Cirreum.Runtime.Wasm.Oidc 1.0.40

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package Cirreum.Runtime.Wasm.Oidc --version 1.0.40
                    


                    

                
NuGet\Install-Package Cirreum.Runtime.Wasm.Oidc -Version 1.0.40
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Cirreum.Runtime.Wasm.Oidc" Version="1.0.40" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Cirreum.Runtime.Wasm.Oidc" Version="1.0.40" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Cirreum.Runtime.Wasm.Oidc" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Cirreum.Runtime.Wasm.Oidc --version 1.0.40
                    


                    

                
#r "nuget: Cirreum.Runtime.Wasm.Oidc, 1.0.40"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Cirreum.Runtime.Wasm.Oidc@1.0.40
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Cirreum.Runtime.Wasm.Oidc&version=1.0.40
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Cirreum.Runtime.Wasm.Oidc&version=1.0.40
                    


                            Install as a Cake Tool

Cirreum.Runtime.Wasm.Oidc

NuGet Version NuGet Downloads GitHub Release License .NET

Seamless OIDC authentication for Blazor WebAssembly applications in the Cirreum ecosystem

Overview

Cirreum.Runtime.Wasm.Oidc provides OpenID Connect (OIDC) authentication for Blazor WebAssembly applications built on the Cirreum framework.

It supports both:

  • Static OIDC configuration (traditional single-tenant apps)
  • Dynamic, runtime-resolved OIDC configuration (multi-tenant / white-label / BYOID scenarios)

The library extends Microsoft’s WASM authentication stack with enhanced claims handling, authorization defaults, session monitoring, and fluent configuration.

Features

  • OIDC Authentication

    • Full OpenID Connect support for Blazor WebAssembly
    • Works with any OIDC-compliant identity provider

  • Dynamic Tenant Authentication

    • Resolve OIDC settings at runtime per tenant
    • No compile-time dependency on a specific IdP
    • Supports Okta, Auth0, Ping, Keycloak, Duende, and others

  • Enhanced Claims Processing

    • Custom claims principal factory
    • Optional claims extenders for provider-specific mapping

  • Authorization Policies

    • Standard policies included by default:

      • Standard
      • StandardInternal
      • StandardAgent
      • StandardManager
      • StandardAdmin

  • Session Monitoring

    • Idle timeout and absolute session lifetime support

  • Application User Integration

    • Fluent registration of application user factories

  • Fluent Configuration API

    • Builder-based chaining for auth-related concerns

Installation

dotnet add package Cirreum.Runtime.Wasm.Oidc

Usage

Static (Traditional) OIDC Setup

builder.AddOidcAuth(options =>
{
    options.Authority = "https://your-identity-provider.com";
    options.ClientId = "your-client-id";
    options.ResponseType = "code";
    options.DefaultScopes.Add("openid");
    options.DefaultScopes.Add("profile");
});

Static OIDC with Custom Claims Extender

builder.AddOidcAuth(options =>
{
    options.Authority = "https://your-identity-provider.com";
    options.ClientId = "your-client-id";
})
.AddClaimsExtender<MyClaimsExtender>();

Dynamic (Tenant-Resolved) OIDC Authentication

AddDynamicAuth enables runtime OIDC configuration, allowing the application to authenticate users against different identity providers based on the current tenant.

This is ideal for:

  • Multi-tenant SaaS
  • White-label platforms
  • Bring-Your-Own-Identity (BYOID)
  • Customer-hosted IdPs

Program.cs

var builder = DomainApplication.CreateBuilder(args);

builder.AddDynamicAuth();

await builder.BuildAndRunAsync<MyDomain>();

Dynamic Auth with Claims Extender

builder.AddDynamicAuth()
    .AddClaimsExtender<OktaClaimsExtender>();

How Dynamic Auth Works

  1. A lightweight loader script runs before Blazor starts
  2. The loader fetches tenant-specific OIDC configuration
  3. Configuration is written to:
window.tenantAuthConfig
  1. AddDynamicAuth() reads this configuration during startup
  2. OIDC authentication is configured dynamically

Loader Contract

To enable dynamic auth, the loader must define:

<script
  src="cirreum-wasm-loader.js"
  auth-type="dynamic"
  auth-type-url="https://auth.example.com/tenants/{tenant}/oidc">
</script>
  • {tenant} is replaced with the tenant slug derived from the URL
  • The endpoint must return a valid tenant auth configuration payload

Required Tenant Configuration Fields

{
  "authority": "https://idp.example.com",
  "clientId": "client-id",
  "responseType": "code",
  "scopes": ["openid", "profile", "email"]
}

Validation

AddDynamicAuth throws an exception at startup if:

  • Tenant configuration is missing
  • Authority is not defined
  • ClientId is not defined

This ensures authentication failures are detected early and explicitly.

Adding Session Monitoring

builder.AddOidcAuth(options => { /* ... */ })
    .AddSessionMonitoring(session =>
    {
        session.IdleTimeout = TimeSpan.FromMinutes(30);
        session.SessionTimeout = TimeSpan.FromHours(8);
    });

Works identically for static and dynamic authentication.

Adding Application User Support

builder.AddOidcAuth(options => { /* ... */ })
    .AddApplicationUserResolver<MyUserResolver>();

Or with dynamic auth:

builder.AddDynamicAuth()
    .AddApplicationUserResolver<MyUserResolver>();

Architecture

Built on top of:

  • Cirreum.Runtime.Wasm
  • Microsoft.AspNetCore.Components.WebAssembly.Authentication
  • Microsoft.IdentityModel.JsonWebTokens

Dynamic auth is layered cleanly on top of the standard WASM auth pipeline and does not replace or fork Microsoft’s implementation.

Versioning

This package follows Semantic Versioning:

  • Major — Breaking changes
  • Minor — Backward-compatible features
  • Patch — Bug fixes

Dynamic authentication was introduced as a non-breaking additive feature.

License

MIT License. See LICENSE.

Cirreum Foundation Framework Layered simplicity for modern .NET

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.40 97 5/11/2026
1.0.39 93 5/10/2026
1.0.38 95 5/1/2026
1.0.37 103 4/28/2026
1.0.36 115 4/27/2026
1.0.35 111 4/26/2026
1.0.34 99 4/26/2026
1.0.33 105 4/16/2026
1.0.32 106 4/15/2026
1.0.31 109 4/13/2026
1.0.30 104 4/13/2026
1.0.29 115 4/10/2026
1.0.28 118 3/25/2026
1.0.27 109 3/21/2026
1.0.26 110 3/20/2026
1.0.25 101 3/20/2026
1.0.24 101 3/20/2026
1.0.23 110 3/18/2026
1.0.22 109 3/17/2026
1.0.21 113 3/16/2026
Loading failed