Identity Validator
Current run evidence: 367/367 tests passed on net8.0, net9.0, and net10.0. The validated boundary is token validation and principal normalization. Supplemental refresh-token helpers remain backward-compatibility surface, not the core validated module boundary.
Multi-issuer JWT/OIDC validation for APIs that already receive bearer tokens. This module runs fully in your application process. It does not depend on a Primus-hosted login runtime and does not send tokens to Primus.
Use This Module When
- Your API already receives JWTs and only needs validation, claim normalization, and standard ASP.NET Core authentication integration.
- You need to accept tokens from one or more issuers such as Azure AD, Auth0, Okta, Cognito, Google, GitHub, or a local JWT issuer.
- You want validation to stay in-process with your own issuer configuration and keys.
Do Not Start Here If
- You need browser login UI, cookie sessions, or BFF flows. Start with Identity Broker.
- You need tenant resolution or authorization decisions. Add Multi-Tenancy and RBAC after authentication is working.
Start Here
| Goal | Start with |
|---|---|
| Get a minimal API working quickly | Quick Start |
| Choose the right provider and config shape | Provider Overview |
| Accept tokens from more than one issuer | Multi-Issuer Setup |
| Combine auth with Multi-Tenancy and RBAC | Combined .NET Integration |
Supported Providers
Azure AD / Entra ID
Enterprise-grade SSO with Microsoft identity platform.
Auth0
Flexible authentication for B2C and B2B applications.
Okta
Enterprise workforce identity management.
AWS Cognito
Scalable authentication for AWS-hosted apps.
Local JWT
HMAC-signed tokens for development and testing.
Social login and Google Workspace token validation.
GitHub Actions
OIDC workload identity for CI/CD and automation.
Multi-Issuer
Combine multiple providers in a single app.
Verified Surface
- Register the module with
builder.Services.AddPrimusIdentity(...). - Validate JWT/OIDC tokens from configured issuers.
- Normalize the authenticated principal into the standard ASP.NET Core pipeline.
- Use provider-specific helpers such as
UseAuth0,UseAzureAD,UseOkta,UseCognito,UseGoogle, andUseGitHub, or configure issuer entries directly.
For the provider-specific configuration reference, use Identity Validator Overview. That page is the canonical provider guide. This page is the module entry point.
Example Registration
builder.Services.AddPrimusIdentity(options =>
builder.Configuration.GetSection("PrimusIdentity").Bind(options));