Hello, congratulations for this amazing project. The issue is when you want to register a new user when clicking on register the page only returns to the login page, but does not show any notification to the user of what happened so that he can know what the error is and can correct them , I also consider that it should not return to the login page if there is an error to give the user the opportunity to correct the errors and not rewrite all the fields again. I don't know if this only happens to me, anyway thanks for your attention. Regards

Hmm... Interesting bug...

Apparently in SubmitAsync() after the call to SelfRegister is done, the page is already back to /login. Even though no call to Navigation.NavigateTo("...") has been executed.

I don't really understand what's going on...

Hello, I think I found a solution, comment the line where a redirection to the login page is made, about the JwtAuthenticationHeaderHandler class, I think that the access control to pages that do not have anonymous access is done from App.razor.
It is not that there is an error in not showing the validations, but that before we can see them the application had already made the redirection to the login page, I consider that this change does not affect the complete operation of the application.

If I want to enter the brand page, it does not give me access and returns me to the login page

what do you think?

Ok, I was already thinking it had probably something to do with that... but I commented out the other part (in App.razor) in stead... but that got me nowhere... didn't think about the JwtAuthenticationHeaderHandler...

I see I actually made that change where that navigateTo("/login") happens. GetAccessToken returns null means that the user isn't authenticated, so it should redirect to login in that case...

I think the issue here is rather that the authorization header doesn't need to be set for the "SelfRegister" call, just like it isn't set for the "tokens" calls... so I think the "fix" should be something like this in stead:

    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        // skip token and self-register endpoints
        if (request.RequestUri?.AbsolutePath.Contains("/tokens") is not true &&
            request.RequestUri?.AbsolutePath.Contains("/self-register") is not true)
        {
            if (await _tokenProviderAccessor.TokenProvider.GetAccessTokenAsync() is string token)
            {
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
            }
            else
            {
                _navigation.NavigateTo("/login");
            }
        }

        return await base.SendAsync(request, cancellationToken);
    }

Actually it shouldn't be set for any requests that doesn't need the user to be signed in... that also includes the confirm-email, confirm-phone-number and forgot-password calls...

Ok, if someone has in the future the need to add an anonymous access page, they would have to add it there, also thinking of someone new to the project, you consider that it is the best way to maintain a simple configuration and maintain the
application security?...

Yeah I know... it's not the best way to handle this... It could be generated somehow by examining the swagger.json... or maybe there are other ways...
It's just that this is now the most pragmatic way... anything else would need some research/design first...

perfect, i'll do that, thanks for the help

Would you mind creating a PR with that change, once you get it working properly?

sure!