Skip to content

Release 1.0.0-beta.6#66

Merged
kailash-b merged 1 commit into
masterfrom
release/1.0.0-beta.6
May 21, 2026
Merged

Release 1.0.0-beta.6#66
kailash-b merged 1 commit into
masterfrom
release/1.0.0-beta.6

Conversation

@kailash-b
Copy link
Copy Markdown
Contributor

@kailash-b kailash-b commented May 21, 2026
edited
Loading

Breaking Changes

1. Auth0ApiOptions.JwtBearerOptions removed — use Audience instead

Auth0ApiOptions no longer exposes a JwtBearerOptions property. The Audience value is now a
first-class property on Auth0ApiOptions.

// Before
builder.Services.AddAuth0ApiAuthentication(options =>
{
    options.Domain = "tenant.auth0.com";
    options.JwtBearerOptions = new JwtBearerOptions { Audience = "https://your-api" };
});

// After
builder.Services.AddAuth0ApiAuthentication(options =>
{
    options.Domain = "tenant.auth0.com";
    options.Audience = "https://your-api";
});

2. AddAuth0ApiAuthentication(...) signature changed — JWT customization moved to a separate callback

Any additional JwtBearerOptions customization that previously lived inside Auth0ApiOptions
must now be passed as an optional second argument (configureJwtBearer).

// Before
builder.Services.AddAuth0ApiAuthentication(options =>
{
    options.Domain = "tenant.auth0.com";
    options.JwtBearerOptions = new JwtBearerOptions
    {
        Audience = "https://your-api",
        TokenValidationParameters = new TokenValidationParameters { ... }
    };
});

// After
builder.Services.AddAuth0ApiAuthentication(
    options =>
    {
        options.Domain = "tenant.auth0.com";
        options.Audience = "https://your-api";
    },
    configureJwtBearer: jwtOptions =>
    {
        jwtOptions.TokenValidationParameters = new TokenValidationParameters { ... };
    });

The recommended registration now also supports direct IConfigurationSection binding:

// Recommended — binds Domain and Audience from appsettings.json
builder.Services.AddAuth0ApiAuthentication(builder.Configuration.GetSection("Auth0"));

3. WithDPoP(...) no longer accepts an authentication scheme parameter

DPoP is now automatically scoped to the scheme of the Auth0ApiAuthenticationBuilder it is
chained from. Remove any scheme argument passed to WithDPoP.

// Before
builder.Services.AddAuth0ApiAuthentication(...).WithDPoP("Bearer");

// After
builder.Services.AddAuth0ApiAuthentication(...).WithDPoP();

4. Stricter startup validation — app will fail to start for invalid configuration

The SDK now validates configuration at startup and throws if any of the following are detected:

Condition Error
Domain is missing or empty OptionsValidationException
No audience configured (neither Audience nor JwtBearerOptions.ValidAudiences) OptionsValidationException
Domain contains a scheme, path, port, or query string (e.g. https://tenant.auth0.com) OptionsValidationException
JwtBearerOptions.EventsType is set OptionsValidationException — use Events instead

Added

  • Support for binding Auth0ApiOptions directly from IConfigurationSection (e.g. appsettings.json, environment variables) #59
  • New AddAuth0ApiAuthentication(IConfigurationSection, ...) overloads on both IServiceCollection and AuthenticationBuilder
  • Startup validation with fast-fail error messages for misconfigured domains, missing audience, and unsupported EventsType usage

Security

Dependency upgrades #65, #58:

Package From To
Microsoft.AspNetCore.Authentication.JwtBearer 8.0.25 8.0.27
Microsoft.Extensions.Logging.Abstractions 10.0.5 10.0.8
Dev / CI-only dependency updates
Package From To
Microsoft.NET.Test.Sdk 18.3.0 18.5.1
Microsoft.SourceLink.GitHub 10.0.201 10.0.300
coverlet.collector 8.0.1 10.0.1
codecov/codecov-action 6.0.0 6.0.1
actions/upload-pages-artifact 4 5

@kailash-b kailash-b requested a review from a team as a code owner May 21, 2026 10:10
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 21, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.53%. Comparing base (2bcebc2) to head (7f9fb77).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master      #66   +/-   ##
=======================================
  Coverage   92.53%   92.53%           
=======================================
  Files          29       29           
  Lines        1433     1433           
  Branches      164      164           
=======================================
  Hits         1326     1326           
  Misses         76       76           
  Partials       31       31

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@kailash-b kailash-b force-pushed the release/1.0.0-beta.6 branch from 764994e to 7f9fb77 Compare May 21, 2026 10:13
@kailash-b kailash-b merged commit 1c1461d into master May 21, 2026
3 checks passed
@kailash-b kailash-b deleted the release/1.0.0-beta.6 branch May 21, 2026 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanya732 tanya732 tanya732 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kailash-b @codecov-commenter @tanya732