceptionHandler { get; set; }
}
  • Scopes matters for the Microsoft Identity path
  • ExceptionHandler is used by the base bearer interceptor when request-time token enrichment throws

Source-backed behavior notes

Request/response behavior comes from the base client package

These helpers ultimately call the generic registration methods in Rystem.RepositoryFramework.Api.Client, so the same caveats still apply here:

  • global and model-specific registrations add both request and response interceptors
  • model-plus-key registration adds only the request interceptor in the current implementation

That means automatic 401 refresh-and-retry is available for the global and model-specific registrations, but not fully for the model-plus-key registration path.

Token acquisition failures are soft failures

For the Microsoft Identity path, the token manager catches token-acquisition exceptions and returns null, so the outgoing request can continue without the bearer header.

Social-login failures trigger logout behavior

For the social-login path, failure to fetch a token leads to logout plus optional forced navigation refresh.

Practical examples

Global MSAL registration

builder.Services.AddDefaultAuthorizationInterceptorForApiHttpClient(settings =>
{
    settings.Scopes = builder.Configuration["AzureAd:Scopes"]!.Split(' ');
});

Model-specific MSAL registration

builder.Services.AddDefaultAuthorizationInterceptorForApiHttpClient<Product>(settings =>
{
    settings.Scopes = ["api://your-api-id/.default"];
});

Global social-login registration

builder.Services.AddDefaultSocialLoginAuthorizationInterceptorForApiHttpClient();
Package Purpose
Rystem.RepositoryFramework.Api.Client Base repository HTTP client and interceptor pipeline
Rystem.RepositoryFramework.Api.Client.Authentication.BlazorWasm Equivalent auth helpers for Blazor WebAssembly
Rystem.Authentication.Social.Blazor Social-login infrastructure used by SocialTokenManager
Rystem.RepositoryFramework.Api.Server Matching server package

Read this package after src/Repository/RepositoryFramework.Api.Client/README.md when your repository client runs in Blazor Server.

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
10.0.7 42 3/26/2026
10.0.6 157,917 3/3/2026
10.0.5 98 2/22/2026
10.0.4 108 2/9/2026
10.0.3 147,893 1/28/2026
10.0.1 209,068 11/12/2025
9.1.3 270 9/2/2025
9.1.2 764,471 5/29/2025
9.1.1 97,842 5/2/2025
9.0.32 186,731 4/15/2025
9.0.31 5,822 4/2/2025
9.0.30 88,785 3/26/2025
9.0.29 9,067 3/18/2025
9.0.28 256 3/17/2025
9.0.27 236 3/16/2025
9.0.26 302 3/13/2025
9.0.25 52,172 3/9/2025
9.0.21 355 3/6/2025
9.0.20 19,566 3/6/2025
9.0.19 327 3/6/2025
Loading failed