How to attach the token correctly to BaseAddressAuthorizationMessageHandler for OpenID Connect Authorization Code Flow

[OrchardSkills]

How do you attach the token correctly to BaseAddressAuthorizationMessageHandler for OpenID Connect Authorization Code Flow
auth url: https://localhost:44300/connect/authorize
token url: https://localhost:44300/connect/token
client id and secret
scope: offline_access, opened profile roles

public class Program
{
    public static async Task Main(string[] args)
    {
        var builder = WebAssemblyHostBuilder.CreateDefault(args);

        builder.RootComponents.Add<CodeFlow>("my-codeflow");

        builder.Services.AddHttpClient("ServerAPI", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
                        .AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();

        // Supply HttpClient instances that include access tokens when making requests to the server project
        builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("ServerAPI"));

        builder.Services.AddTransient(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });

        builder.Services.AddOidcAuthentication(cfg =>
        {
            cfg.ProviderOptions.MetadataUrl = "https://localhost:44300/.well-known/openid-configuration";
            cfg.ProviderOptions.ClientId = "openapi_auth_code_flow";
            cfg.ProviderOptions.Authority = "https://localhost:44300/Login";
            cfg.ProviderOptions.ResponseType = "code";
            cfg.ProviderOptions.ResponseMode = "fragment";
            cfg.ProviderOptions.RedirectUri = "https://localhost:44300/swagger/oauth2-redirect.html";
            cfg.AuthenticationPaths.RemoteRegisterPath = "https://localhost:44300/Register";

        });

        await builder.Build().RunAsync();
    }
}

[SteveSandersonMS]

My understanding is that BaseAddressAuthorizationMessageHandler automatically adds the access token to all outgoing requests that are within the BaseAddress URI space. I'm not certain how this is involved in the OpenID Connect Authorization Code Flow though, since I thought you wouldn't have any access token until that flow was completed.

@javiercn or @captainsafia - do you have any suggestions here?

[javiercn]

Yep, I'm not sure what the intent is here. There doesn't seem to be any scope configured, so it is likely there is no token available.

[OrchardSkills]

Sorry Guys. I'm just learning OpenID Connect. How do you go about defining the scope in a Blazor Web Assembly Client Application?

Maybe something like this:

        builder.Services.AddHttpClient("api")
            .AddHttpMessageHandler(sp =>
            {
                var handler = sp.GetService<AuthorizationMessageHandler>()
                    .ConfigureHandler(
                        authorizedUrls: new[] { "https://localhost:44300/" },
                        scopes: new[] {  "openid" });

                return handler;
            });

[javiercn]

We don't attach id tokens to the authorize header, only access tokens. You need to request the token for an API. There is a "DefaultAccessTokenScopes" property you can populate for that.

[OrchardSkills]

Thanks, I'll look into that.