The Authorization Code Provider is responsible for initiating the OAuth 2.0 and OpenID Connect authorization code flow in a Blazor application. It constructs an authorization request, navigates the user to the identity provider’s authorization endpoint (typically via a popup), then returns the authorization code (or a failure reason) to the caller.

In Blazorade Id, the authorization code returned by this service is used by the Token Service to redeem tokens at the token endpoint.

• Create a complete authorization request, including PKCE and OpenID Connect parameters.
• Persist transient authorization request state needed later in the flow, such as the PKCE code verifier, nonce, and requested scopes, using the Property Store.
• Send the user to the identity provider’s authorization endpoint and receive the redirect response URL.
• Extract the authorization code from the redirect response and return it to the caller.
• Report failure conditions in a structured way when an authorization code cannot be obtained.

• GetAuthorizationCodeAsync: Initiates an authorization request using the provided options and returns an authorization code result.

The default implementation, BlazorAuthorizationCodeProvider, is designed for Blazor Server and Blazor WebAssembly applications.

Key behaviors:

• Redirect URI selection

  • Uses the configured redirect URI when available.
  • Otherwise uses the Redirect URI Provider to compute one.

• PKCE setup

  • Generates a code verifier using the Code Challenge Service.
  • Persists the code verifier using the Property Store so it can be used later when redeeming the code.

• OpenID Connect state

  • Generates a cryptographically strong nonce.
  • Persists the nonce using the Property Store.

• Scopes

  • Joins the requested scopes into a space-delimited string.
  • Persists the resulting scope string using the Property Store.

• Authorization endpoint URL

  • Uses the Endpoint Service to create an authorization request URI builder.
  • Adds required parameters such as client id, response type, response mode, redirect URI, scope, nonce, and PKCE code challenge.
  • Adds prompt when specified in the options.

• User interaction and callback

  • Opens the authorization request in a popup through JavaScript interop.
  • Waits for a callback containing the redirect response URL.
  • Uses a timeout of 5 minutes.

• Result processing

  • Extracts the code query parameter from the redirect response URL.
  • Returns an AuthorizationCodeResult containing either the code or a failure reason.

• This service is intentionally focused on obtaining an authorization code. Validation and any subsequent processing (for example, redeeming the code for tokens) is the responsibility of the caller, typically the Token Service.
• The persisted values (nonce, code verifier, scopes) are part of the authorization request state and are expected to be consumed later in the flow by downstream components.
• Because the default implementation uses browser interaction and JavaScript interop, it is intended for interactive sign-in scenarios.

• The OAuth 2.0 Authorization Framework (RFC 6749)
• Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)
• OpenID Connect Core 1.0
• Microsoft identity platform and OAuth 2.0 authorization code flow