custom authentication and authorization

[PhotoSonic]

I would like to have slightly different login process.

If user is not authenticated I would like to redirect it to custom login page and use identity server4 (or other custom way to auth user). In Oqtane client project I see App.razor CascadingAuthenticationState is used but I dont want to chage/modify file. Can I override it somehow?

Also how can I create multiple/different Layouts (with or without AuthorizeView) so I can use it on multiple pages?

Thank you!

[sbwalker]

Oqtane currently supports a Backends for Frontends (BFF) architecture pattern using standard cookies ( it does not use access tokens or refresh tokens ). All security is implemented in the trusted back-end which supports both Blazor Server and Blazor WebAssembly hosting models. In this approach, APIs must be hosted on the same domain as the client - which is the most common deployment scenario for Oqtane.

The future product roadmap does include "Authentication Extensibility" as an enhancement for the 2.2 release - however the exact scope of that feature has not yet been defined.

[rossmcphee]

Seems to be slated for 2.3 rather than 2.2.

[sbwalker]

Correct - it was moved to 2.3 and the timeline for release is still not firm as there are other items taking priority.

[vzdesic]

The reason why many of us are eager to use Oqtane is because it offers great and systematic way to build Microfrontends above software products based on microservices architecture. We are all working in the environment where authentication and authorization relies on some of the available Identity Servers. So, without this feature Oqtane is not useful for us.

This is last critical feature which will bring a lot to us. After that life is easy. If there is any blocking issue we also have to know as soon as possible.

This feature must be priority number one.

Thanks,
Vedran