Zitadel 5.3.3
See the version list below for details.
dotnet add package Zitadel --version 5.3.3
NuGet\Install-Package Zitadel -Version 5.3.3
<PackageReference Include="Zitadel" Version="5.3.3" />
paket add Zitadel --version 5.3.3
#r "nuget: Zitadel, 5.3.3"
// Install Zitadel as a Cake Addin #addin nuget:?package=Zitadel&version=5.3.3 // Install Zitadel as a Cake Tool #tool nuget:?package=Zitadel&version=5.3.3
ZITADEL
The ZITADEL.net library is a collection of tools for building web applications. It supports easy access to the ZITADEL API as well as authentication handlers for .NET web applications and web APIs.
Credentials
There are three credentials that help with the access to ZITADEL:
- "Application": used in web APIs to authenticate the relying party
- "BasicAuthentication": creating normal basic auth credentials
- "ServiceAccount": loads a service account json and authenticates against ZITADEL
The application supports creating a signed JWT token on behalf of the application:
var application = Application.LoadFromJsonString(
@"{
""type"": ""application"",
""keyId"": ""keyid"",
""key"": ""RSA KEY"",
""appId"": ""appid"",
""clientId"": ""client id""
}");
var jwt = await application.GetSignedJwtAsync("issuer");
The service account allows you to load a service account json and authenticate against ZITADEL to fetch a valid access token:
var serviceAccount = ServiceAccount.LoadFromJsonString(
@"
{
""type"": ""serviceaccount"",
""keyId"": ""key id"",
""key"": ""RSA KEY"",
""userId"": ""user id""
}");
var token = await serviceAccount.AuthenticateAsync();
Accessing the ZITADEL API
ZITADEL.gRPC provides the compiled proto files. The ZITADEL library provides helper functions to create the three types of "clients":
AuthClient
AdminClient
ManagementClient
The ZITADEL docs describe the gRPC calls and how to use them.
As an example, one may use the AuthClient
to fetch the user information.
With a personal access token of a service account
const string apiUrl = "https://zitadel-libraries-l8boqa.zitadel.cloud";
const string personalAccessToken = "TOKEN";
var client = Clients.AuthService(new(apiUrl, ITokenProvider.Static(personalAccessToken)));
var result = await client.GetMyUserAsync(new());
Console.WriteLine($"User: {result.User}");
With a service account JWT profile
const string apiProject = "PROJECT ID";
var serviceAccount = ServiceAccount.LoadFromJsonString(
@"{
""type"": ""serviceaccount"",
""keyId"": ""key id"",
""key"": ""RSA KEY"",
""userId"": ""user id""
}");
client = Clients.AuthService(
new(
apiUrl,
ITokenProvider.ServiceAccount(
apiUrl,
serviceAccount,
new(){ ApiAccess = true })));
result = await client.GetMyUserAsync(new());
Console.WriteLine($"User: {result.User}");
Authentication in Web Apps
To authenticate ASP.NET web applications, use the AddZitadel()
extension
method on the IAuthenticationBuilder
. You will need an application
on a ZITADEL instance and a client ID.
// -- snip --
builder.Services
.AddAuthorization()
.AddAuthentication(ZitadelDefaults.AuthenticationScheme)
.AddZitadel(
o =>
{
o.Authority = "https://zitadel-libraries-l8boqa.zitadel.cloud/";
o.ClientId = "170088295403946241@library";
o.SignInScheme = IdentityConstants.ExternalScheme;
})
.AddExternalCookie()
.Configure(
o =>
{
o.Cookie.HttpOnly = true;
o.Cookie.IsEssential = true;
o.Cookie.SameSite = SameSiteMode.None;
o.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
// -- snip --
The example above allows an ASP.NET web application to authenticate against ZITADEL and use the external cookie scheme to store the access token in a secure cookie.
