GovUk.OneLogin.AspNetCore 0.4.2

.NET 6.0 This package targets .NET 6.0. The package is compatible with this framework or higher. 
dotnet add package GovUk.OneLogin.AspNetCore --version 0.4.2
                    


                    

                
NuGet\Install-Package GovUk.OneLogin.AspNetCore -Version 0.4.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="GovUk.OneLogin.AspNetCore" Version="0.4.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="GovUk.OneLogin.AspNetCore" Version="0.4.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="GovUk.OneLogin.AspNetCore" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add GovUk.OneLogin.AspNetCore --version 0.4.2
                    


                    

                
#r "nuget: GovUk.OneLogin.AspNetCore, 0.4.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package GovUk.OneLogin.AspNetCore@0.4.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=GovUk.OneLogin.AspNetCore&version=0.4.2
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=GovUk.OneLogin.AspNetCore&version=0.4.2
                    


                            Install as a Cake Tool

GOV.UK One Login for ASP.NET Core

This library contains extensions to ASP.NET Core's authentication system to integrate with GOV.UK One Login.

Installation

Install the GovUk.OneLogin.AspNetCore NuGet package

Configuration

using GovUk.OneLogin.AspNetCore;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthentication(defaultScheme: OneLoginDefaults.AuthenticationScheme)
    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddOneLogin(options =>
    {
        // Configure the authentication scheme to persist user information with;
        // typically this will be 'Cookies'.
        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

        // Configure the One Login environment.
        options.Environment = OneLoginEnvironments.Integration;

        // Configure your client information.
        // CallbackPath and SignedOutCallbackPath must align with the redirect_uris and post_logout_redirect_uris configured in One Login.
        options.ClientId = "YOUR_CLIENT_ID";
        options.CallbackPath = "/onelogin-callback";
        options.SignedOutCallbackPath = "/onelogin-logout-callback";

        // Configure the private key used for authentication.
        // See the RSA class' documentation for the various ways to do this.
        // Here we're loading a PEM-encoded private key from configuration.
        using (var rsa = RSA.Create())
        {
            rsa.ImportFromPem(builder.Configuration["OneLogin:PrivateKeyPem"]);
            options.ClientAuthenticationCredentials = new SigningCredentials(
                new RsaSecurityKey(rsa.ExportParameters(includePrivateParameters: true)), SecurityAlgorithms.RsaSha256);
        }

        // Configure vectors of trust.
        // See the One Login docs for the various options to use here.
        options.VectorsOfTrust = ["Cl"];

        // Override the cookie name prefixes (optional)
        options.CorrelationCookie.Name = "my-app-onelogin-correlation.";
        options.NonceCookie.Name = "my-app-onelogin-nonce.";
    });

JSON Web Key Set (JWKS)

If you intend to use a JWKS endpoint to share your public key with GOV.UK One Login, make sure you specify the KeyId of your signing certificate when you set the ClientAuthenticationCredentials. The key used must be present on your JWKS endpoint.

rsa.ImportFromPem(builder.Configuration["OneLogin:PrivateKeyPem"]);
options.ClientAuthenticationCredentials = new SigningCredentials(
    new RsaSecurityKey(rsa.ExportParameters(true))
        { KeyId = builder.Configuration["OneLogin:CertificateKeyId"] },
    SecurityAlgorithms.RsaSha256
);

Identity verification

If you're using One Login for identity verification you will need some additional configuration:

.AddOneLogin(options =>
{
    options.VectorsOfTrust = ["Cl.Cm.P2"];

    // Add the additional claims to authorization requests.
    options.Claims.Add(OneLoginClaimTypes.CoreIdentity);
})

Two stage authentication and ID verification

If you're using identity verification, One Login recommend sending two separate requests; one for authentication and one for identity. To do this you can override the VectorsOfTrust configured in OneLoginOptions on a per-request basis; an example is shown below.

public IActionResult SignIn()
{
    var properties = new AuthenticationProperties();
    properties.SetVectorsOfTrust(["Cl.Cm"]);  // authentication only
    //properties.SetVectorsOfTrust(["Cl.Cm.P2"]);  // identity verification
    return Challenge(properties, authenticationSchemes: OneLoginDefaults.AuthenticationScheme);
}

Retrieving user information

After the user is signed in, HttpContext.User will be populated with a ClaimsPrincipal containing all the claims returned from One Login.

Claim Description
sub The user's ID.
email The user's email address.
vot The authentication level.
sid The session identifier.

If identity verification was requested and identity verification was successful then a https://vocab.account.gov.uk/v1/coreIdentityJWT claim will also be present. Its value is JSON-encoded. See the One Login docs for more information on the data contained in this claim.

A set of extension methods over ClaimsPrincipal is provided for extracting the user's name and birth date from the core identity JWT - GetCoreIdentityName(), GetCoreIdentityNames(), GetCoreIdentityBirthDate() and GetCoreIdentityBirthDates().

Integrating with a database

You may want to add enrich the ClaimsPrincipal with information from your own database. Or, you may want to add users to a database when they sign in for the first time. One way to achieve this is to define your own Microsoft.AspNetCore.Authentication.IClaimsTransformation. An example is shown below that retrieves user information from a database using Entity Framework Core.

public class AddNameFromDbClaimsTransformation : IClaimsTransformation
{
    private readonly MyDbContext _dbContext;

    public AddNameFromDbClaimsTransformation(MyDbContext dbContext)
    {
        _dbContext = dbContext;
    }

    public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
    {
        if (principal.HasClaim(claim => claim.Type == "Name"))
        {
            // Already have a Name claim assigned.
            return;
        }

        // Lookup user in DB using One Login user ID
        var oneLoginId = principal.FindFirstValue("sub");
        var user = await _dbContext.Users.SingleAsync(user => user.OneLoginId == oneLoginId);

        // Create a new ClaimsIdentity, add claims and append to the existing principal
        var additionalIdentity = new ClaimsIdentity();
        additionalIdentity.AddClaim(new Claim("Name", user.Name));
        principal.AddIdentity(additionalIdentity);

        return principal;
    }
}

// In your Program.cs
builder.Services.AddTransient<AddNameFromDbClaimsTransformation, IClaimsTransformation>();
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.4.2 380 4/10/2026
0.4.1 80 4/9/2026
0.4.0 20,489 6/3/2025
0.3.1 24,282 3/21/2024
0.3.0 515 2/22/2024
0.2.1 560 2/14/2024
0.1.2 187 1/31/2024
0.1.1 735 1/24/2024