Blazor access to management claims

[josephdecock]

The management claims are tricky to access from blazor interactive render modes. In Auto mode, we get pre-rendering, then blazor server, then blazor wasm, and in interactive wasm mode, we get pre-rendering and then blazor wasm. In both cases, there are times when the component is rendered where we don't have access to the management claims (they are only available from wasm when it calls the bff/userinfo endpoint).

When there isn't access to management claims, anything that relies on them will be inconvenient to implement. The thing that relies on them most often is logout. The logout url uses the sid as a form of csrf protection, and we build that url and make it available to the ui through the management claims. It's inconvenient to build that url in the ui every time (we have logic to respect the base path of the server, the option that controls the path to bff endpoints, and extract and encode the sid).

One idea is to capture the management claims and copy them into the session in the cookie handler's events. An earlier version of the blazor packages tried that. But it added breaking changes to the non-blazor packages, and it goes against the design of the management claims, which is that they are claims that we don't want to put into the session.

We need to consider what we want to do here in more detail. Maybe we should add a convenience function for constructing the logout url? Unclear what we would do with the other management claims - perhaps we don't need to support them from blazor?