1. Backend
  • Overview
  • Application Guides
    • Frontend
      • Get Started - React App
      • Get Started - HTML and JS
      • Get Started - Angular JS
      • Get Started - Next JS App
    • Backend
      • Get Started - Node JS
      • Get Started - Golang
      • Get Started - ASP.NET
      • Get Started - JAVA
  • Dashboard
    • API Credentials
    • Organization
    • Social Login
    • Customize Email Template
    • Configure Custom Domain
    • IT Admin Portal
  • Authentication
    • Login Widget
    • Magic Link
    • Google Social Login
    • Multi-Factor Authentication
    • Single Sign-On Overview
    • Setup SSO Connection
  • Security
    • Overview
    • Authentication
      • Password Hashing and Storage
      • Multi-Factor Authentication Methods and Implementation
      • Session Management
    • Attack Protection
      • Bot Detection
      • Breached Password Detection
      • Brute Force Protection
      • Log Events
      • Secure JSON Web Tokens (JWT)
      • Secure OpenID Connect (OIDC)
      • Suspicious IP Throttling
    • Data Security
      • Data Encryption At Rest and In Transit
      • Secure Storage of Secrets (Keys, Credentials)
      • Sensitive Data Handling
    • Infrastructure
      • Security Considerations for Cloud Provider or Deployment Model
      • Threat Modeling
  • API References
    • Authentication
      • MagicLink
        • Email a Magic Link
        • Resend Email Magic Link
        • Verify Magic Link
        • Ping Status
      • Magic Auth Code
        • Email a Magic Auth Code
        • Resend Magic Auth Code
        • Verify Magic Auth Code
      • Phone Authentication
        • Send Magic Auth Code via SMS
        • Resend Magic Auth Code via SMS
        • Phone Magic Auth Verify
      • PassKey
        • Initiate Passkey Login
        • Passkey Registration Initialize
        • Finish Passkey Authentication
        • Complete Passkey Registration
        • Check User Passkey Authentication Status
        • List User PassKey Credentials
        • Update Passkey Name
        • Delete Associated Passkey
      • GET Auth Status
    • Token
      • Refresh Token
      • Access Token By Auth Code
    • Mutli-Factor Authentication (MFA)
      • MFA Access Token
      • List of Authenticators
      • MFA Enroll TOTP
      • Initiate MFA
      • QR Code Image API
      • Validate MFA Token
      • Get Backup Code
    • Role And Permission
      • List All Roles
      • List All Permission
      • Create New Role
      • Update Existing Role
      • Update Permission By Permission Id
      • Remove Organization Role By Role Id
      • Remove Organization Permission By Permission Id
    • User Management
      • List All Users
      • GET User By User Id
      • GET User by User Email Address
      • Create a User
      • Update User by User Id
      • Verify User Status By User Id
      • Delete User By User Id
      • Manage User Roles
      • GET Users Organizations
      • GET User Login Logs
    • Organization
      • Add New Organization
      • Get Organization
      • Get All Organization
      • Update Organization
      • Delete Organization
      • GET Configuration By Client Id
      • GET Configuration By Custom Domain
  1. Backend

Get Started - ASP.NET

This document outlines the backend configuration needed to process the state parameter sent by the frontend, retrieve the token, and verify it. The frontend configuration is covered in a separate document.

Steps to Get and Verify the Token#

Receive the Response:#

Ensure your backend is set up to receive the authentication response at the specified endpoint.

Verify the Token:#

Validate the authentication token or code received from the authentication provider.

Establish Session:#

Create a user session or perform necessary actions based on the successful authentication.

Sample API Response (Status API)#

{
  "authenticated": true,
  "access_token": "eyJhbGc****TkyoyIWN9JbYhkuqE",
  "token_type": "Bearer",
  "expires_at": "2024-08-17T05:36:11Z",
  "profile": {
    "id": "6667d***03d109*****",
    "idp_id": "104***6374619797",
    "account_id": "644b7****553***a75",
    "connection_type": "MagicLink",
    "email": "user@example.com",
    "first_name": "fname",
    "last_name": "lname",
    "raw_attributes": {
      "verified_email": true,
      "email": "user@example.com",
      "family_name": "fname",
      "given_name": "lanem",
      "hd": "compile7.com",
      "id": "1043572269163******",
      "name": "full name",
      "picture": "<https://lh3.googleusercontent.com/a>"
    },
    "tenants": [
      {
        "tenant_id": "664e26862cbfbdb*******",
        "tenant_name": "org1",
        "roles": [
          {
            "role_id": "6638***21ce81c",
            "role_name": "Admin",
            "permissions": null
          }
        ],
        "status": "Verified"
      },
      {
        "tenant_id": "666****3adc***d1c0",
        "tenant_name": "org2",
        "roles": [
          {
            "role_id": "66***13bd4****e81c",
            "role_name": "Admin",
            "permissions": null
          }
        ],
        "status": "Verified"
      }
    ],
    "created_at": "2024-06-11T04:58:38.983Z",
    "modified_at": "2024-07-18T05:36:11.231Z",
    "is_active": false,
    "LastLoginAt": "2024-07-18T05:36:11.231Z"
  }
}

Verify JWT Token Using JWKS#

Dependencies#

First, install the necessary NuGet packages:
dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer
dotnet add package Microsoft.IdentityModel.Tokens
dotnet add package Microsoft.IdentityModel.Protocols.OpenIdConnect

Middleware#

Configure the JWT authentication middleware in the Startup.cs file:

Controller#

Create a controller to handle the authentication endpoint:
This configuration sets up the ASP.NET Core backend to authenticate and authorize requests using JWT tokens obtained from a JWKS endpoint. The middleware handles token validation and ensures secure access to protected endpoints.
Modified at 2024-07-25 10:31:36
Previous
Get Started - Golang
Next
Get Started - JAVA
Built with