Vefa.CustomAuth.AspNetCore 3.0.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Vefa.CustomAuth.AspNetCore --version 3.0.0
                    


                    

                
NuGet\Install-Package Vefa.CustomAuth.AspNetCore -Version 3.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Vefa.CustomAuth.AspNetCore" Version="3.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Vefa.CustomAuth.AspNetCore" Version="3.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Vefa.CustomAuth.AspNetCore" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Vefa.CustomAuth.AspNetCore --version 3.0.0
                    


                    

                
#r "nuget: Vefa.CustomAuth.AspNetCore, 3.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Vefa.CustomAuth.AspNetCore@3.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Vefa.CustomAuth.AspNetCore&version=3.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Vefa.CustomAuth.AspNetCore&version=3.0.0
                    


                            Install as a Cake Tool

Vefa.CustomAuth.AspNetCore

ASP.NET Core endpoint and dependency injection integration for Vefa.CustomAuth.

This package maps OAuth2 and OpenID Connect endpoints and registers the runtime services used by the authorization server.

Typical Usage

builder.Services
    .AddCustomAuth(options =>
    {
        options.Issuer = "https://auth.example.com";
    })
    .AddJwtTokenSigning();

app.MapCustomAuthEndpoints();

Register a persistence provider separately, such as Vefa.CustomAuth.EntityFrameworkCore or Vefa.CustomAuth.MongoDB.

Endpoints

GET  /.well-known/openid-configuration
GET  /.well-known/jwks.json
GET  /connect/authorize
POST /connect/token
GET  /connect/logout
POST /connect/logout
GET  /connect/userinfo
POST /connect/userinfo
POST /connect/revoke
POST /login

This package ships no HTML. The host application owns the login and logout confirmation pages. POST /login validates the antiforgery token and credentials, opens an SSO session, and redirects; on failure it redirects back to LoginPath with ?error=<code>&returnUrl=<orig>. The host renders the GET login page and surfaces the error code.

Grant types

The token endpoint dispatches each request to a registered ICustomAuthGrantHandler (Vefa.CustomAuth.AspNetCore.Endpoints.Grants) keyed by grant_type. Built-in handlers cover:

  • authorization_code (with PKCE)
  • refresh_token
  • client_credentials — confidential machine-to-machine clients. Requires a confidential TokenEndpointAuthMethod and the per-client opt-in CustomAuthClient.AllowClientCredentials. Issues an access token only (no ID token, no refresh token), with sub set to the client id.

Register an additional ICustomAuthGrantHandler to add a custom grant; a registration whose GrantType matches a built-in grant overrides it (last registration wins).

Relying-Party Integration

The same package ships the client-side OpenID Connect integration so relying-party applications do not have to hand-wire cookie and OpenID Connect authentication.

builder.Services.AddCustomAuthClient(options =>
{
    options.Authority = "https://auth.example.com";
    options.ClientId = "web-app";
    options.AdditionalScopes.Add("sample-api");
});

app.MapCustomAuthSignOut("/logout");

AddCustomAuthClient configures code flow with PKCE, saves tokens, and requests openid profile email offline_access by default. MapCustomAuthSignOut pairs cookie sign-out with the upstream OpenID Connect end-session call.

Security Notes

Keep PKCE enabled, use exact redirect URI matching, and configure HTTPS in production.

Refresh tokens require client refresh-token support and the offline_access scope. They are rotated on use, have sliding and absolute expiration, and detect reuse of consumed tokens.

The client credentials grant requires confidential client authentication (private_key_jwt); public clients cannot use it.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Vefa.CustomAuth.AspNetCore:

Package Downloads
Vefa.CustomAuth.Server

OAuth2 / OpenID Connect based custom SSO library for ASP.NET Core.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
3.0.0 103 5/30/2026
2.0.0 116 5/30/2026