Udap.Client 0.2.15

.NET 6.0 This package targets .NET 6.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Udap.Client --version 0.2.15
                    


                    

                
NuGet\Install-Package Udap.Client -Version 0.2.15
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Udap.Client" Version="0.2.15" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Udap.Client" Version="0.2.15" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Udap.Client" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Udap.Client --version 0.2.15
                    


                    

                
#r "nuget: Udap.Client, 0.2.15"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#addin nuget:?package=Udap.Client&version=0.2.15
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Udap.Client&version=0.2.15
                    


                            Install as a Cake Tool

Udap.Client

UDAP logo

📦 Nuget Package: Udap.Client

Udap.Config simple dependency injection example configuration

If you chose to load a trust anchor yourself or non at all then registration can be a simple as the following.

builder.Services.AddScoped<TrustChainValidator>();
builder.Services.AddHttpClient<IUdapClient, UdapClient>();

The Udap.Client returns a UdapDiscoveryDocumentResponse . For convenience it contains a IsError property. If you need to understand why there is an error then you can investigate the Error, Exception, ErrorType, and HttpErrorReason depending on the reason for the error. There are also events you can subscribe to to get details about JWT and Certificate chaining errors. The Problem events come from the TrustChainValidator and are very useful. See example below.

var udapClient = serviceProvider.GetRequiredService<IUdapClient>();
var loggerFactory = serviceProvider.GetRequiredService<ILoggerFactory>();
var logger = loggerFactory.CreateLogger(typeof(Program));

udapClient.Problem += element => logger.LogWarning(element.ChainElementStatus
    .Summarize(TrustChainValidator.DefaultProblemFlags));

udapClient.Untrusted += certificate2 => logger.LogWarning("Untrusted: " + certificate2.Subject);
udapClient.TokenError += message => logger.LogWarning("TokenError: " + message);

var response = await udapClient.ValidateResource(options.BaseUrl, trustAnchorStore, community);

if (response.IsError)
{
    logger.LogError(response.HttpErrorReason);
}
else
{
    logger.LogInformation(JsonSerializer.Serialize(
        response, 
        new JsonSerializerOptions{WriteIndented = true})); 
}

Experiment with this example code in the 1_UdapClientMetadata CLI Project

Example command line run: dotnet run --baseUrl https://fhirlabs.net/fhir/r4 --trustAnchor "C:\SureFhirLabs_CA.cer" --community udap://ECDSA/

NOTE The above example trust anchor (download) is used by most communities in the https://fhirlabs.net/fhir/r4 test server.

Udap.Client configuration with a ITrustAnchorStore implementation

Implement the ITrustAnchorStore to load trust anchors from a store. Below is dependency injection example of a file system store implementation. Note the CertStore folder in this project with anchors and intermediates folders. Also take note of the appsettings.json configuration. Notice each community has an Anchors and Intermediates collection of file references. In accompanying example project all communities issue certificates through a sub-certificate authority, yet the configuration only configured one Intermediate. Why is this? If the published certificate at the resource ./well-known/udap endpoint contains a AIA extension then the .NET X509Chain.Build method will follow the URL in the extension. This is true on Windows and Linux. Some Certificate Authorities may not follow this practice and you will have to configure for the intermediate certificate.

Note: An anchor must be chosen for each community. When you receive signed metadata the client will proceed to build a certificate chain from the first x5c header certificate and the anchor as the root certificate.

There is another way for intermediate certificates to be discovered. That is within the x5c header of the signed metadata. While the first certificate in the x5c header must be the signing certificate, the rest of the certificates may be the rest of the chain. But again you must have an anchor deliberately chosen and loaded into the client. The client will no load and trust an anchor from the x5c header.

