.NET SDK

Integrate Signward authentication into ASP.NET Core apps with the Signward.IdServer.Client NuGet package.

The official .NET SDK wraps the OIDC discovery flow, JWT validation, and token forwarding into a single AddIdServerAuth() extension. Works with ASP.NET Core 8, 9, and 10.

Install

Install via the .NET CLI:

dotnet add package Signward.IdServer.Client

Or PackageReference in your .csproj:

<PackageReference Include="Signward.IdServer.Client" Version="1.0.0" />

For a server-rendered MVC or Razor Pages app that signs users in:

using IdServer.Client.Middleware;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddIdServerAuth(o =>
{
    o.Authority = "https://api.signward.com";
    o.ClientId = "YOUR_CLIENT_ID";
    o.ClientSecret = "YOUR_CLIENT_SECRET";
    o.Scopes = "openid profile email roles";
});

var app = builder.Build();
app.UseIdServerAuth();
app.MapRazorPages();
app.Run();

The middleware wires up:

A cookie authentication scheme (default)
OpenID Connect challenge scheme (redirects to Signward on 401)
/Account/Login and /Account/Logout handler routes

Configure — API (JWT bearer)

For a REST API that only validates incoming bearer tokens (no cookies, no redirect):

builder.Services.AddIdServerAuth(o =>
{
    o.Authority = "https://api.signward.com";
    o.Audience = "your-api-audience";
    o.UseCookieAuth = false;
});

JWT validation is automatic: issuer, audience, signature (JWKS), and expiration are all enforced.

Protect an endpoint

Use the standard [Authorize] attribute, or the SDK-provided role-aware shortcut:

[ApiController]
[Route("api/reports")]
public class ReportsController : ControllerBase
{
    [HttpGet]
    [IdServerAuthorize("admin", "owner")]
    public IActionResult List() => Ok(new { reports = new[] { "Q1", "Q2" } });
}

IdServerAuthorize accepts both built-in roles (admin, owner, user) and custom roles defined per-tenant in the Portal.

Read the current user

The SDK exposes IdServerUser extensions on ClaimsPrincipal:

app.MapGet("/me", (ClaimsPrincipal user) => new
{
    userId = user.GetUserId(),
    email = user.GetEmail(),
    tenantId = user.GetTenantId(),
    isAdmin = user.HasRole("admin")
});

Forward tokens to downstream APIs

Inject IdServerTokenHandler into any named HttpClient and the user's bearer token is forwarded automatically:

builder.Services.AddHttpClient("reports-api", c => c.BaseAddress = new Uri("https://reports.myapp.com"))
    .AddHttpMessageHandler<IdServerTokenHandler>();

Next steps

Protect a Web API — end-to-end tutorial
Python SDK — FastAPI and Flask integration
JavaScript / TypeScript SDK — Node.js, Express, and the browser
PHP / Laravel SDK — Laravel middleware + any PHP app