Installation

dotnet add package Authsignal.Server.Client

Initialization

using Authsignal;

var authsignal = new AuthsignalClient(secret: "YOUR_SECRET_KEY");

You can find your secret key in the Authsignal Portal.

You must specify the correct base URL for your tenant’s region.

RegionBase URL
US (Oregon)https://api.authsignal.com/v1
AU (Sydney)https://au.api.authsignal.com/v1
EU (Dublin)https://eu.api.authsignal.com/v1

For example, to set the base URL to use our AU region:

using Authsignal;

var authsignal = new AuthsignalClient(secret: "YOUR_SECRET_KEY", baseAddress: "https://au.api.authsignal.com/v1");

Track

Track lets you track actions performed by users and obtain a URL to perform challenges via the pre-built UI.

var request = new TrackRequest(
  UserId: "usr_123",
  Action: "signIn",
  RedirectUrl: "https://example.com/callback");

var response = await authsignal.Track(request);

if (response.State === UserActionState.CHALLENGE_REQUIRED) {
  // The user should be presented with a challenge
  // Redirect to URL
  var url = response.Url;
}

Arguments

Returns

ValidateChallenge

ValidateChallenge lets you validate the result of a challenge using the token which is obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow).

var request = new ValidateChallengeRequest(Token: token);

var response = await authsignal.ValidateChallenge(request);

When performing MFA for a user who has already been authenticated by a primary factor (e.g. username & password), it’s important to check the token belongs to that user. The validateChallenge method will do this check if you pass both the token and the userId.

Arguments

Returns

GetUser

GetUser retrieves a user and their MFA enrollment status.

var request = new UserRequest(UserId: "usr_123");

var response = await authsignal.GetUser(request);

if (response.IsEnrolled) {
  // The user has set up MFA and can be challenged
} else {
  // The user has either not set up MFA or they have disabled it
}

Arguments

Returns

GetAction

GetAction lets you determine the result of a challenge after the user has been redirected back from the Authsignal pre-built UI (or after the popup has been closed, if showing the page in a modal).

var request = new ActionRequest(
  UserId: "usr_123",
  Action: "signIn",
  IdempotencyKey: "ik_123");

var response = await authsignal.GetAction(request);

if (response.State === UserActionState.CHALLENGE_SUCCEEDED) {
  // The user successfully completed the challenge
}

Arguments

Returns

EnrollVerifiedAuthenticator

EnrollVerifiedAuthenticator can be used to enroll an authenticator on behalf of a user if it has already been verified.

var request = AuthenticatorRequest(
  UserId: userId,
  OobChannel: OobChannel.SMS,
  PhoneNumber: "+64270000000");

var response = await authsignal.EnrollVerifiedAuthenticator(request);

Arguments

Returns

Authenticator
object
RecoveryCodes
string[]