[blazor-wasm] Pass access token as query string when running SignalR in the browser #20115
Conversation
wtgodbe
changed the title
wtgodbe
changed the title
| @@ -1,18 +0,0 @@ | |||
| <!-- This file is automatically generated. --> | |||
| <Project Sdk="Microsoft.NET.Sdk"> | |||
There was a problem hiding this comment.
Hrm, I wonder why we had this. It wasn't in the shared framework before... (I just checked)
src/SignalR/clients/csharp/Http.Connections.Client/src/Internal/Utils.cs
Show resolved
Hide resolved
src/SignalR/clients/csharp/Http.Connections.Client/src/Internal/Utils.cs
Outdated
Show resolved
Hide resolved
src/SignalR/clients/csharp/Http.Connections.Client/src/Internal/WebSocketsTransport.cs
Outdated
Show resolved
Hide resolved
src/SignalR/clients/csharp/Http.Connections.Client/src/Internal/Utils.cs
Outdated
Show resolved
Hide resolved
src/SignalR/clients/csharp/Http.Connections.Client/src/Internal/WebSocketsTransport.cs
Outdated
Show resolved
Hide resolved
src/SignalR/clients/csharp/Http.Connections.Client/src/Internal/Utils.cs
Show resolved
Hide resolved
|
@pranavkm @BrennanConroy @anurse I pushed a commit responding to feedback |
...ients/csharp/Http.Connections.Client/src/Microsoft.AspNetCore.Http.Connections.Client.csproj
Show resolved
Hide resolved
mkArtakMSFT
added
Blazor ♥ SignalR
...ients/csharp/Http.Connections.Client/src/Microsoft.AspNetCore.Http.Connections.Client.csproj
Outdated
Show resolved
Hide resolved
| // We can't use request headers in the browser, so instead append the token as a query string in that case | ||
| if (_isRunningInBrowser) | ||
| { | ||
| var accessTokenEncoded = UrlEncoder.Default.Encode(accessToken); |
There was a problem hiding this comment.
Would be nice to test this code path. Maybe we can make _isRunningInBrowser internal and modify it in tests to be true.
There was a problem hiding this comment.
Writing a test for this is probably something I'd need help with - do you know of a test I can use as an example of some similar scenario?
There was a problem hiding this comment.
Probably something similar to
src/SignalR/clients/csharp/Http.Connections.Client/src/Internal/Utils.cs
Show resolved
Hide resolved
|
Was thinking about this over the weekend and realized we need to do something about SSE. Right now it doesn't work because we use an HttpClient GET with "text/event-stream" Accept header. Which doesn't work in the browser, we use the We might just have to disable SSE when running the .NET client in the browser. |
Yep, let's do that. In 5.0 we should just remove it altogether. |
|
Is there standard practice for this? Throw a |
|
We are going to want to disable transport fallback to SSE in the browser, and probably throw if the client specifies SSE as the only transport it wants to use. |
Yep.
ServerSentEventsTransport is internal, so as long as StartAsync doesn't get called, we shouldn't need to change it. I would take a look at how we skip WebSockets on platforms where it's not supported and do something similar: |
|
We should also throw an exception if the user passes only SSE, and is running in the browser |
src/SignalR/clients/csharp/Http.Connections.Client/src/HttpConnection.Log.cs
Show resolved
Hide resolved
| @@ -66,6 +66,9 @@ private static class Log | |||
| private static readonly Action<ILogger, HttpTransportType, Exception> _transportStarted = | |||
| LoggerMessage.Define<HttpTransportType>(LogLevel.Debug, new EventId(18, "TransportStarted"), "Transport '{Transport}' started."); | |||
|
|
|||
| private static readonly Action<ILogger, Exception> _serverSentEventsNotSupportedByBrowser = | |||
| LoggerMessage.Define(LogLevel.Debug, new EventId(19, "ServerSentEventsNotSupportedByBrowser"), "Skipping ServerSentEvents because they are not supported by the browser."); | |||
There was a problem hiding this comment.
| LoggerMessage.Define(LogLevel.Debug, new EventId(19, "ServerSentEventsNotSupportedByBrowser"), "Skipping ServerSentEvents because they are not supported by the browser."); | |
| LoggerMessage.Define(LogLevel.Debug, new EventId(19, "ServerSentEventsNotSupportedByBrowser"), "Skipping ServerSentEvents because it is not supported by the browser."); |
There was a problem hiding this comment.
Should I change https://github.com/dotnet/aspnetcore/pull/20115/files#diff-0d9edc1e2ea2a38f9a4be7f30733cc9eR61 as well?
There was a problem hiding this comment.
Don't know what line you're trying to point out
There was a problem hiding this comment.
There was a problem hiding this comment.
Hmm, we can just keep both as is. Not too picky
There was a problem hiding this comment.
The difference is that WebSockets is the name of a transport and a name for the type of socket. In that latter sense, that could be plural. ServerSentEvents is just the name of a transport, so it should probably be singular. Super nitpicky though.
src/SignalR/clients/csharp/Http.Connections.Client/src/HttpConnection.cs
Outdated
Show resolved
Hide resolved
mkArtakMSFT
removed
the
feature-blazor-wasm
|
Closing in favor of #20466, as this change is going into release/3.1 instead of blazor-wasm |
Attempts to resolve #18697
When the signalR client is running in the browser, we need to append the access token as a query string rather than using a request header.
Since this is in blazor-wasm, there were some infra changes needed to get the package building & whatnot.
I used https://github.com/wtgodbe/scratch/tree/master/SigRBlazor/BlazorSignalRApp to validate that the token gets passed as a query string & can be pulled out and referenced by the server.