Authentication in Web APIs
Authenticating web APIs is similar to authenticating web apps. In contrast to a web application, the web API cannot hold a user session with an external application cookie. Instead, web APIs use the introspection endpoint of ZITADEL to fetch information about the presented access token (be it JWT or opaque token). The authentication mechanism is based on the OAuth2Introspection package of "IdentityModel".
In ZITADEL you may use two different authentication methods:
- Basic Auth
- JWT Profile
With basic auth, you need to use client_id
and client_secret
, and
with JWT profile, a special json is generated for you, that is required
to authenticate the web API against ZITADEL.
builder.Services
.AddAuthorization()
.AddAuthentication()
.AddZitadelIntrospection(
o =>
{
o.Authority = "https://zitadel-libraries-l8boqa.zitadel.cloud/";
o.ClientId = "170102032621961473@library";
o.ClientSecret = "KNkKW8nx3rlEKOeHNUcPx80tZTP1uZTjJESfdA3kMEK7urhX3ChFukTMQrtjvG70";
});
The code above uses basic authentication. You need to be sure that your API application in ZITADEL is configured to use basic authentication.
Below, a JWT profile (application credential) is used to authenticate the web API. Note that the client id is no longer required. Using JWT profile is the recommended way to authenticate web APIs.
builder.Services
.AddAuthorization()
.AddAuthentication()
.AddZitadelIntrospection(
o =>
{
o.Authority = "https://zitadel-libraries-l8boqa.zitadel.cloud";
o.JwtProfile = Application.LoadFromJsonString("YOUR APPLICATION JSON");
});
Caching
The OAuth2Introspection
supports caching of the access token for a configured amount of time. This reduces the load on
the issuer and allows faster requests for the same token. To enable caching, you need to configure
caching in the options of AddZitadelIntrospection
and add an implementation of IDistributedCache
.
Faking / Mocking local Authentication
To enable local development or testing without a real world ZITADEL instance, you may use the mocked authentication. It simply adds all provided claims to the constructed identity and lets all calls pass as "authenticated".
You may send a request with two special headers to overwrite the behaviour per request:
x-zitadel-fake-auth
: If this header is set to "false", the request will return as "unauthenticated"x-zitadel-fake-user-id
: If this header is set, the value of the header will be user as user ID.
To enable the fake authentication, simply use the AddZitadelFake
extension method:
builder.Services
.AddAuthorization()
.AddAuthentication()
.AddZitadelFake(o =>
{
