Nedo.AspNet.Authentication.Google 2.0.0

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Nedo.AspNet.Authentication.Google --version 2.0.0
                    


                    

                
NuGet\Install-Package Nedo.AspNet.Authentication.Google -Version 2.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Nedo.AspNet.Authentication.Google" Version="2.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Nedo.AspNet.Authentication.Google" Version="2.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Nedo.AspNet.Authentication.Google" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Nedo.AspNet.Authentication.Google --version 2.0.0
                    


                    

                
#r "nuget: Nedo.AspNet.Authentication.Google, 2.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Nedo.AspNet.Authentication.Google@2.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Nedo.AspNet.Authentication.Google&version=2.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Nedo.AspNet.Authentication.Google&version=2.0.0
                    


                            Install as a Cake Tool

Nedo.AspNet.Authentication

A modular authentication platform for ASP.NET Core. Six SPA-friendly social providers (Google, Microsoft, Apple, GitHub, Facebook, Keycloak) that mint your own JWTs · four enterprise OIDC providers (Keycloak, Entra ID, Auth0, Okta) for the JWT-bearer pattern · Local username/password with refresh-token families, email verification, password reset, account management · TOTP 2FA that auto-gates every sign-in path · dev-only impersonation endpoint · multi-tenant resolution. All composable NuGet packages.

Authentication only — verifies who the caller is. Authorization (what the caller can do) is handled separately.

Architecture

Nedo.AspNet.Authentication
├── Core
│   ├── Abstractions          Zero-dependency contracts (IAuthContext, IAuthEventSink, AuthMode)
│   ├── Authentication        JWT Bearer, middleware, DI engine
│   ├── TokenManagement       Token forwarding + client-credentials refresh
│   └── Claims                Claims transformation pipeline
│
├── Local
│   └── Local                 Username/password, refresh-token families with reuse detection,
│                             email verify, password reset, external-login linking,
│                             account management endpoints, AuthOutcome discriminated outcome,
│                             5 focused services (Login / Registration / ExternalSignIn /
│                             PasswordReset / EmailVerification) sharing SessionTokenIssuer
│
├── Shared OIDC plumbing
│   └── Oidc                  OidcIdTokenValidatorBase + OAuthCodePopupEndpoints helper,
│                             reused by every social provider
│
├── Social Identity Providers (each issues Nedo JWTs after upstream verification)
│   ├── Google                OIDC ID-token exchange (Google Identity Services)
│   ├── Microsoft             OIDC ID-token exchange (MSAL.js, consumers/work/multi-tenant)
│   ├── Apple                 OIDC ID-token exchange (Apple JS SDK)
│   ├── GitHub                OAuth code exchange (popup + postMessage)
│   ├── Facebook              Graph API access-token verification (FB JS SDK)
│   └── Keycloak (SignIn)     OAuth code exchange via AddKeycloakSignIn
│
├── Enterprise Identity Providers (your API as resource server, validates upstream JWTs)
│   ├── Keycloak (Bearer)     realm_access roles, resource_access (AddKeycloak)
│   ├── EntraId               Azure AD app roles, group mapping
│   ├── Auth0                 Namespace-prefixed claims, RBAC
│   └── Okta                  Authorization server, groups → roles
│
├── Security extensions
│   ├── Totp                  TOTP 2FA (RFC 6238) — auto-gates every sign-in path via IMultiFactorChallenge
│   └── Dev                   Dev-only POST /auth/dev/sign-in (refuses outside Development env)
│
└── Cross-Cutting
    ├── MultiTenant           Tenant resolution (header, claim, subdomain)
    └── Diagnostics           Circuit breaker, IdP health check

Quick Start

dotnet add package Nedo.AspNet.Authentication

using Nedo.AspNet.Authentication;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddNedoAuthentication(options =>
{
    options.Authority = "https://keycloak.example.com/realms/my-realm";
    options.Audience = "my-api";
});

var app = builder.Build();

app.UseAuthentication();
app.UseNedoAuthContext();
app.UseAuthorization();

app.MapGet("/me", (IAuthContext auth) => Results.Ok(new
{
    auth.UserId,
    auth.Email,
    auth.Roles,
    auth.TenantId
}));

app.Run();

Documentation

Start at docs/README.md for a task-oriented index.

Section Pointers
Get started 01 — Overview · 02 — Getting Started · 03 — Core Concepts
Add a sign-in provider 09 — Local (username/password + refresh families + email-verify + password-reset + account management) · providers/social/ (Google, Microsoft, Apple, GitHub, Facebook, Keycloak — each guide includes console-registration walkthrough) · 04 — Enterprise OIDC (Keycloak/Entra/Auth0/Okta as resource server)
Security on top of Local TOTP 2FA (auto-gates every sign-in path) · Dev-auth (no-password endpoint for local dev + tests)
Frontend integration React + Local + social sample · React + Keycloak · Mobile
Reference 05 — Claims · 06 — Tokens · 07 — Multi-Tenant · 08 — Diagnostics
Operations 10 — Testing · 11 — Migration

For a runnable end-to-end example of Local + all six social providers + 2FA + dev-auth driving a React SPA, see sample/Nedo.AspNet.Authentication.Local.Sample (.NET API) and sample/Nedo.AspNet.Authentication.Local.Sample.React (Vite + React + TypeScript).

Build & Test

dotnet build
dotnet test                   # 91 tests
dotnet run --project sample/Nedo.AspNet.Authentication.Sample

Releasing

All 20 packages are published together on every v* git tag via .gitlab-ci.yml. See PUBLISHING.md for the operator runbook (version flow, required CI/CD variables, dry-run instructions, common failure modes).

git tag v1.2.0
git push origin v1.2.0   # → GitLab builds + pushes all 20 to nuget.org

License

MIT

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.0.9 97 5/11/2026
2.0.8 86 5/6/2026
2.0.7 91 5/5/2026
2.0.6 85 5/5/2026
2.0.4 83 5/4/2026
2.0.3 82 5/4/2026
2.0.2 90 5/2/2026
2.0.1 99 5/2/2026
2.0.0 89 5/1/2026