Invalidate Cached WASM Auth Token on Authentication State Change (#36358)

* Invalidate Cached WASM Auth Token on Authentication State Change

* PR Feedback

* Remove Public API

Author: TanayParikh

src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs

@@ -85,7 +85,7 @@ public class RemoteAuthenticatorViewCore<TAuthenticationState> : ComponentBase w
         [Parameter] public EventCallback<TAuthenticationState> OnLogOutSucceeded { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="IJSRuntime"/> to use for performin JavaScript interop.
+        /// Gets or sets the <see cref="IJSRuntime"/> to use for performing JavaScript interop.
         /// </summary>
         [Inject] internal IJSRuntime JS { get; set; }
 

src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AuthorizationMessageHandler.cs

@@ -1,13 +1,10 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Threading;
-using System.Threading.Tasks;
+using Microsoft.AspNetCore.Components.Authorization;
 
 namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication
 {
@@ -16,10 +13,11 @@ namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication
     /// Access tokens will only be added when the request URI is within one of the base addresses configured using
     /// <see cref="ConfigureHandler(IEnumerable{string}, IEnumerable{string}, string)"/>.
     /// </summary>
-    public class AuthorizationMessageHandler : DelegatingHandler
+    public class AuthorizationMessageHandler : DelegatingHandler, IDisposable
     {
         private readonly IAccessTokenProvider _provider;
         private readonly NavigationManager _navigation;
+        private readonly AuthenticationStateChangedHandler _authenticationStateChangedHandler;
         private AccessToken _lastToken;
         private AuthenticationHeaderValue _cachedHeader;
         private Uri[] _authorizedUris;
@@ -36,6 +34,13 @@ public AuthorizationMessageHandler(
         {
             _provider = provider;
             _navigation = navigation;
+
+            // Invalidate the cached _lastToken when the authentication state changes
+            if (_provider is AuthenticationStateProvider authStateProvider)
+            {
+                _authenticationStateChangedHandler = _ => { _lastToken = null; };
+                authStateProvider.AuthenticationStateChanged += _authenticationStateChangedHandler;
+            }
         }
 
         /// <inheritdoc />
@@ -120,5 +125,15 @@ public AuthorizationMessageHandler ConfigureHandler(
 
             return this;
         }
+
+
+        void IDisposable.Dispose()
+        {
+            if (_provider is AuthenticationStateProvider authStateProvider)
+            {
+                authStateProvider.AuthenticationStateChanged -= _authenticationStateChangedHandler;
+            }
+            Dispose(disposing: true);
+        }
     }
 }

src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Properties/launchSettings.json

@@ -11,6 +11,7 @@
     "Wasm.Authentication.Server": {
       "commandName": "Project",
       "launchBrowser": true,
+      "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
@@ -19,6 +20,7 @@
     "IIS Express": {
       "commandName": "IISExpress",
       "launchBrowser": true,
+      "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }