Nedo.AspNet.Authentication.TokenManagement 2.0.9

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package Nedo.AspNet.Authentication.TokenManagement --version 2.0.9
                    


                    

                
NuGet\Install-Package Nedo.AspNet.Authentication.TokenManagement -Version 2.0.9
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Nedo.AspNet.Authentication.TokenManagement" Version="2.0.9" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Nedo.AspNet.Authentication.TokenManagement" Version="2.0.9" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Nedo.AspNet.Authentication.TokenManagement" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Nedo.AspNet.Authentication.TokenManagement --version 2.0.9
                    


                    

                
#r "nuget: Nedo.AspNet.Authentication.TokenManagement, 2.0.9"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Nedo.AspNet.Authentication.TokenManagement@2.0.9
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Nedo.AspNet.Authentication.TokenManagement&version=2.0.9
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Nedo.AspNet.Authentication.TokenManagement&version=2.0.9
                    


                            Install as a Cake Tool

Nedo.AspNet.Authentication.TokenManagement

Access-token forwarding + proactive refresh + client-credentials acquisition for service-to-service calls. Pair with HttpClientFactory so your downstream calls automatically pick up the right token without per-call boilerplate.

Install

dotnet add package Nedo.AspNet.Authentication.TokenManagement

What it does

  • ITokenManager — central token surface. Returns a fresh access token for a named client, refreshing transparently when the cached one is within the ProactiveRefreshThreshold.
  • ITokenStore — pluggable persistence (default: in-memory; swap for IDistributedCache / Redis / EF for multi-instance hosts).
  • AddTokenForwarding(clientName)HttpClient integration. Adds the Authorization: Bearer … header on every outbound request to the named downstream API, refreshing as needed.

Quickstart — forward the caller's token to a downstream API

using Nedo.AspNet.Authentication.TokenManagement;

builder.Services.AddTokenManagement();

builder.Services
    .AddHttpClient("downstream-api", c => c.BaseAddress = new("https://api.internal/"))
    .AddTokenForwarding();   // injects Authorization header from the current request

// In a handler:
public class OrdersService(IHttpClientFactory factory)
{
    public Task<HttpResponseMessage> GetAsync()
        => factory.CreateClient("downstream-api").GetAsync("/orders");
    // ↳ outbound request carries the caller's bearer token automatically
}

Quickstart — client-credentials for unattended jobs

builder.Services.AddTokenManagement(opts =>
{
    opts.AddClient("background-worker", c =>
    {
        c.Authority    = "https://idp.example.com";
        c.ClientId     = "worker";
        c.ClientSecret = builder.Configuration["Worker:Secret"];
        c.Scope        = "api.read api.write";
    });
});

// In a job:
public class NightlyReport(ITokenManager tokens, IHttpClientFactory factory)
{
    public async Task RunAsync(CancellationToken ct)
    {
        var token = await tokens.GetAccessTokenAsync("background-worker", ct);
        var client = factory.CreateClient("downstream-api");
        client.DefaultRequestHeaders.Authorization = new("Bearer", token);
        // …
    }
}

Why use this

  • Proactive refresh — tokens within ProactiveRefreshThreshold of expiry are refreshed before the next outbound call, avoiding the "401 → refresh → retry" round-trip on every request.
  • Single source of truth — one cache shared across HttpClient instances; no race-condition refresh storms.
  • No per-handler boilerplate — the AddTokenForwarding() extension wires the DelegatingHandler so domain code stays clean.

Docs

docs/06-token-management.md — full guide including ITokenStore swapping, multi-instance considerations, scope handling.

Package Role
Nedo.AspNet.Authentication Required peer — provides IAuthContext so the forwarding handler knows which token to forward.

License

MIT — see LICENSE.

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.0.9 98 5/11/2026
2.0.8 88 5/6/2026
2.0.7 91 5/5/2026
2.0.6 87 5/5/2026
2.0.4 85 5/4/2026
2.0.3 84 5/4/2026
2.0.2 94 5/2/2026
2.0.1 82 5/2/2026
2.0.0 84 5/1/2026