<details><summary><a>View Metadata</></summary>

"UdapFileCertStoreManifest": {
    "ResourceServers": [
      {
        "Communities": [
          {
            "Name": "udap://stage.healthtogo.me/",
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/EMRDirectTestCA.crt"
              }
            ]
          },
          {
            "Name": "udap://fhirlabs.net/",
            "Intermediates": [
              "CertStore/intermediates/SureFhirLabs_Intermediate.cer"
            ],
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/SureFhirLabs_CA.cer"
              }
            ]
          },
          {
            "Name": "udap://expired.fhirlabs.net/",
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/SureFhirLabs_CA.cer"
              }
            ]
          },
          {
            "Name": "udap://revoked.fhirlabs.net/",
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/SureFhirLabs_CA.cer"
              }
            ]
          },
          {
            "Name": "udap://untrusted.fhirlabs.net/",
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/SureFhirLabs_CA.cer"
              }
            ]
          },
          {
            "Name": "udap://Iss.Miss.Match.To.SubjAltName/",
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/SureFhirLabs_CA.cer"
              }
            ]
          },
          {
            "Name": "udap://Iss.Miss.Match.To.BaseUrl//",
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/SureFhirLabs_CA.cer"
              }
            ]
          },
          {
            "Name": "udap://ECDSA/",
            "Anchors": [
              {
                "FilePath": "CertStore/anchors/SureFhirLabs_CA.cer"
              }
            ]
          }
        ]
      }
    ]
  }

</details> <br/>

services.Configure<UdapFileCertStoreManifest>(context.Configuration.GetSection("UdapFileCertStoreManifest"));
services.AddSingleton<ITrustAnchorStore, TrustAnchorFileStore>();
services.AddScoped<TrustChainValidator>();
services.AddHttpClient<IUdapClient, UdapClient>();

Experiment with this example code in the 1_UdapClientMetadata CLI Project

Udap.Client advanced configuration

The TrustChainValidator a couple ways to control it's behavior when validating a chain. One is the control the Problem Flags identified in the .NET X509ChainStatusFlags settings. The defaults are recommended. Perhaps you are running some unit tests that do not publish a certificate revocation list. Then your code might look something like the following where we mask out OfflineRevocation and RevocationStatusUnknown flags.

services.Configure<UdapFileCertStoreManifest>(context.Configuration.GetSection("UdapFileCertStoreManifest"));
                    
var problemFlags = X509ChainStatusFlags.NotTimeValid |
                    X509ChainStatusFlags.Revoked |
                    X509ChainStatusFlags.NotSignatureValid |
                    X509ChainStatusFlags.InvalidBasicConstraints |
                    X509ChainStatusFlags.CtlNotTimeValid |
                    X509ChainStatusFlags.UntrustedRoot |
                    // X509ChainStatusFlags.OfflineRevocation |
                    X509ChainStatusFlags.CtlNotSignatureValid;
                    // X509ChainStatusFlags.RevocationStatusUnknown;

services.AddSingleton<ITrustAnchorStore, TrustAnchorFileStore>();
services.AddScoped<TrustChainValidator>(sp => new TrustChainValidator(new X509ChainPolicy(), problemFlags, sp.GetService<ILogger<TrustChainValidator>>()));
services.AddHttpClient<IUdapClient, UdapClient>();

TODO: Cover X509ChainPolicy

Udap.Client Dynamic Client Registration with a ICertificateStore implementation

Example projects

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Udap.Client:

