Skip to main content
This Quickstart is currently in Beta. We’d love to hear your feedback!

Use AI to integrate Auth0

If you use an AI coding assistant like Claude Code, Cursor, or GitHub Copilot, you can add Auth0 authentication automatically in minutes using agent skills.Install:
Then ask your AI assistant:
Your AI assistant will automatically create your Auth0 API, fetch credentials, install the Auth0 ASP.NET Core Authentication API SDK, configure JWT bearer authentication, and implement protected API endpoints. Full agent skills documentation →
Prerequisites: Before you begin, ensure you have the following installed:
  • .NET 8.0 SDK or higher
  • Your preferred IDE (Visual Studio 2022, VS Code, or Rider)
.NET Version Compatibility: This quickstart works with .NET 8.0 and newer.

Get Started

This quickstart demonstrates how to add Auth0 JWT authentication to an ASP.NET Core Web API. You’ll build a secure API with protected endpoints using the Auth0 ASP.NET Core API SDK.
1

Create a new project

Create a new ASP.NET Core Web API project for this Quickstart
Open the project
2

Install the Auth0 SDK

3

Setup your Auth0 API

Next up, you need to create a new API on your Auth0 tenant and add the configuration to your project.You can choose to do this automatically by running a CLI command or do it manually via the Dashboard:
Run the following shell command on your project’s root directory to create an Auth0 API and update your appsettings.json file:
4

Configure authentication

Replace the entire contents of Program.cs with the following code:
Program.cs
5

Create public and protected endpoints

Add endpoints to test authentication. Add the following code in Program.cs before app.Run():
Program.cs
6

Run your API

Your API is now running on https://localhost:7190 (or similar - check your console output for the exact URL).
CheckpointYou should now have a fully functional Auth0-protected API running on your localhost

Advanced Usage

Test your protected endpoints with an access token.1. Get an access token from Auth0 using the Client Credentials flow:
To get YOUR_CLIENT_ID and YOUR_CLIENT_SECRET, create a Machine to Machine Application in the Auth0 Dashboard and authorize it for your API.
2. Test the public endpoint (should return 200 OK):
3. Test the protected endpoint without authentication (should return 401 Unauthorized):
4. Call the protected endpoint with the token:
For larger APIs, use controllers instead of minimal API endpoints.1. Add controllers support:
Program.cs
2. Create a controller:Create Controllers/MessagesController.cs:
Controllers/MessagesController.cs
Protect endpoints based on specific scopes in the access token.1. Define scopes in your Auth0 API:In the Auth0 Dashboard → APIs → Your API → Permissions, add scopes:
  • read:messages - Read messages
  • write:messages - Write messages
2. Configure authorization policies:
Program.cs
3. Apply policies to endpoints:
When requesting an access token, include the required scope:
DPoP (Demonstration of Proof-of-Possession) binds access tokens to cryptographic keys, preventing token theft and replay attacks.Enable DPoP support:
Program.cs
DPoP Modes:Accept both DPoP and Bearer tokens (default):
Only accept DPoP tokens, reject Bearer tokens:
Configure time validation parameters:
Learn more about DPoP in the Auth0 DPoP Documentation.
Create reusable authorization policies for complex requirements.1. Create a custom requirement:
Authorization/HasScopeRequirement.cs
2. Create a handler:
Authorization/HasScopeHandler.cs
3. Register and use the policy:
Program.cs
Extract user information from the authenticated token.
Customize JWT token validation parameters for specific requirements.
Program.cs

Additional Resources

SDK Documentation

Complete SDK documentation and API reference

Migration Guide

Migrate from JWT Bearer authentication

Code Examples

Comprehensive code examples and patterns

DPoP Documentation

Learn about proof-of-possession security

Token Best Practices

Security best practices for tokens

Community Forum

Get help from the Auth0 community

Common Issues

Problem: Token validation fails with audience mismatch error.Solution: Ensure the Audience in appsettings.json exactly matches the Identifier of your Auth0 API. The audience claim in the token must match this value.
Problem: Token validation fails with issuer error.Solution: Verify your Domain is correct and does not include https://. The library automatically constructs the authority as https://{Domain}.
Problem: ArgumentNullException: Value cannot be null. (Parameter 'Domain') or similar.Solution: Ensure appsettings.json contains the Auth0 section with Domain and Audience values. Check that configuration is being read correctly:
Problem: SSL/TLS certificate errors when running locally.Solution: Trust the development certificate:
Or generate a new certificate:
Problem: Authentication not working despite correct configuration.Solution: Ensure middleware is in the correct order. UseAuthentication() must come before UseAuthorization():
Problem: Scope-based authorization policies always fail.Solution: Ensure your access token includes the required scopes. When requesting a token, specify the scopes:
Also verify scopes are defined in your Auth0 API settings (Dashboard → APIs → Your API → Permissions).

Sample Application

A complete sample application demonstrating all features is available in the SDK repository.

Playground Application

Includes public and protected endpoints, DPoP support, Swagger UI integration, and Postman collection
Clone and run: