Blazorade ID is built around a set of focused services that together implement authentication and token acquisition in Blazor applications. Each service has a clearly defined responsibility, and the overall design follows a composable, pluggable architecture.

All core services have default implementations that work out of the box for common scenarios. At the same time, every service can be replaced or extended to adapt Blazorade ID to different hosting models, identity providers, token storage strategies, and user experience requirements.

This page describes the services provided by Blazorade ID, their responsibilities, and how they interact with each other. It is intended as a reference for understanding the internal structure of the library and for identifying extension points when customization is required.

• Token Service - Acquires, refreshes, and caches tokens from the configured identity provider, invoking the authorization flow when needed and storing tokens via the configured token store for later use.
• Authentication Service - Provides a Blazor-centric abstraction for sign-in and sign-out by creating a claims principal from an identity token, delegating all token acquisition and authentication flow decisions to the token service.
• Scope Analyzer - Analyzes and classifies OAuth scopes requested by the application, enabling differentiated handling of default and elevated permissions based on their intended access level and security sensitivity.
• Http Request Factory - Creates HttpRequestMessage instances for calling bearer-token protected resources, applying the appropriate authorization details using access tokens acquired and managed by the token service.
• Token Store - Coordinates acquisition of access and identity tokens from the configured identity provider, invoking authorization flows when required and delegating token persistence to the configured store services.
• Refresh Token Store - Persists refresh tokens and related metadata using a configurable storage mechanism, enabling token renewal without requiring repeated user authentication.
• Property Store - Stores non-token authentication state and metadata, such as transient values and flow-related properties, independently of token persistence and retrieval.
• Authorization Code Provider - Initiates the authorization request with the configured identity provider and produces an authorization code for the PKCE flow, typically by redirecting or opening a browser-based interaction with the user.
• Authorization Code Processor - Processes the authorization code produced by the authorization code provider and exchanges it with the identity provider’s token endpoint for a set of tokens.
• Authentication State Notifier - Notifies the application’s authentication infrastructure when the authenticated user changes, ensuring that Blazor authorization state and dependent components are updated accordingly.
• Authorization Code Failure Notifier - Receives information about failed authorization code requests and publishes the failure as an event that applications can subscribe to and handle appropriately.
• Http Service - The HTTP Service sends HTTP request messages and returns the corresponding responses, acting as a thin transport abstraction for outbound HTTP communication.
• Code Challenge Service - Code Challenge Service generates PKCE code verifiers and derives corresponding code challenges for OAuth 2.0 authorization code flows, enabling secure exchange of authorization codes without client secrets.
• Redirect Uri Provider - The Redirect Uri Provider Service supplies the redirect URI used by authentication flows in Blazorade Id