{"id":27153961,"url":"https://github.com/liteobject/demo.auth0","last_synced_at":"2026-05-16T00:39:36.089Z","repository":{"id":283725382,"uuid":"952561096","full_name":"LiteObject/Demo.Auth0","owner":"LiteObject","description":"A .NET Web API demo showcasing Auth0 authentication and authorization.","archived":false,"fork":false,"pushed_at":"2025-03-24T15:57:21.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-08T16:19:15.495Z","etag":null,"topics":["api","auth0","authentication","authorization","csharp","oauth2"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LiteObject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-21T13:40:25.000Z","updated_at":"2025-03-24T15:57:24.000Z","dependencies_parsed_at":"2025-03-21T20:34:45.961Z","dependency_job_id":null,"html_url":"https://github.com/LiteObject/Demo.Auth0","commit_stats":null,"previous_names":["liteobject/demo.auth0"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/LiteObject/Demo.Auth0","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LiteObject%2FDemo.Auth0","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LiteObject%2FDemo.Auth0/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LiteObject%2FDemo.Auth0/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LiteObject%2FDemo.Auth0/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LiteObject","download_url":"https://codeload.github.com/LiteObject/Demo.Auth0/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LiteObject%2FDemo.Auth0/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263437327,"owners_count":23466363,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","auth0","authentication","authorization","csharp","oauth2"],"created_at":"2025-04-08T16:19:18.117Z","updated_at":"2025-10-26T18:02:14.407Z","avatar_url":"https://github.com/LiteObject.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# .NET Web API demo showcasing Auth0 authentication and authorization\n\n### Auth0: Applications vs. APIs\n\n| Feature                  | **Applications (Clients)**         | **APIs**                       |\n|--------------------------|-------------------------------------|----------------------------------|\n| **Purpose**               | Authenticate users                  | Protect and expose backend resources |\n| **Entity**                | Front-end/back-end client           | Backend service/API              |\n| **Token Handling**         | Requests access/ID tokens           | Validates access tokens          |\n| **Authentication**         | Manages user login and identity     | Does not authenticate users      |\n| **Authorization**         | Requests tokens with specific scopes | Validates token and checks scopes |\n| **Token Type**             | Access/ID tokens                   | Access tokens                    |\n| **Examples**               | Web app, mobile app, M2M client    | REST API, GraphQL API            |\n| **Common Flows/Grants**     | Authorization Code, PKCE, Implicit, Client Credentials | Validates client and user permissions |\n| **Scopes Assignment**      | Requests specific scopes            | Defines allowed scopes           |\n| **Audience (audience)**    | Does not define audience            | Defines audience for token requests |\n| **Token Usage**            | Uses token to access APIs           | Validates token to allow/deny requests |\n| **Allowed Grant Types**     | Configured in Application Settings  | Checked while validating token   |\n| **Communication Flow**     | Sends token to API                  | Validates token and responds     |\n| **Client Credentials**     | Used for machine-to-machine (M2M)  | Verifies scopes and permissions  |\n| **Domain/Endpoint**         | Typically `https://your-app.com`   | Typically `https://your-api.com` |\n| **When to Use**            | For web, mobile, or backend apps    | To protect and expose APIs       |\n\n\n### Scope vs Permission\nThere is a subtle but important difference between **scopes** and \n**permissions** in Auth0, although they are closely related and often \nused together. Here's a breakdown:\n\n| Feature       | Permissions                              | Scopes                                      |\n|---------------|------------------------------------------|---------------------------------------------|\n| Definition    | Defined by the API (Resource Server)     | Defined by the Authorization Server (Auth0) |\n| Representation| Specific actions (e.g., read:profile)    | Collections of permissions or access levels |\n| Requestor     | Granted to users/applications            | Requested by the client application         |\n| Purpose       | Authorization (what the user/app can do) | Requesting access (what the app wants)      |\n| Token Claim   | permissions                              | scope                                       |\n\nScopes are what the client asks for, and permissions are what the client is ultimately granted (and what the \nAPI uses for authorization). The mapping between scopes and permissions is configured in Auth0. Using permissions \ndirectly in your application is generally considered best practice. Scopes are often used as a more abstract \nway to request access, with the actual permissions being determined by the authorization server.\n\n### Since I can create policies in the `Program.cs` file, why would I need to implement IAuthorizationService?\n\nCreating policies in the `Program.cs` file is a straightforward way to define and apply authorization rules based \non claims, roles, or custom requirements. However, there are scenarios where using the `IAuthorizationService` \ninterface can provide additional flexibility and control over the authorization process.\n\n#### When to Use IAuthorizationService\n- Complex Authorization Logic\n- Dynamic Authorization\n- Custom Authorization Handlers\n- Granular Control","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliteobject%2Fdemo.auth0","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fliteobject%2Fdemo.auth0","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliteobject%2Fdemo.auth0/lists"}