Package Downloads
Udap.Server

Package is a part of the UDAP reference implementation for .NET.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.4.11 249 6/13/2025
0.4.10 289 6/12/2025
0.4.9 295 6/12/2025
0.4.8 145 6/3/2025
0.4.7 248 4/18/2025
0.4.6 346 3/17/2025
0.4.5 487 3/4/2025
0.4.4 525 1/15/2025
0.4.3 94 1/14/2025
0.4.2 88 1/14/2025
0.4.1 260 1/13/2025
0.4.0 276 12/14/2024
0.3.96 353 11/6/2024
0.3.95 266 11/2/2024
0.3.94 158 10/31/2024
0.3.93 351 10/13/2024
0.3.92 135 10/13/2024
0.3.91 130 10/10/2024
0.3.89 162 10/10/2024
0.3.87 167 10/5/2024
0.3.86 182 10/5/2024
0.3.85 148 10/4/2024
0.3.84 137 10/3/2024
0.3.83 133 10/3/2024
0.3.82 195 9/20/2024
0.3.81 242 9/19/2024
0.3.80 191 9/19/2024
0.3.79 178 9/19/2024
0.3.78 170 9/19/2024
0.3.77 212 9/17/2024
0.3.76 139 9/17/2024
0.3.75 150 9/12/2024
0.3.74 140 9/12/2024
0.3.73 163 9/10/2024
0.3.72 314 9/7/2024
0.3.71 153 9/5/2024
0.3.70 144 9/5/2024
0.3.69 153 9/5/2024
0.3.68 173 9/4/2024
0.3.67 137 9/4/2024
0.3.66 132 9/4/2024
0.3.65 137 9/4/2024
0.3.64 141 9/2/2024
0.3.63 144 8/31/2024
0.3.62 164 8/29/2024
0.3.61 158 8/28/2024
0.3.60 218 8/2/2024
0.3.59 166 8/1/2024
0.3.58 130 8/1/2024
0.3.57 257 7/19/2024
0.3.56 144 7/19/2024
0.3.54 152 7/18/2024
0.3.53 161 7/15/2024
0.3.52 153 7/15/2024
0.3.51 151 7/12/2024
0.3.50 225 7/1/2024
0.3.49 162 7/1/2024
0.3.48 368 5/22/2024
0.3.47 260 5/15/2024
0.3.46 135 5/14/2024
0.3.45 209 5/12/2024
0.3.44 152 5/12/2024
0.3.43 127 5/12/2024
0.3.42 139 5/12/2024
0.3.41 210 5/6/2024
0.3.40 194 5/4/2024
0.3.39 154 5/1/2024
0.3.38 167 4/30/2024
0.3.37 238 4/11/2024
0.3.36 153 4/10/2024
0.3.35 278 4/9/2024
0.3.34 181 4/8/2024
0.3.33 177 4/7/2024
0.3.32 170 4/5/2024
0.3.31 168 4/4/2024
0.3.30 148 4/4/2024
0.3.29 202 4/3/2024
0.3.28 138 4/3/2024
0.3.27 152 4/2/2024
0.3.26 128 4/2/2024
0.3.25 181 4/2/2024
0.3.24 214 3/24/2024
0.3.22 264 3/6/2024
0.3.21 158 3/6/2024
0.3.20 161 3/5/2024
0.3.19 180 3/2/2024
0.3.18 175 3/2/2024
0.3.13 185 3/1/2024
0.3.12 157 2/24/2024
0.3.10 158 2/14/2024
0.3.8 236 2/11/2024
0.3.7 168 2/11/2024
0.3.6 160 2/10/2024
0.3.5 143 2/10/2024
0.3.4 149 2/10/2024
0.3.2 160 2/10/2024
0.3.0 310 1/31/2024
0.2.21 561 10/24/2023
0.2.20 159 10/23/2023
0.2.19 200 10/20/2023
0.2.18 208 10/11/2023
0.2.17 206 10/5/2023
0.2.16 275 9/21/2023
0.2.15 163 9/21/2023
0.2.14 222 9/20/2023
0.2.13 153 9/20/2023
0.2.12 172 9/20/2023
0.2.11 170 9/19/2023
0.2.10 243 9/13/2023
0.2.9 328 8/26/2023
0.2.8 201 8/18/2023
0.2.7 202 8/15/2023
0.2.6 188 8/12/2023
0.2.5 230 8/11/2023
0.2.4 206 8/10/2023
0.2.3 242 8/2/2023
0.2.2 208 8/1/2023
0.2.1 218 7/25/2023
0.2.0 266 7/16/2023
0.1.24 370 5/26/2023
