AuthAction.AspNetCore 0.1.1

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package AuthAction.AspNetCore --version 0.1.1
                    


                    

                
NuGet\Install-Package AuthAction.AspNetCore -Version 0.1.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="AuthAction.AspNetCore" Version="0.1.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="AuthAction.AspNetCore" Version="0.1.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="AuthAction.AspNetCore" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add AuthAction.AspNetCore --version 0.1.1
                    


                    

                
#r "nuget: AuthAction.AspNetCore, 0.1.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package AuthAction.AspNetCore@0.1.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=AuthAction.AspNetCore&version=0.1.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=AuthAction.AspNetCore&version=0.1.1
                    


                            Install as a Cake Tool

AuthAction.AspNetCore

ASP.NET Core JWT authentication middleware for AuthAction. One call to AddAuthAction() configures JWT Bearer authentication, JWKS key fetching and caching, audience validation, and the [CurrentUser] parameter attribute.

NuGet CI

Prerequisites

Installation

dotnet add package AuthAction.AspNetCore

Quick start

1. Add credentials to appsettings.json:

{
  "AuthAction": {
    "Domain": "myapp.eu.authaction.com",
    "Audience": "https://api.myapp.com"
  }
}

2. Register the middleware in Program.cs:

using AuthAction.AspNetCore;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthAction(options =>
    builder.Configuration.GetSection("AuthAction").Bind(options));

builder.Services.AddAuthorization();
builder.Services.AddControllers();

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();

app.Run();

3. Protect routes and inject the current user:

using AuthAction.AspNetCore;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

[ApiController]
[Route("[controller]")]
public class ProfileController : ControllerBase
{
    [HttpGet]
    [Authorize]
    public IActionResult Get([CurrentUser] UserInfo user) =>
        Ok(new { user.Sub, user.Email });
}

Configuration

Key Required Description
AuthAction:Domain Yes AuthAction tenant domain, e.g. myapp.eu.authaction.com
AuthAction:Audience Yes API identifier registered in AuthAction (the JWT aud claim)

You can also configure via environment variables using ASP.NET Core's double-underscore convention:

export AUTHACTION__DOMAIN=myapp.eu.authaction.com
export AUTHACTION__AUDIENCE=https://api.myapp.com

[CurrentUser] attribute

Add [CurrentUser] UserInfo user to any [Authorize]-protected action parameter to receive a typed object populated from the verified JWT claims.

[HttpGet("/me")]
[Authorize]
public IActionResult Me([CurrentUser] UserInfo user) =>
    Ok(new
    {
        user.Sub,
        user.Email,
        user.EmailVerified,
        user.Name,
        user.Picture,
    });

UserInfo exposes the standard OIDC claims plus a Claims dictionary for any custom claims:

Property JWT claim Type
Sub sub string
Email email string?
EmailVerified email_verified bool
Name name string?
Picture picture string?
Claims all claims IReadOnlyDictionary<string, string>

How it works

AddAuthAction() calls AddJwtBearer() with Authority set to https://<domain>. ASP.NET Core's built-in JWT Bearer middleware:

  1. Fetches https://<domain>/.well-known/openid-configuration to discover the JWKS URI.
  2. Downloads and caches the public keys from the JWKS endpoint.
  3. Validates RS256 signature, issuer, audience, and token expiry on every request.
  4. Re-fetches keys automatically when an unknown kid is encountered (key rotation).

No manual JWKS handling or caching is required.

Running the tests

dotnet test

The test suite uses WebApplicationFactory with a fake authentication handler — no real JWKS calls are made.

Example app

See authaction-dotnet-example for a full ASP.NET Core Web API example.

License

MIT

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.1 41 6/5/2026
0.1.0 39 6/5/2026