I am working on securing a Blazor WASM site. So far I have a Auth API so that my multiple apps can use one auth service. I also have a Blazor WASM site. I am tying to mimic the Anti-Forgery Tokens that a Asp.Net site would have. Since my site is a Balzor site I cannot write out a anti-forgery token from the server.
When my login page loads I create a get request to the server. The server generates the anti-forgery token and sets it in a http only, site only cookie. From there when the user hits login that cookie is passed back to server. The server then checks to see if the cookie contains a valid anti-forgery token, before performing any tasks.
Is this a secure solution? I have seen where others have used cookies for security, but is my implementation good?