Auth0 .NET SDK
See the version list below for details.
Install-Package Auth0.AuthenticationApi -Version 7.0.0-beta1
dotnet add package Auth0.AuthenticationApi --version 7.0.0-beta1
<PackageReference Include="Auth0.AuthenticationApi" Version="7.0.0-beta1" />
paket add Auth0.AuthenticationApi --version 7.0.0-beta1
Many breaking changes. A migration guide will be produced while the beta runs and
made available before GA. The summary is:
- Authentication SDK includes all-new ID Token Validation which will now validate H256.
- If your app is configured for HS256 and is confidential such as a web server then you will
need to set SigningAlgorithm to SigningAlgorithm.HS256 on your AuthenticationApiClient requests.
- If your app is configured for HS256 and is NOT confidential such as a native client you should
reconfigure your app for RS256 as soon as possible.
- If your app is configured for RS256 no changes are required. JWKS caches are now only valid for
10 minutes and will not cache the JWKS keys indefinitely.
- Improved testing and mocking support. You can now mock IAuthenticationConnection and/or
IManagementConnection classes to provide local unit-testing functionality against
AuthenticationApiClient and ManagementApiClient respectively. Each has just two methods that can be
mocked - one for GET and one for other HTTP verbs.
- Many classes moved namespace especially ones that were in "Core" as part of the long-term plan to
only have AuthenticationApi and ManagementApi packages. Visual Studio should be able to suggest where
classed you were using now reside.
- Disposal is now more consistent. If an AuthenticationApiClient or ManagementApiClient create a
connection for you they will manage its lifecycle. If you pass in a connection then it will be your
responsibility to manage it. This also applies to how HttpClientAuthenticationConnection and
HttpClientManagementConnection will only dispose of HttpClients they create and not ones they are given.
- Rate Limiting information is now only available on the RateLimitApiException which is raised when
the rate limit is exceeded.
- ApiException is now ErrorApiException. If you relied on the status code or error message of this exception
you will need to switch to catching the later. The former is now a base class without this information
that ensures any old catch ApiException will continue to catch rate limit exceptions which also now
inherit from this class.
- Microsoft recommend HttpClient is reused as much as possible. Therefore you should use dependency
injection or inversion of control to ensure that either a single instance of AuthenticationApiClient /
ManagementApiClient or it's connections HttpClient*Connection are create to ensure sharing. These
classes are now thread-safe. You can additionally share HttpClient objects between them if you wish
by injecting it into the HttpClient*Connection constructor.
- Signup API result now handles custom databases returning variations of "id" name
- Fix EnrollmentAuthMethod.Authenticator enum name
- ClientBase now has property for `initiate_login_uri`
- SECURITY FIX for CVE-2019-16929. See
https://github.com/auth0/auth0.net/blob/master/SECURITY-NOTICE.md#idtokenvalidator-public for more details.
WARNING: If you generate tokens in your project via System.IdentityModel.Tokens.Jwt
please read the important notice at https://github.com/auth0/auth0.net/issues/300
- Upgraded System.IdentityModel.Tokens.Jwt to 5.5 to fix incompatible kid
- Upgraded Microsoft.IdentityModel.Protocols.OpenIdConnect to 5.5
- Add ClientId to VerifyEmailJobRequest
- Updated all test dependencies (xunit, FluentAssertions, .NET Test SDK)
- Removed unused Console Workbench project
- UserClient.GetEnrollments now correctly passes user id.
- User and role permissions endpoints in UsersClient and RolesClient paging fix.
- Assembly is now strong-name-signed so it can be used by other strong-name-signed packages.
- NOTE: This is code signing only using a non-secret key. It is not authenticode or tamper protection.
- User and role permissions endpoints in UsersClient and RolesClient now correctly honoring paging.
- User model optional fields (CreatedAt, UpdatedAt, LastLogin) are now nullable.
- TenantSettings lifetimes are now double not integer.
- Added various Guardian-related endpoints on UserClient.
- Missing Tenant settings now available (device flow, Guardian MFA, Change Password, flags etc.
- Added client_id to GetDeviceCredentials response
- Added various user properties to UserUpdateRequest
- New user permission endpoints added to UsersClient
- New role permission endpoints added to RolesClient
- AuthenticationApiClient now implements IDisposable to dispose ApiConnection and HttpClient
- Added various new and missing properties to Resource Servers (ResourceServerBase)
- New GuardianClient for managing /guardian endpoints
- New RolesClient for managing /roles endpoints
- PasswordChangeTicket now has IncludeEmailInRedirect and MailEmailAsVerified
- ApiConnection now has Dispose to dispose the HttpClient it creates
- ManagementApiClient now has Dispose to dispose the ApiConnection it creates
- XML documentation tweaks
- Dependencies updated
See our migration guide at https://github.com/auth0/auth0.net/blob/prepare-6.0.0/docs-source/migrating.md
- All I*Client interfaces have been removed so adding endpoints is no longer breaking
- IManagementApi interface was removed so adding new clients is no longer breaking
- All non-paging GetAll methods have been removed
- DiagnosticsHeader/DiagnosticsComponent are no longer available
- Add TokenLifetimeForWeb to ResourceServerBase
- Documentation fixes, improvements, sync with portal, remove old v4 breaking changes
- Changes to await behavior to stop locking in some scenarios
- Update XUnit dependencies
- Add support for managing custom domains
- Add AccessTokenSecret property for Twitter identities
- Validation of ID Tokens when calling any of the /oauth/token endpoints
- Expanded properties for the LogEntry class to include all properties returned in the payload
- Fix issue where Rate Limit headers were not extracted when an error was returned from the API
- Add ability to send auth0-forwarded-for header with the Resource Owner Password grant
- Fix issue with incorrect escaping of data strings in URLs
- Add extra application types for the Clients-related endpoints
- Adds server time to API Info to more accurately determine time to rate limit resets
- Add pagination methods for Client Grants, Resource Servers and Rules
- Made all pagination methods consistent by introducing Get*Request and PaginationInfo classes
- Allow passing HttpClient to constuctor of AuthenticationApiClient and ManagementApiClient so you can manage lifetime outside of the Auth0 classes. Thank you @davidallyoung!
- Updated LoginRequestQuery with additional fields passed from rules
- Add GetLastApiInfo() to IAuthenticationApiClient
- Adds paging when returning a list Clients and connections
- Change in Target Frameworks. Now targets .NET 4.5.2 (and higher), .NET Standard 1.1 and .NET Standard 2.0. Along with this made changes to how System.Net.Http is referenced.
- Fix RelayState parameter casing (#186)
- Fix issue with deserialization of user log entries (#184)
- Allow management of email templates
- [BREAKING CHANGE] Fixed bug when specifying SMTP provider port. Data type was changed from string to int?
- Allow specifying metadata for connections
- Update to remove methods for endpoints related to 1 April 2018 deprecations
- Various small additions to models for Management API
This package is not used by any popular GitHub repositories.