Auth0 .NET SDK
See the version list below for details.
Install-Package Auth0.AuthenticationApi -Version 7.0.0-beta2
dotnet add package Auth0.AuthenticationApi --version 7.0.0-beta2
<PackageReference Include="Auth0.AuthenticationApi" Version="7.0.0-beta2" />
paket add Auth0.AuthenticationApi --version 7.0.0-beta2
Version 7.0.0 beta 2
- No longer ensures that IAT (issued at) claims in ID Tokens are in the future to better deal with
the local clock being slow.
Version 7.0.0 beta 1
**Many breaking changes**
A migration guide will be produced while the beta runs and made available before GA. The summary is:
- Authentication SDK includes all-new ID Token Validation which will now validate H256.
- If your app is configured for HS256 and is confidential such as a web server then you will need to
set SigningAlgorithm to `SigningAlgorithm.HS256` on your `AuthenticationApiClient` requests.
- If your app is configured for HS256 and is NOT confidential such as a native client you should
reconfigure your app for RS256 as soon as possible.
- If your app is configured for RS256 no changes are required. JWKS caches are now only valid for
10 minutes and will not cache the JWKS keys indefinitely.
- Improved testing and mocking support. You can now mock `IAuthenticationConnection` /
`IManagementConnection` classes to provide local unit-testing functionality for
`AuthenticationApiClient` and `ManagementApiClient` respectively. Each has just two methods that
can be mocked - one for `GET` and one for other HTTP verbs.
- Many classes moved namespace especially ones that were in `Core` as part of the long-term plan to
only have AuthenticationApi and ManagementApi packages. Visual Studio should be able to suggest
where classes you were using now reside.
- Disposal is now more consistent. If `AuthenticationApiClient` or `ManagementApiClient` create a
connection for you they will manage its lifecycle. If you pass in a connection then it will be your
responsibility to manage it. This also applies to how `HttpClientAuthenticationConnection` and
`HttpClientManagementConnection` will only dispose of a `HttpClient` they create and not ones they
- Rate Limiting information is now only available on the `RateLimitApiException` which is raised when
the rate limit is exceeded.
- `ApiException` is now `ErrorApiException`. If you use the status code or error message on exception
you will need to switch to catching the later. The former is now a base class that does not have
this information but ensures any old catch `ApiException` will continue to catch rate limit
exceptions which also now inherit from this class.
- Microsoft recommends `HttpClient` is reused as much as possible. Therefore you should use
dependency injection or inversion of control to ensure that either a single instance of
`AuthenticationApiClient` / `ManagementApiClient` or its connections `HttpClientXConnection` are
created to ensure sharing. These classes are now thread-safe. You can additionally share
`HttpClient` objects between them if you wish by injecting it into the `HttpClientXConnection`
- Signup API result now handles custom databases returning variations of "id" name
- Fix EnrollmentAuthMethod.Authenticator enum name
- ClientBase now has property for `initiate_login_uri`
- SECURITY FIX for CVE-2019-16929. See
https://github.com/auth0/auth0.net/blob/master/SECURITY-NOTICE.md#idtokenvalidator-public for more details.
WARNING: If you generate tokens in your project via System.IdentityModel.Tokens.Jwt
please read the important notice at https://github.com/auth0/auth0.net/issues/300
- Upgraded System.IdentityModel.Tokens.Jwt to 5.5 to fix incompatible kid
- Upgraded Microsoft.IdentityModel.Protocols.OpenIdConnect to 5.5
- Add ClientId to VerifyEmailJobRequest
- Updated all test dependencies (xunit, FluentAssertions, .NET Test SDK)
- Removed unused Console Workbench project
- UserClient.GetEnrollments now correctly passes user id.
- User and role permissions endpoints in UsersClient and RolesClient paging fix.
- Assembly is now strong-name-signed so it can be used by other strong-name-signed packages.
- NOTE: This is code signing only using a non-secret key. It is not authenticode or tamper protection.
- User and role permissions endpoints in UsersClient and RolesClient now correctly honoring paging.
- User model optional fields (CreatedAt, UpdatedAt, LastLogin) are now nullable.
- TenantSettings lifetimes are now double not integer.
- Added various Guardian-related endpoints on UserClient.
- Missing Tenant settings now available (device flow, Guardian MFA, Change Password, flags etc.
- Added client_id to GetDeviceCredentials response
- Added various user properties to UserUpdateRequest
- New user permission endpoints added to UsersClient
- New role permission endpoints added to RolesClient
- AuthenticationApiClient now implements IDisposable to dispose ApiConnection and HttpClient
- Added various new and missing properties to Resource Servers (ResourceServerBase)
- New GuardianClient for managing /guardian endpoints
- New RolesClient for managing /roles endpoints
- PasswordChangeTicket now has IncludeEmailInRedirect and MailEmailAsVerified
- ApiConnection now has Dispose to dispose the HttpClient it creates
- ManagementApiClient now has Dispose to dispose the ApiConnection it creates
- XML documentation tweaks
- Dependencies updated
See our migration guide at https://github.com/auth0/auth0.net/blob/prepare-6.0.0/docs-source/migrating.md
- All I*Client interfaces have been removed so adding endpoints is no longer breaking
- IManagementApi interface was removed so adding new clients is no longer breaking
- All non-paging GetAll methods have been removed
- DiagnosticsHeader/DiagnosticsComponent are no longer available
This package is not used by any popular GitHub repositories.