o.FakeZitadelId = "1337";
});
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- BouncyCastle.Cryptography (>= 2.2.1)
- IdentityModel.AspNetCore.OAuth2Introspection (>= 6.2.0)
- jose-jwt (>= 4.1.0)
- Microsoft.AspNetCore.Authentication (>= 2.2.0)
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 6.0.26)
- Microsoft.AspNetCore.Authentication.OpenIdConnect (>= 6.0.26)
- Zitadel.gRPC (>= 5.3.3)
-
net7.0
- BouncyCastle.Cryptography (>= 2.2.1)
- IdentityModel.AspNetCore.OAuth2Introspection (>= 6.2.0)
- jose-jwt (>= 4.1.0)
- Microsoft.AspNetCore.Authentication (>= 2.2.0)
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 7.0.15)
- Microsoft.AspNetCore.Authentication.OpenIdConnect (>= 7.0.15)
- Zitadel.gRPC (>= 5.3.3)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Zitadel:
Package | Downloads |
---|---|
Zitadel.Api
The API library for Zitadel. Implemented with gRPC, it allows access to the API of any Zitadel instance (default: https://api.zitadel.ch). |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
7.0.3 | 123 | 11/21/2024 |
7.0.2 | 694 | 11/13/2024 |
7.0.1 | 405 | 11/8/2024 |
7.0.0 | 1,115 | 10/28/2024 |
6.2.0 | 421 | 10/28/2024 |
6.1.4 | 99 | 10/28/2024 |
6.1.3 | 93 | 10/28/2024 |
6.1.2 | 44,421 | 1/31/2024 |
6.1.1 | 285 | 1/26/2024 |
6.1.0 | 693 | 1/26/2024 |
6.0.0 | 500 | 1/24/2024 |
5.3.3 | 6,187 | 1/10/2024 |
5.3.2 | 683 | 1/9/2024 |
5.3.1 | 1,964 | 1/3/2024 |
5.3.0 | 2,906 | 12/19/2023 |
5.2.26 | 12,864 | 10/4/2023 |
5.2.25 | 5,261 | 9/13/2023 |
5.2.24 | 721 | 9/8/2023 |
5.2.23 | 452 | 9/7/2023 |
5.2.22 | 393 | 9/7/2023 |
5.2.21 | 1,353 | 8/25/2023 |
5.2.20 | 1,764 | 8/19/2023 |
5.2.19 | 1,243 | 8/11/2023 |
5.2.18 | 994 | 8/9/2023 |
5.2.17 | 421 | 8/8/2023 |
5.2.16 | 2,083 | 7/17/2023 |
5.2.15 | 460 | 7/17/2023 |
5.2.14 | 612 | 7/11/2023 |
5.2.13 | 1,278 | 7/7/2023 |
5.2.12 | 526 | 7/5/2023 |
5.2.11 | 973 | 6/24/2023 |
5.2.10 | 449 | 6/23/2023 |
5.2.9 | 619 | 6/18/2023 |
5.2.8 | 7,092 | 5/27/2023 |
5.2.7 | 699 | 5/17/2023 |
5.2.6 | 588 | 5/9/2023 |
5.2.5 | 541 | 5/6/2023 |
5.2.4 | 525 | 5/5/2023 |
5.2.3 | 3,463 | 4/27/2023 |
5.2.2 | 616 | 4/22/2023 |
5.2.1 | 553 | 4/17/2023 |
5.2.0 | 687 | 4/14/2023 |
5.2.0-prerelease.3 | 84 | 4/14/2023 |
5.2.0-prerelease.2 | 83 | 4/14/2023 |
5.2.0-prerelease.1 | 88 | 4/13/2023 |
5.1.1 | 486 | 4/14/2023 |
5.1.0 | 503 | 4/13/2023 |
5.0.32 | 506 | 4/13/2023 |
5.0.31 | 468 | 4/12/2023 |
5.0.30 | 860 | 3/31/2023 |
5.0.29 | 567 | 3/26/2023 |
5.0.28 | 1,408 | 3/16/2023 |
5.0.27 | 583 | 3/15/2023 |
5.0.26 | 695 | 3/8/2023 |
5.0.25 | 946 | 3/3/2023 |
5.0.24 | 639 | 2/17/2023 |
5.0.23 | 554 | 2/16/2023 |
