Automatically Attaching Identity Cookie to HTTP Client in Blazor wasm

I am working on a blazor application where I used my API project as Identity

Provider. Everything is working fine but the issue is that the access token

issued by my API is not validated by the API. It turns out the API is expecting a

cookie header. I took a closer look at blazor hosted application and found out

the cookie is being sent along with each request but it’s same-origin.

My Blazor WASM project does not automatically attach this cookie in the request

header, just the access token.

Is there a way I can make the Http handler attach this cookie on each request?

or make the API validate the access token instead of the identity cookie.

This is my startup class in the API Project

       public static void AddIdentityServer(IServiceCollection services,IConfiguration configuration)
            services.AddIdentityServer(options =>
                options.UserInteraction.LoginUrl = "/Identity/Account/Login";
                options.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
             .AddApiAuthorization<ApplicationUser, ApplicationDbContext>(option =>
                 option.Clients.Add(new Client
                     ClientId = "blazor",
                     AllowedGrantTypes = GrantTypes.Code,
                     RequirePkce = true,
                     RequireClientSecret = false,
                     AllowedCorsOrigins = { "https://localhost:5001" },
                     AllowedScopes = { "openid", "profile", "email","id" },
                     RedirectUris = { "https://localhost:5001/authentication/login-callback" },
                     PostLogoutRedirectUris = { "https://localhost:5001/" },
                     Enabled = true,
                     RequireConsent = false,  

                 option.IdentityResources.Add(new IdentityResource("id",new string[] {"id" }));


                .AddGoogle("Google", options =>
                    options.ClientId = configuration["ExternalLoginApiKey:GoogleClientId"];
                    options.ClientSecret = configuration["ExternalLoginApiKey:GoogleClientSecret"];
                .AddFacebook("Facebook", options =>
                    options.AppId = configuration["ExternalLoginApiKey:FacebookAppId"];
                    options.AppSecret = configuration["ExternalLoginApiKey:FacebookAppSecret"];


Program class in the Blazor Project
        public static async Task Main(string[] args)
            var builder = WebAssemblyHostBuilder.CreateDefault(args);

            builder.Services.AddOidcAuthentication(options =>
                builder.Configuration.Bind("oidc", options.ProviderOptions);
                options.UserOptions.RoleClaim = "role";

            builder.Services.AddHttpClient<IAuthorizedRestService, AuthorizedRestService>(
               client => client.BaseAddress = new Uri("https://localhost:5002/api/mart/v1/"))
                 .AddHttpMessageHandler(sp => sp.GetRequiredService<AuthorizationMessageHandler>()
            .ConfigureHandler(authorizedUrls: new[] { "https://localhost:5002" }));

            builder.Services.AddHttpClient("noauth", option => option.BaseAddress = new 

            builder.Services.AddScoped<IRestService, RestService>();

            await builder.Build().RunAsync();


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

I have found the Solution.

It happens that there is already a JWT handler provided by IdentityServer4 for APIs that double as Authorization Server


So what I did was to configure it
                options =>
                    options.Authority = "https://localhost:5002";
                    options.Audience = "mart";
                    options.SaveToken = true;

Then specify the Authentication scheme to use
    [Authorize(AuthenticationSchemes = IdentityServerJwtConstants.IdentityServerJwtBearerScheme)]

You can also add it globally in the start up class
 var authorizationPolicy = new AuthorizationPolicyBuilder(IdentityServerJwtConstants.IdentityServerJwtBearerScheme)
                options.Filters.Add(new AuthorizeFilter(authorizationPolicy));

You can read more using these links

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x