Auth0Net.DependencyInjection 3.2.0

dotnet add package Auth0Net.DependencyInjection --version 3.2.0                
NuGet\Install-Package Auth0Net.DependencyInjection -Version 3.2.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Auth0Net.DependencyInjection" Version="3.2.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Auth0Net.DependencyInjection --version 3.2.0                
#r "nuget: Auth0Net.DependencyInjection, 3.2.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Auth0Net.DependencyInjection as a Cake Addin
#addin nuget:?package=Auth0Net.DependencyInjection&version=3.2.0

// Install Auth0Net.DependencyInjection as a Cake Tool
#tool nuget:?package=Auth0Net.DependencyInjection&version=3.2.0                

Auth0.NET Dependency Injection Extensions

NuGet Nuget

<h1 align="center"> <img align="center" src="" height="130px" /> </h1>

Integrating Auth0.NET into your project whilst following idiomatic .NET conventions can be cumbersome and involve a sizable amount of boilerplate shared between projects.

This library hopes to solve that problem, featuring:

✅ Extensions for Microsoft.Extensions.DependencyInjection.

✅ Automatic access token caching & renewal for the Management API and your own REST & Grpc services

HttpClientFactory integration for centralized extensibility and management of the internal HTTP handlers.

IHttpClientBuilder extensions, providing handlers to automatically append access tokens to outgoing requests.

This library is compatible with all .NET Standard 2.0 runtimes (.NET 6+ recommended) and is suitable for use in ASP.NET Core and standalone .NET Generic Host applications.


Add Auth0Net.DependencyInjection to your project:

Install-Package Auth0Net.DependencyInjection


Authentication Client Only


If you're simply using the AuthenticationApiClient and nothing else, you can call AddAuth0AuthenticationClientCore and pass in your Auth0 Domain. This integration is lightweight and does not support any other features of this library.


You can then request the IAuthenticationApiClient within your class:

public class AuthController : ControllerBase
    private readonly IAuthenticationApiClient _authenticationApiClient;

    public AuthController(IAuthenticationApiClient authenticationApiClient)
        _authenticationApiClient = authenticationApiClient;

Authentication Client + Management Client


Add the AuthenticationApiClient with AddAuth0AuthenticationClient, and provide a machine-to-machine application configuration that will be consumed by the Management Client, Token Cache and IHttpClientBuilder integrations. This extension must be called before using any other extensions within this library:

services.AddAuth0AuthenticationClient(config =>
   config.Domain = builder.Configuration["Auth0:Domain"];
   config.ClientId = builder.Configuration["Auth0:ClientId"];
   config.ClientSecret = builder.Configuration["Auth0:ClientSecret"];

Add the ManagementApiClient with AddAuth0ManagementClient() and add the DelegatingHandler with AddManagementAccessToken() that will attach the Access Token automatically:


Ensure your Machine-to-Machine application is authorized to request tokens from the Managment API and it has the correct scopes for the features you wish to use.

You can then request the IManagementApiClient (or IAuthenticationApiClient) within your services:

public class MyAuth0Service : IAuth0Service
    private readonly IManagementApiClient _managementApiClient;

    public MyAuth0Service(IManagementApiClient managementApiClient)
        _managementApiClient = managementApiClient;
Handling Custom Domains

If you're using a custom domain with your Auth0 tenant, you may run into a problem whereby the audience of the Management API is being incorrectly set. You can override this via the Audience property:

    .AddManagementAccessToken(c =>
        c.Audience = "";

With HttpClient and/or Grpc Services (Machine-To-Machine tokens)


Note: This feature relies on services.AddAuth0AuthenticationClient(config => ...) being called and configured as outlined in the previous scenario.

This library includes a delegating handler - effectively middleware for your HttpClient - that will append an access token to all outbound requests. This is useful for calling other services that are protected by Auth0. This integration requires your service implementation to use IHttpClientFactory as part of its registration. You can read more about it here


Use AddAccessToken along with the required audience:

services.AddHttpClient<MyHttpService>(x => x.BaseAddress = new Uri(builder.Configuration["MyHttpService:Url"]))
        .AddAccessToken(config => config.Audience = builder.Configuration["MyHttpService:Audience"]);

This extension is compatible with any registration that returns a IHttpClientBuilder, thus it can be used with Grpc's client factory:

services.AddGrpcClient<UserService.UserServiceClient>(x => x.Address = new Uri(builder.Configuration["MyGrpcService:Url"]))
        .AddAccessToken(config => config.Audience = builder.Configuration["MyGrpcService:Audience"]);

AddAccessToken also has an option for passing in a func that can resolve the audience at runtime. This can be useful if your expected audiences always follow a pattern, or if you rely on service discovery, such as from Steeltoe.NET:

services.AddHttpClient<MyHttpService>(x=> x.BaseAddress = new Uri("https://MyServiceName/"))
        .AddAccessToken(config => config.AudienceResolver = request => request.RequestUri.GetLeftPart(UriPartial.Authority));

Client Lifetimes

Both the authentication and authorization clients are registered as singletons and are suitable for injection into any other lifetime.


Both a .NET Generic Host and ASP.NET Core example are available in the samples directory.

Internal Cache

The Auth0TokenCache will cache a token for a given audience until at least 95% of the expiry time. If a request to the cache is made between 95% and 99% of expiry, the token will be refreshed in the background before expiry is reached.

An additional 1% of lifetime is removed to protect against clock drift between distributed systems.

In some situations you might want to request an access token from Auth0 manually. You can achieve this by injecting IAuth0TokenCache into a class and calling GetTokenAsync with the audience of the API you're requesting the token for.

An in-memory-only instance of FusionCache is used as the caching implementation. This instance is named and will not impact other usages of FusionCache.


This library exposes a simple string extension, ToHttpsUrl(), that can be used to format the naked Auth0 domain sitting in your configuration into a proper URL.

This is identical to https://{Configuration["Auth0:Domain"]}/ that you usually end up writing somewhere in your Startup.cs.

For example, formatting the domain for the JWT Authority:

.AddJwtBearer(options =>
                 // "" -> ""
                 options.Authority = builder.Configuration["Auth0:Domain"].ToHttpsUrl();


I am not affiliated with nor represent Auth0. All implementation issues regarding the underlying ManagementApiClient and AuthenticationApiClient should go to the official Auth0.NET Respository.

License notices

Icons used under the MIT License from the Identicons pack.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
3.2.0 16,928 3/8/2024
3.1.0 19,615 12/21/2023
3.0.0 39,435 6/20/2023
2.0.0 98,494 11/12/2022
1.7.0 7,952 8/30/2022
1.6.0 62,424 2/22/2022
1.5.0 12,623 8/27/2021
1.4.1 927 8/5/2021
1.4.0 3,581 4/3/2021
1.3.0 1,001 12/3/2020
1.2.0 408 11/27/2020
1.1.0 421 11/24/2020
1.0.0 422 11/24/2020