The Authentication State Notifier Service informs the application's authentication infrastructure when the authenticated user has changed. This enables UI and authorization logic to react immediately after sign-in, sign-out, or token changes.

• Publishes an authentication state change signal to the application.
• Integrates with Blazor's AuthenticationStateProvider pipeline so that components and authorization checks can re-evaluate the current user.
• Derives the current ClaimsPrincipal from the latest identity token available in the Token Store.

• StateHasChangedAsync: Called by other services to notify the application that the authentication state has changed.

BlazorAuthenticationStateNotifier is the default implementation. It is designed for Blazor hosting models where the authentication state is controlled via an IHostEnvironmentAuthenticationStateProvider.

Behavior:

• Reads the latest identity token from the Token Store.
• Parses the token into a JWT and builds a ClaimsPrincipal from the token claims.
• Pushes a new AuthenticationState into the Blazor authentication state provider using SetAuthenticationState(...).
• Falls back to an empty ClaimsPrincipal when no identity token is available.

• IHostEnvironmentAuthenticationStateProvider: Receives the updated authentication state.
• Token Store: Supplies the identity token used to build the claims principal.

Typical call sites include:

• The Authentication Service after a successful sign-in.
• Any service that changes the active user context by updating tokens in the Token Store.

Recommended usage pattern:

• Invoke StateHasChangedAsync after persisting the updated identity token.
• Call it after sign-out once tokens have been cleared.

• The service does not initiate authentication flows. It only publishes that the current authentication state should be re-evaluated.
• Principal construction depends on the identity token being a JWT with claims that map sensibly to your authorization model.
• The default implementation sets the authentication type to oidc and uses name and roles as the name and role claim types. If your tokens use different claim types, provide an alternative implementation.

• ASP.NET Core Blazor security and authentication
• AuthenticationStateProvider
• IHostEnvironmentAuthenticationStateProvider
• JWT (RFC 7519)