TokenInspect 0.2.0

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package TokenInspect --version 0.2.0
                    


                    

                
NuGet\Install-Package TokenInspect -Version 0.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="TokenInspect" Version="0.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="TokenInspect" Version="0.2.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="TokenInspect" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add TokenInspect --version 0.2.0
                    


                    

                
#r "nuget: TokenInspect, 0.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package TokenInspect@0.2.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=TokenInspect&version=0.2.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=TokenInspect&version=0.2.0
                    


                            Install as a Cake Tool

TokenInspect

Core library for the Token Inspect plugin: a didactic token-flow inspector for OIDC/OAuth 2.0 applications.

This package provides:

  • IFlowRecorder: the contract that host code calls to begin a flow run, append steps, and complete or fail it. Ships with a NullFlowRecorder (no-op, safe default) and an in-memory FlowRecorder.
  • ITraceStore: the host-implemented persistence abstraction. The library never persists anything itself; the host wires Redis, a database, or in-memory.
  • MapTokenInspect(): the egress endpoint extension. Returns the journal for the authorized principal only. The Authorize delegate defaults to deny; the host must opt in.

Install

dotnet add package TokenInspect

Basic use (host wiring)

builder.Services.AddTokenInspect(opts =>
{
    opts.Enabled = !builder.Environment.IsProduction();
    opts.Authorize = (ctx, sessionId) =>
    {
        // Host-defined ownership check; never trust a request-supplied id.
        return ctx.Request.Cookies.TryGetValue("session", out var owned)
            && string.Equals(owned, sessionId, StringComparison.Ordinal);
    };
});

// Your ITraceStore implementation:
builder.Services.AddSingleton<ITraceStore, MyRedisTraceStore>();

var app = builder.Build();
app.MapTokenInspect();   // GET /internal/trace (gated by Authorize)

For an ASP.NET middleware that records server-side hops automatically (validation, RBAC, downstream calls), see TokenInspect.AspNetCore.

Security

The package is inert until Enabled = true. The Authorize delegate defaults to deny: no host wiring, no access. See the security model for the full set of controls.

License

MIT.

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net10.0

    • No dependencies.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on TokenInspect:

Package Downloads
TokenInspect.AspNetCore

Drop-in ASP.NET Core middleware for the Token Inspect plugin: records incoming token validation, RBAC, and downstream calls per correlation id. Bounded ring with TTL, dev endpoint loopback-only by default, principal-derived Authorize delegate.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.2.0 87 6/1/2026
0.1.0 108 5/31/2026