WebAuthenticator setup confustion

[BigBallard]

Hello! So I am integrating the WebAuthenticator with Auth0 and so far I get everything I need from Auth0 callbacks. However, the AuthenticateAsync method is never returning with results.

The only thing I have not done per direction is setup a custom protocol. Mainly because nothing ever explains how the custom protocol works or what to do with it once it is created. Every example I see has something like myapp:// but how in the world does that work? Is that maybe the reason for it not returning ever?

The "custom" protocol I create right now is just http so I can run a local http listener but that never gets called after Auth0 finishes so I know the WebAuthenticator is not calling it.

var result = await WebAuthenticator.AuthenticateAsync(new Uri(uri), new Uri("http://localhost:3001/auth/token"));

Can someone please explain to me the custom protocol and how it is supposed to work with WebAuthenticator and how I can get the method to return?

Thanks!!!

[dotMorten]

You can't use http. It has to be completely custom and unique to your app. See https://learn.microsoft.com/en-us/windows/uwp/launch-resume/handle-uri-activation

You also need to use that as a redirect uri when you register your app with the oauth provider you're using.

[BigBallard]

Don't know how any of that works but I got it to work. However, it is not completing the authorization code flow. Is the WebAuthenticator meant for a certain oauth/oidc flow?

[dotMorten]

I'm not aware of an oauth2 workflow it doesn't work with, unless you're using Firefox. Sorry I don't have much more to tell you, based on the information available. Perhaps look at the maui oauth doc as well? https://learn.microsoft.com/en-us/dotnet/maui/platform-integration/communication/authentication?tabs=windows
It all works quite similar.

[BigBallard]

Well unfortunately all I get from that is that it doesn't. Authorization code flow is a multi-call exchange for the tokens and my app requires pkcs authorization so this will clearly not work with WebAuthenticator unfortunately which seems to only apply implicit flow. Even that link you gave about Maui starts off with saying to create a custom middleware auth server and then call that to get tokens.

[dotMorten]

aah i see. Yes You'll need to use the provided token to get the other token. Typically that's something your app will need to do on a regular interval and is on you to do.
The O in oauth stands for "overcomplicated".
The webauthenticator api only helps you with the tricky bit of asking the user for credentials and get the result back - it does not handle refreshing your tokens

[BigBallard]

Lol true that my man 🤣 I been working on creating an oidc/oauth competitor in Go and the specs are so convoluted. Well I'm glad I got that much figured out, at least I learned how to open a browser window from the source which will be a big help. Thanks for help 👍