I have two separate projects:
Both have their own separate databases.
So far I have been able to get the two to communicate so that the Blazor app automatically redirects to the identity provider upon regonising that nobody is logged in. The user can then sign in to the identity provider and they are redirected back to the Blazor app where their claims are displayed.
The Blazor app is going to require lots of user permissions that are relevant to this app only. What I intend to do is have a separate user details table in the Blazor database which I then reference for these permissions after the user has been authenticated.
What I'm struggling to figure out is this: when the identity provider returns the user to Blazor with their relevant claims, how do I then use these claims (specifically, the email address claim) to look up the user in my Blazor user details database so that I can get their permissions and store them in session? Ors should I be storing this extra information as additional claims?
the AddOpenIDConnect handler in Blazor provides various event handlers that you can hook into, espcially the OnTokenValidated eventhanler.
This handler is a perfect opportunity to lookup the local user infomation based on for example the subject (sub) clain in the received ID-token.
I think this blog post here provides a good intoduction on how to do it.
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging OpenID Connect claim problems in ASP.NET Core