We are thrilled to announce the beta release of our brand-new resource server SDK: Auth0.AspNetCore.Authentication.Api. This new SDK is designed to simplify and streamline the process of securing your ASP.NET Core APIs using Auth0, offering a modern, easy-to-use experience built on the latest ASP.NET Core idioms.
Why a New SDK?
While existing packages like Microsoft.AspNetCore.Authentication.JwtBearer provide a solid foundation for JWT authentication, they often present certain limitations. For example, as of now, the Microsoft package does not natively include support for the OAuth 2.0 Demonstration of Proof-of-Possession (DPoP) specification, which is crucial for enhanced security in certain scenarios. Integrating the expanding feature set supported by Auth0 becomes challenging when relying on third-party libraries.
Auth0.AspNetCore.Authentication.Api provides a cleaner, more intuitive way to integrate token validation and authorization into your services. It leverages the power of Microsoft.AspNetCore.Authentication.JwtBearer while abstracting away the complex configuration and policy setup needed to work with Auth0.
Key Features
The new Auth0.AspNetCore.Authentication.Api SDK provides a comprehensive, single-package solution for securing your APIs:
- Complete JWT Bearer functionality: Full compatibility with all features from
Microsoft.AspNetCore.Authentication.JwtBearer. - Built-in DPoP support: Enhanced security with Demonstrating-Proof-Of-Possession security as defined by RFC 9449.
- Auth0 optimized: Pre-configured settings to align with standard Auth0 authentication patterns.
- Flexible configuration: Utilizes the options pattern, providing full access to the underlying JWT Bearer configuration.
- Zero lock-in: Benefit from DPoP enhancements while retaining the ability to use standard JWT Bearer features.
Get started today!
Integrating the new SDK is straightforward. The main steps involve installing the NuGet package and configuring it in your Program.cs or Startup.cs file.
Installation
Pre-requisites
- .NET 8 or above
You can download the package from NuGet OR use the command below to configure the latest version of the package in your project.
dotnet add package Auth0.AspNetCore.Authentication.Api
Configuration example
Here is a quick look at the configuration in an ASP.NET Core minimal API project:
using Auth0.AspNetCore.Authentication.Api; using Microsoft.AspNetCore.Authentication.JwtBearer; var builder = WebApplication.CreateBuilder(args); builder.Services.AddAuth0ApiAuthentication(options => { options.Domain = builder.Configuration["Auth0:Domain"]; options.JwtBearerOptions = new JwtBearerOptions { Audience = builder.Configuration["Auth0:Audience"] }; }); builder.Services.AddAuthorization(); var app = builder.Build(); if (!app.Environment.IsDevelopment()) { app.UseHttpsRedirection(); } app.UseAuthentication(); app.UseAuthorization(); // Public endpoint - no authentication required app.MapGet("/api/public", () => Results.Ok(new { Message = "This endpoint is public" })) .WithName("GetPublic"); // Protected endpoint - requires authentication app.MapGet("/api/private", () => Results.Ok(new { Message = "This endpoint requires authentication" })) .RequireAuthorization() .WithName("GetPrivate"); app.Run();
Start Integrating Today
The code presented above constitutes the basic use of the SDK, intended solely to provide a generalized overview of its straightforward application.
To get started with a more detailed walkthrough, please refer to our Quick Start guide.
For users who are migrating from the Microsoft.AspNetCore.Authentication.JwtBearer package, our Migration Guide offers necessary instructions.
Additionally, to explore advanced scenarios such as DPoP and others, see our list of Examples
The Auth0.AspNetCore.Authentication.Api SDK is currently in beta release. Your feedback and contributions are welcome!
If you encounter any issues or have suggestions, please feel free to raise an issue on our GitHub repository.
About the author
Kailash B
Senior Software Engineer