Labsco
auth0 logo

auth0-aspnetcore-api

37

by auth0 · part of auth0/agent-skills

Use when securing ASP.NET Core Web API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates…

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
🧩 One of 7 skills in the auth0/agent-skills package — works on its own, and pairs well with its siblings.

Use when securing ASP.NET Core Web API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates…

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.

by auth0

Use when securing ASP.NET Core Web API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates… npx skills add https://github.com/auth0/agent-skills --skill auth0-aspnetcore-api Download ZIPGitHub37

Auth0 ASP.NET Core Web API Integration

Protect ASP.NET Core Web API endpoints with JWT access token validation using Auth0.AspNetCore.Authentication.Api.

When NOT to Use

  • Server-rendered web applications - Use session-based auth (Auth0.AspNetCore.Authentication) for MVC/Razor Pages apps

  • Single Page Applications - Use auth0-react, auth0-vue, or auth0-angular for client-side auth

  • Mobile applications - Use auth0-react-native for React Native/Expo

  • Blazor WebAssembly - Requires different auth approach (OIDC client-side)

Scope-Based Authorization

See Integration Guide for defining and enforcing scope policies.

DPoP Support

Built-in proof-of-possession token binding per RFC 9449. See Integration Guide for configuration.

Related Skills

  • auth0-quickstart - Basic Auth0 setup

  • auth0-mfa - Add Multi-Factor Authentication

  • auth0-cli - Manage Auth0 resources from the terminal

Quick Reference

Configuration Options:

  • options.Domain - Auth0 tenant domain, no https:// prefix (required)

  • options.JwtBearerOptions.Audience - API Identifier from Auth0 API settings (required)

  • options.JwtBearerOptions - Full access to underlying Microsoft JWT Bearer options

User Claims:

  • ctx.User.FindFirst("sub")?.Value - User ID (subject)

  • ctx.User.FindFirst("scope")?.Value - Space-separated scopes

  • ctx.User.FindAll("scope") - All scope claims

Common Use Cases:

  • Protect Minimal API routes → .RequireAuthorization() (see Step 5)

  • Protect controller actions → [Authorize] attribute (see Step 5)

  • Scope enforcement → Integration Guide

  • DPoP token binding → Integration Guide

  • Advanced JWT Bearer config → API Reference

Detailed Documentation

  • Setup Guide - Auth0 CLI setup, environment configuration

  • Integration Guide - Scope policies, DPoP, controller patterns, error handling

  • API Reference - Complete configuration options and extension methods

References