OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin
9.0.1
dotnet add package OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin --version 9.0.1
NuGet\Install-Package OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin -Version 9.0.1
<PackageReference Include="OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin" Version="9.0.1" />
<PackageVersion Include="OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin" Version="9.0.1" />
<PackageReference Include="OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin" />
paket add OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin --version 9.0.1
#r "nuget: OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin, 9.0.1"
#:package OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin@9.0.1
#addin nuget:?package=OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin&version=9.0.1
#tool nuget:?package=OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin&version=9.0.1
SafeguardDotNet.PkceNoninteractiveLogin
PKCE-based non-interactive authentication for the Safeguard Web API without launching a browser.
Overview
This library provides OAuth2/PKCE authentication to Safeguard by allowing applications to manually handle the authentication flow without launching a browser. This is useful for:
- Automated testing scenarios
- Custom authentication workflows
- Integration with non-browser-based UI frameworks
- Scenarios where browser automation is required
Key Features
- Manual PKCE Flow Control: Generate code verifier/challenge and build authorization URLs
- No Browser Launch: Unlike BrowserLogin, this doesn't automatically open a browser
- Flexible Integration: Programmatically obtain authorization codes through custom mechanisms
- Standard OAuth2/PKCE: Follows OAuth2 Authorization Code Flow with PKCE (RFC 7636)
Usage Example
The library drives the OAuth2/PKCE authorization-code flow internally by
posting directly to the rSTS login endpoints — no browser, no TCP listener,
and no caller-supplied authorization code are required. The caller supplies
the appliance address and credentials; everything else (code verifier/
challenge generation, authorization, code redemption, token exchange) is
handled by Connect / ConnectAsync.
using System.Security;
using OneIdentity.SafeguardDotNet;
using OneIdentity.SafeguardDotNet.PkceNoninteractiveLogin;
SecureString password = GetPasswordSecurely();
using var connection = PkceNoninteractiveLogin.Connect(
appliance: "safeguard.example.com",
provider: "local",
username: "Admin",
password: password,
ignoreSsl: false);
var me = connection.InvokeMethod(Service.Core, Method.Get, "Me");
Multi-factor authentication
If the identity provider requires a second factor (TOTP, RADIUS, etc.), pass
the one-time code as secondaryPassword:
SecureString password = GetPasswordSecurely();
SecureString totp = GetOneTimeCodeSecurely();
using var connection = PkceNoninteractiveLogin.Connect(
"safeguard.example.com", "local", "Admin", password, totp);
Async with cancellation
using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(60));
SecureString password = GetPasswordSecurely();
using var connection = await PkceNoninteractiveLogin.ConnectAsync(
"safeguard.example.com", "local", "Admin", password,
secondaryPassword: null,
apiVersion: Safeguard.DefaultApiVersion,
ignoreSsl: false,
cancellationToken: cts.Token);
Comparison with BrowserLogin
| Feature | BrowserLogin | PkceNoninteractiveLogin |
|---|---|---|
| Browser Launch | Automatic | None — flow is driven over HTTP |
| TCP Listener | Built-in | Not needed |
| Credentials | Entered in browser by user | Supplied by caller (username/password, optional MFA code) |
| Use Case | Interactive desktop apps | Automated testing, CI/CD, headless integrations |
Dependencies
- SafeguardDotNet (core SDK)
- SafeguardDotNet.LoginCommon (shared OAuth utilities)
- Serilog (logging)
Testing
See Test/SafeguardDotNetPkceNoninteractiveLoginTester for a reference implementation that demonstrates both interactive and non-interactive testing modes.
License
Apache 2.0. See LICENSE file for details.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
| .NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
| .NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen40 was computed. tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- OneIdentity.SafeguardDotNet (>= 9.0.1)
- Serilog (>= 4.3.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 9.0.1 | 0 | 7/1/2026 |
| 9.0.1-pre44965 | 0 | 7/1/2026 |
| 9.0.0-pre40762 | 213 | 6/8/2026 |
| 9.0.0-pre40181 | 102 | 6/4/2026 |
| 9.0.0-pre40008 | 95 | 6/4/2026 |
| 9.0.0-pre39983 | 97 | 6/3/2026 |
| 9.0.0-pre39666 | 100 | 6/3/2026 |
| 9.0.0-pre39649 | 101 | 6/3/2026 |
| 8.3.1 | 645 | 6/3/2026 |
| 8.3.1-pre39597 | 93 | 6/2/2026 |
| 8.3.0 | 102 | 6/2/2026 |
| 8.3.0-pre39380 | 96 | 6/2/2026 |
| 8.3.0-pre38787 | 109 | 5/29/2026 |
| 8.2.4 | 111 | 5/28/2026 |
| 8.2.4-pre38438 | 98 | 5/27/2026 |
| 8.2.3-pre37443 | 92 | 5/21/2026 |
| 8.2.3-pre36303 | 93 | 5/16/2026 |
| 8.2.3-dev-36240 | 96 | 5/16/2026 |
| 8.2.3-dev-33026 | 110 | 4/29/2026 |
| 8.2.3-dev-32683 | 105 | 4/27/2026 |
PKCE Non-interactive Login for One Identity Safeguard Web API .NET SDK
Allows custom application to use the Safeguard Web API by authenticating to
Safeguard using OAuth2/PKCE flow without launching a browser. This enables
programmatic authentication by directly calling rSTS endpoints.