0.1.23 189 5/22/2023
0.1.22 161 5/22/2023
0.1.21 190 5/21/2023
0.1.20 194 5/20/2023
0.1.17 200 5/9/2023
0.1.16 173 5/6/2023
0.1.15 191 5/4/2023
0.1.14 210 5/2/2023
0.1.12 179 5/1/2023
0.1.11 193 4/29/2023
0.1.9 196 4/29/2023
0.1.8 190 4/29/2023
0.1.7 220 4/28/2023
0.1.6 202 4/27/2023
0.1.5 212 4/27/2023
0.1.4 216 4/25/2023
0.1.3 230 4/23/2023
0.1.2 241 4/22/2023
0.1.1 266 4/22/2023
0.0.4-preview040 180 4/21/2023
0.0.4-preview039 157 4/13/2023
0.0.4-preview038 184 4/11/2023
0.0.4-preview037 164 4/7/2023
0.0.4-preview036 174 3/31/2023
0.0.4-preview035 158 3/31/2023
0.0.4-preview034 173 3/31/2023
0.0.4-preview033 182 3/30/2023
0.0.4-preview032 187 3/19/2023
0.0.4-preview029 175 3/18/2023
0.0.4-preview028 174 3/15/2023
0.0.4-preview027 164 3/13/2023
0.0.4-preview026 169 3/12/2023
0.0.4-preview025 175 3/10/2023
0.0.4-preview024 175 3/9/2023
0.0.4-preview022 199 3/9/2023
0.0.4-preview021 169 3/7/2023
0.0.4-preview020 194 3/7/2023
0.0.4-preview019 153 3/4/2023
0.0.4-preview018 194 3/4/2023
0.0.4-preview017 183 3/4/2023
0.0.4-preview016 163 3/1/2023
0.0.4-preview015 177 2/28/2023
0.0.4-preview014 184 2/23/2023
0.0.4-preview013 195 2/23/2023
0.0.4-preview012 213 2/21/2023
0.0.4-preview011 171 2/20/2023
0.0.4-preview010 172 2/20/2023
0.0.4-preview009 163 2/19/2023
0.0.4-preview008 199 2/14/2023
0.0.4-preview007 166 2/10/2023
0.0.4-preview006 178 2/8/2023
0.0.4-preview005 187 2/8/2023
0.0.4-preview004 157 2/7/2023
0.0.4-preview003 160 2/7/2023
0.0.4-preview002 175 2/7/2023
0.0.4-preview001 173 2/3/2023
0.0.4-preview000 171 2/2/2023
0.0.3-preview032 178 2/1/2023
0.0.3-preview031 171 2/1/2023
0.0.3-preview030 194 1/30/2023
0.0.3-preview029 191 1/21/2023
0.0.3-preview028 179 1/19/2023
0.0.3-preview027 194 1/18/2023
0.0.3-preview026 211 1/16/2023
0.0.3-preview025 161 1/15/2023
0.0.3-preview024 206 1/15/2023
0.0.3-preview020 188 1/15/2023
0.0.3-preview019 174 1/11/2023
0.0.3-preview018 201 1/11/2023
0.0.3-preview017 207 1/7/2023
0.0.3-preview016 186 1/7/2023
0.0.3-preview015 188 1/6/2023
0.0.3-preview014 181 1/6/2023
0.0.3-preview013 189 1/6/2023
0.0.3-preview012 194 1/6/2023
0.0.3-preview011 190 1/6/2023
0.0.3-preview010 209 1/3/2023
0.0.3-preview009 196 1/3/2023
0.0.3-preview008 201 1/2/2023
0.0.3-preview007 196 1/2/2023
0.0.3-preview006 182 1/2/2023
0.0.3-preview005 192 1/2/2023
0.0.3-preview004 199 1/1/2023
0.0.3-preview003 191 12/31/2022
0.0.3-preview002 243 12/28/2022
0.0.3-preview001 246 12/21/2022
0.0.3-preview000 194 11/29/2022
0.0.2-preview003 175 11/4/2022
0.0.2-preview002 186 11/4/2022
0.0.2-preview000 247 11/4/2022
0.0.1-preview002 220 11/4/2022
0.0.1-preview001 207 11/4/2022