Nedo.AspNet.Authentication.Local 2.0.0

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Nedo.AspNet.Authentication.Local --version 2.0.0
                    


                    

                
NuGet\Install-Package Nedo.AspNet.Authentication.Local -Version 2.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Nedo.AspNet.Authentication.Local" Version="2.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Nedo.AspNet.Authentication.Local" Version="2.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Nedo.AspNet.Authentication.Local" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Nedo.AspNet.Authentication.Local --version 2.0.0
                    


                    

                
#r "nuget: Nedo.AspNet.Authentication.Local, 2.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Nedo.AspNet.Authentication.Local@2.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Nedo.AspNet.Authentication.Local&version=2.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Nedo.AspNet.Authentication.Local&version=2.0.0
                    


                            Install as a Cake Tool

Nedo.AspNet.Authentication

A modular authentication platform for ASP.NET Core. Six SPA-friendly social providers (Google, Microsoft, Apple, GitHub, Facebook, Keycloak) that mint your own JWTs · four enterprise OIDC providers (Keycloak, Entra ID, Auth0, Okta) for the JWT-bearer pattern · Local username/password with refresh-token families, email verification, password reset, account management · TOTP 2FA that auto-gates every sign-in path · dev-only impersonation endpoint · multi-tenant resolution. All composable NuGet packages.

Authentication only — verifies who the caller is. Authorization (what the caller can do) is handled separately.

Architecture

Nedo.AspNet.Authentication
├── Core
│   ├── Abstractions          Zero-dependency contracts (IAuthContext, IAuthEventSink, AuthMode)
│   ├── Authentication        JWT Bearer, middleware, DI engine
│   ├── TokenManagement       Token forwarding + client-credentials refresh
│   └── Claims                Claims transformation pipeline
│
├── Local
│   └── Local                 Username/password, refresh-token families with reuse detection,
│                             email verify, password reset, external-login linking,
│                             account management endpoints, AuthOutcome discriminated outcome,
│                             5 focused services (Login / Registration / ExternalSignIn /
│                             PasswordReset / EmailVerification) sharing SessionTokenIssuer
│
├── Shared OIDC plumbing
│   └── Oidc                  OidcIdTokenValidatorBase + OAuthCodePopupEndpoints helper,
│                             reused by every social provider
│
├── Social Identity Providers (each issues Nedo JWTs after upstream verification)
│   ├── Google                OIDC ID-token exchange (Google Identity Services)
│   ├── Microsoft             OIDC ID-token exchange (MSAL.js, consumers/work/multi-tenant)
│   ├── Apple                 OIDC ID-token exchange (Apple JS SDK)
│   ├── GitHub                OAuth code exchange (popup + postMessage)
│   ├── Facebook              Graph API access-token verification (FB JS SDK)
│   └── Keycloak (SignIn)     OAuth code exchange via AddKeycloakSignIn
│
├── Enterprise Identity Providers (your API as resource server, validates upstream JWTs)
│   ├── Keycloak (Bearer)     realm_access roles, resource_access (AddKeycloak)
│   ├── EntraId               Azure AD app roles, group mapping
│   ├── Auth0                 Namespace-prefixed claims, RBAC
│   └── Okta                  Authorization server, groups → roles
│
├── Security extensions
│   ├── Totp                  TOTP 2FA (RFC 6238) — auto-gates every sign-in path via IMultiFactorChallenge
│   └── Dev                   Dev-only POST /auth/dev/sign-in (refuses outside Development env)
│
└── Cross-Cutting
    ├── MultiTenant           Tenant resolution (header, claim, subdomain)
    └── Diagnostics           Circuit breaker, IdP health check

Quick Start

dotnet add package Nedo.AspNet.Authentication

using Nedo.AspNet.Authentication;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddNedoAuthentication(options =>
{
    options.Authority = "https://keycloak.example.com/realms/my-realm";
    options.Audience = "my-api";
});

var app = builder.Build();

app.UseAuthentication();
app.UseNedoAuthContext();
app.UseAuthorization();

app.MapGet("/me", (IAuthContext auth) => Results.Ok(new
{
    auth.UserId,
    auth.Email,
    auth.Roles,
    auth.TenantId
}));

app.Run();

Documentation

Start at docs/README.md for a task-oriented index.

Section Pointers
Get started 01 — Overview · 02 — Getting Started · 03 — Core Concepts
Add a sign-in provider 09 — Local (username/password + refresh families + email-verify + password-reset + account management) · providers/social/ (Google, Microsoft, Apple, GitHub, Facebook, Keycloak — each guide includes console-registration walkthrough) · 04 — Enterprise OIDC (Keycloak/Entra/Auth0/Okta as resource server)
Security on top of Local TOTP 2FA (auto-gates every sign-in path) · Dev-auth (no-password endpoint for local dev + tests)
Frontend integration React + Local + social sample · React + Keycloak · Mobile
Reference 05 — Claims · 06 — Tokens · 07 — Multi-Tenant · 08 — Diagnostics
Operations 10 — Testing · 11 — Migration

For a runnable end-to-end example of Local + all six social providers + 2FA + dev-auth driving a React SPA, see sample/Nedo.AspNet.Authentication.Local.Sample (.NET API) and sample/Nedo.AspNet.Authentication.Local.Sample.React (Vite + React + TypeScript).

Build & Test

dotnet build
dotnet test                   # 91 tests
dotnet run --project sample/Nedo.AspNet.Authentication.Sample

Releasing

All 20 packages are published together on every v* git tag via .gitlab-ci.yml. See PUBLISHING.md for the operator runbook (version flow, required CI/CD variables, dry-run instructions, common failure modes).

git tag v1.2.0
git push origin v1.2.0   # → GitLab builds + pushes all 20 to nuget.org

License

MIT

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (10)

Showing the top 5 NuGet packages that depend on Nedo.AspNet.Authentication.Local:

Package Downloads
Nedo.AspNet.Authentication.Local.Passkeys

Passkeys (FIDO2 / WebAuthn) sign-in for Nedo.AspNet.Authentication.Local. Wraps Fido2NetLib and emits standard local sessions.
Nedo.AspNet.Authentication.Totp

TOTP (RFC 6238) two-factor authentication for Nedo.AspNet.Authentication.Local. Compatible with Google Authenticator, Microsoft Authenticator, 1Password, Authy, etc.
Nedo.AspNet.Authentication.Google

Google sign-in (ID-token exchange) for Nedo.AspNet.Authentication.
Nedo.AspNet.Authentication.Dev

Dev-only impersonation endpoint — sign in as any user without a password. Refuses to start outside the Development environment unless explicitly forced.
Nedo.AspNet.Authentication.Microsoft

Microsoft sign-in (ID-token exchange) for Nedo.AspNet.Authentication.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.0.9 242 5/11/2026
2.0.8 217 5/6/2026
2.0.7 222 5/5/2026
2.0.6 221 5/5/2026
2.0.4 218 5/4/2026
2.0.3 229 5/4/2026
2.0.2 219 5/2/2026
2.0.1 217 5/2/2026
2.0.0 203 5/1/2026