5.0.22 | 560 | 2/15/2023 |
5.0.21 | 583 | 2/15/2023 |
5.0.20 | 600 | 2/14/2023 |
5.0.19 | 619 | 2/10/2023 |
5.0.18 | 559 | 2/9/2023 |
5.0.17 | 582 | 2/8/2023 |
5.0.16 | 1,777 | 1/12/2023 |
5.0.15 | 600 | 1/11/2023 |
5.0.14 | 777 | 1/3/2023 |
5.0.13 | 690 | 12/16/2022 |
5.0.12 | 673 | 12/14/2022 |
5.0.11 | 640 | 12/8/2022 |
5.0.10 | 601 | 12/8/2022 |
5.0.9 | 692 | 12/3/2022 |
5.0.8 | 649 | 12/1/2022 |
5.0.7 | 821 | 11/18/2022 |
5.0.6 | 718 | 11/8/2022 |
5.0.5 | 769 | 10/27/2022 |
5.0.4 | 735 | 10/19/2022 |
5.0.3 | 739 | 10/17/2022 |
5.0.2 | 1,274 | 10/12/2022 |
5.0.1 | 724 | 10/6/2022 |
5.0.0 | 707 | 10/6/2022 |
4.0.12 | 750 | 9/30/2022 |
4.0.11 | 736 | 9/28/2022 |
4.0.10 | 764 | 9/27/2022 |
4.0.9 | 829 | 9/14/2022 |
4.0.8 | 834 | 9/2/2022 |
4.0.7 | 864 | 8/25/2022 |
4.0.6 | 762 | 8/19/2022 |
4.0.5 | 753 | 8/17/2022 |
4.0.4 | 754 | 8/10/2022 |
4.0.3 | 977 | 7/26/2022 |
4.0.2 | 857 | 7/22/2022 |
4.0.1 | 825 | 7/18/2022 |
4.0.0 | 799 | 7/18/2022 |
3.4.7 | 2,352 | 4/22/2022 |
3.4.6 | 1,027 | 4/20/2022 |
3.4.5 | 1,051 | 4/12/2022 |
3.4.4 | 1,045 | 4/1/2022 |
3.4.3 | 1,034 | 3/22/2022 |
3.4.2 | 1,077 | 3/8/2022 |
3.4.1 | 1,273 | 2/23/2022 |
3.4.0 | 981 | 2/23/2022 |
3.3.12 | 1,408 | 11/19/2021 |
3.3.11 | 1,038 | 11/8/2021 |
3.3.10 | 986 | 10/29/2021 |
3.3.9 | 950 | 10/26/2021 |
3.3.8 | 993 | 10/20/2021 |
3.3.7 | 997 | 10/19/2021 |
3.3.6 | 980 | 10/12/2021 |
3.3.5 | 1,005 | 10/11/2021 |
3.3.4 | 952 | 10/5/2021 |
3.3.3 | 1,014 | 9/30/2021 |
3.3.2 | 1,001 | 9/15/2021 |
3.3.1 | 935 | 9/14/2021 |
3.3.0 | 1,075 | 9/8/2021 |
3.2.3 | 948 | 9/7/2021 |
3.2.2 | 985 | 8/18/2021 |
3.2.1 | 958 | 8/13/2021 |
3.2.0 | 961 | 8/4/2021 |
3.1.8 | 1,091 | 6/22/2021 |
3.1.7 | 946 | 6/11/2021 |
3.1.6 | 2,873 | 6/8/2021 |
3.1.5 | 1,006 | 5/26/2021 |
3.1.4 | 874 | 5/25/2021 |
3.1.3 | 881 | 5/24/2021 |
3.1.2 | 908 | 5/13/2021 |
3.1.1 | 891 | 5/11/2021 |
3.1.0 | 946 | 5/7/2021 |
3.0.3 | 923 | 5/7/2021 |
3.0.2 | 971 | 5/1/2021 |
3.0.1 | 898 | 4/21/2021 |
3.0.0 | 902 | 4/16/2021 |
2.2.6 | 987 | 4/13/2021 |
2.2.5 | 921 | 4/9/2021 |
2.2.4 | 968 | 4/8/2021 |
2.2.3 | 983 | 4/6/2021 |
2.2.2 | 860 | 4/2/2021 |
2.2.1 | 917 | 4/1/2021 |
2.2.0 | 875 | 3/30/2021 |
2.1.2 | 1,003 | 3/25/2021 |
2.1.1 | 875 | 3/25/2021 |
2.1.0 | 675 | 3/25/2021 |
2.0.0 | 768 | 3/8/2021 |
1.2.0 | 1,031 | 1/14/2021 |
1.1.0 | 775 | 1/11/2021 |
1.0.0 | 887 | 12/18/2020 |
'## [5.3.3](https://github.com/smartive/zitadel-net/compare/v5.3.2...v5.3.3) (2024-01-10)
### Bug Fixes
* **deps:** update dependency google.protobuf to v3.25.2 ([8e83d83](https://github.com/smartive/zitadel-net/commit/8e83d8372532554013fa543d13882f4da4d64304))
'