bitwarden / passwordless-dotnet

Bitwarden Passwordless.dev .NET SDK.
https://bitwarden.com/
Apache License 2.0
36 stars 11 forks source link
bitwarden dotnet dotnet-core

Passwordless .NET SDK

Build Coverage Version Downloads

The official Bitwarden Passwordless.dev .NET library, supporting .NET Standard 2.0+, .NET Core 2.0+, and .NET Framework 4.6.2+.

Install

See also

Integration packages:

Examples:

Usage

💡 See the full Getting started guide in the official documentation.

Resolve the client

Add Passwordless to your service container:

// In Program.cs or Startup.cs
services.AddPasswordlessSdk(options =>
{
    options.ApiSecret = "your_api_secret";
    options.ApiKey = "your_api_key";
});

Inject the client into your controller:

public class HomeController(IPasswordlessClient passwordlessClient) : Controller
{
    // ...
}

Register a passkey

Define an action or an endpoint to generate a registration token:

[HttpGet("/create-token")]
public async Task<IActionResult> GetRegisterToken(string alias)
{
    // Get existing userid from session or create a new user in your database
    var userId = Guid.NewGuid().ToString();

    // Provide the userid and an alias to link to this user
    var payload = new RegisterOptions(userId, alias)
    {
        // Optional: Link this userid to an alias (e.g. email)
        Aliases = [alias]
    };

    try
    {
        var tokenRegistration = await passwordlessClient.CreateRegisterTokenAsync(payload);

        // Return this token to the frontend
        return Ok(tokenRegistration);
    }
    catch (PasswordlessApiException e)
    {
        return new JsonResult(e.Details)
        {
            StatusCode = (int?)e.StatusCode,
        };
    }
}

Verify user

Define an action or an endpoint to verify an authentication token:

[HttpGet("/verify-signin")]
public async Task<IActionResult> VerifyAuthenticationToken(string token)
{
    try
    {
        var verifiedUser = await passwordlessClient.VerifyTokenAsync(token);

        // Sign the user in, set a cookie, etc
        return Ok(verifiedUser);
    }
    catch (PasswordlessApiException e)
    {
        return new JsonResult(e.Details)
        {
            StatusCode = (int?)e.StatusCode
        };
    }
}