C#
Installation
dotnet add package Authsignal.Server.Client
Initialization
using Authsignal;
var authsignal = new AuthsignalClient(secret: "YOUR_SECRET_KEY");
You can find your secret key in the Authsignal Portal.
You must specify the correct base URL for your tenant's region.
| Region | Base URL |
|---|---|
| US (Oregon) | https://api.authsignal.com/v1 |
| AU (Sydney) | https://au.api.authsignal.com/v1 |
| EU (Dublin) | https://eu.api.authsignal.com/v1 |
For example, to set the base URL to use our AU region:
using Authsignal;
var authsignal = new AuthsignalClient(secret: "YOUR_SECRET_KEY", baseAddress: "https://au.api.authsignal.com/v1");
Track
Track lets you track actions performed by users and obtain a URL to perform challenges via the pre-built UI.
var request = new TrackRequest(
UserId: "usr_123",
Action: "signIn",
RedirectUrl: "https://example.com/callback");
var response = await authsignal.Track(request);
if (response.State === UserActionState.CHALLENGE_REQUIRED) {
// The user should be presented with a challenge
// Redirect to URL
var url = response.Url;
}
Arguments
Refer to the Server API's Track action request object.
Returns
Refer to the Server API's Track action response object.
ValidateChallenge
ValidateChallenge lets you validate the result of a challenge using the token which is obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow).
var request = new ValidateChallengeRequest(Token: token);
var response = await authsignal.ValidateChallenge(request);
When performing MFA for a user who has already been authenticated by a primary factor (e.g. username & password), it's important to check the token belongs to that user. The validateChallenge method will do this check if you pass both the token and the userId.
Arguments
| Name | Type | Description |
|---|---|---|
Token | string | The token obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow). |
UserId | string | (Optional) The ID of the user. Only pass this if doing step-up auth on an existing user session (i.e. not for login). |
Returns
| Name | Type | Description |
|---|---|---|
IsValid | bool | True if the challenge was completed successfully. |
State | UserActionState | The state of the action associated with the challenge. Possible values are CHALLENGE_REQUIRED, CHALLENGE_SUCCEEDED, CHALLENGE_FAILED, ALLOW, or BLOCK. |
UserId | string | The ID of the user. |
GetUser
GetUser retrieves a user and their MFA enrollment status.
var request = new UserRequest(UserId: "usr_123");
var response = await authsignal.GetUser(request);
if (response.IsEnrolled) {
// The user has set up MFA and can be challenged
} else {
// The user has either not set up MFA or they have disabled it
}
Arguments
Refer to the Server API's Retrieve user request object.
Returns
Refer to the Server API's Retrieve user response object.
GetAction
GetAction lets you determine the result of a challenge after the user has been redirected back from the Authsignal pre-built UI (or after the popup has been closed, if showing the page in a modal).
var request = new ActionRequest(
UserId: "usr_123",
Action: "signIn",
IdempotencyKey: "ik_123");
var response = await authsignal.GetAction(request);
if (response.State === UserActionState.CHALLENGE_SUCCEEDED) {
// The user successfully completed the challenge
}
Arguments
Refer to the Server API's Get action status request object.
Returns
Refer to the Server API's Get action status response object.
EnrollVerifiedAuthenticator
EnrollVerifiedAuthenticator can be used to enroll an authenticator on behalf of a user if it has already been verified.
var request = AuthenticatorRequest(
UserId: userId,
OobChannel: OobChannel.SMS,
PhoneNumber: "+64270000000");
var response = await authsignal.EnrollVerifiedAuthenticator(request);
Arguments
Refer to the Server API's Enroll verified authenticator request object.
Returns
Refer to the Server API's Enroll verified authenticator response object.