This Quickstart is currently in Beta. We’d love to hear your feedback!
Use AI to integrate Auth0
Use AI to integrate Auth0
If you use an AI coding assistant like Claude Code, Cursor, or GitHub Copilot, you can add Auth0 authentication automatically in minutes using agent skills.Install:Then ask your AI assistant:Your AI assistant will automatically create your Auth0 API, fetch credentials, install the Auth0 ASP.NET Core Authentication API SDK, configure JWT bearer authentication, and implement protected API endpoints. Full agent skills documentation →
Prerequisites: Before you begin, ensure you have the following installed:
- .NET 8.0 SDK or higher
- Your preferred IDE (Visual Studio 2022, VS Code, or Rider)
Get Started
This quickstart demonstrates how to add Auth0 JWT authentication to an ASP.NET Core Web API. You’ll build a secure API with protected endpoints using the Auth0 ASP.NET Core API SDK.Setup your Auth0 API
Next up, you need to create a new API on your Auth0 tenant and add the configuration to your project.You can choose to do this automatically by running a CLI command or do it manually via the Dashboard:
- CLI
- Dashboard
Run the following shell command on your project’s root directory to create an Auth0 API and update your
appsettings.json file:- Mac/Linux
- Windows (PowerShell)
Configure authentication
Replace the entire contents of
Program.cs with the following code:Program.cs
Create public and protected endpoints
Add endpoints to test authentication. Add the following code in
Program.cs before app.Run():Program.cs
CheckpointYou should now have a fully functional Auth0-protected API running on your localhost
Advanced Usage
Calling Protected APIs
Calling Protected APIs
Test your protected endpoints with an access token.1. Get an access token from Auth0 using the Client Credentials flow:2. Test the public endpoint (should return 200 OK):3. Test the protected endpoint without authentication (should return 401 Unauthorized):4. Call the protected endpoint with the token:
To get
YOUR_CLIENT_ID and YOUR_CLIENT_SECRET, create a Machine to Machine Application in the Auth0 Dashboard and authorize it for your API.Using Controller-Based Endpoints
Using Controller-Based Endpoints
For larger APIs, use controllers instead of minimal API endpoints.1. Add controllers support:2. Create a controller:Create
Program.cs
Controllers/MessagesController.cs:Controllers/MessagesController.cs
Using DPoP for Enhanced Security
Using DPoP for Enhanced Security
DPoP (Demonstration of Proof-of-Possession) binds access tokens to cryptographic keys, preventing token theft and replay attacks.Enable DPoP support:DPoP Modes:Accept both DPoP and Bearer tokens (default):Only accept DPoP tokens, reject Bearer tokens:Configure time validation parameters:
Program.cs
Learn more about DPoP in the Auth0 DPoP Documentation.
Accessing User Information
Accessing User Information
Extract user information from the authenticated token.
Custom Token Validation
Custom Token Validation
Customize JWT token validation parameters for specific requirements.
Program.cs
Additional Resources
SDK Documentation
Complete SDK documentation and API reference
Migration Guide
Migrate from JWT Bearer authentication
Code Examples
Comprehensive code examples and patterns
DPoP Documentation
Learn about proof-of-possession security
Token Best Practices
Security best practices for tokens
Community Forum
Get help from the Auth0 community
Common Issues
Configuration values not found
Configuration values not found
Problem:
ArgumentNullException: Value cannot be null. (Parameter 'Domain') or similar.Solution: Ensure appsettings.json contains the Auth0 section with Domain and Audience values. Check that configuration is being read correctly:HTTPS certificate errors in development
HTTPS certificate errors in development
Problem: SSL/TLS certificate errors when running locally.Solution: Trust the development certificate:Or generate a new certificate:
Middleware order issues
Middleware order issues
Problem: Authentication not working despite correct configuration.Solution: Ensure middleware is in the correct order.
UseAuthentication() must come before UseAuthorization():Sample Application
A complete sample application demonstrating all features is available in the SDK repository.Playground Application
Includes public and protected endpoints, DPoP support, Swagger UI integration, and Postman collection