Clerk.Net.AspNetCore.Security
1.0.0-beta.1
See the version list below for details.
dotnet add package Clerk.Net.AspNetCore.Security --version 1.0.0-beta.1
NuGet\Install-Package Clerk.Net.AspNetCore.Security -Version 1.0.0-beta.1
<PackageReference Include="Clerk.Net.AspNetCore.Security" Version="1.0.0-beta.1" />
paket add Clerk.Net.AspNetCore.Security --version 1.0.0-beta.1
#r "nuget: Clerk.Net.AspNetCore.Security, 1.0.0-beta.1"
// Install Clerk.Net.AspNetCore.Security as a Cake Addin #addin nuget:?package=Clerk.Net.AspNetCore.Security&version=1.0.0-beta.1&prerelease // Install Clerk.Net.AspNetCore.Security as a Cake Tool #tool nuget:?package=Clerk.Net.AspNetCore.Security&version=1.0.0-beta.1&prerelease
Clerk SDK for .NET
Packages
Clerk.Net: Clerk API Client generated with Kiota from Clerk's OpenAPI spec. Compatible with .NET 6+ and .NET Framework 4.7.2+.
Clerk.Net.DependencyInjection: Extensions to register the ClerkApiClient into your DI container. Compatible with .NET 6+.
Clerk.Net.AspNetCore.Security: Clerk Authentication support for ASP.NET Core. Compatible with .NET 8+.
These libraries are configured as native AoT compatible for .NET 8+ consumers.
Caution: As the Clerk OpenAPI spec is constantly changing, the core Clerk.Net library does not follow usual SemVer rules, with minor releases usually containing breaking changes. Major releases are only used for breaking changes at the framework level, not for codegen output.
Getting Started - Clerk API Client
Make sure to add your SecretKey to your application configuration, ideally via the dotnet secrets manager.
DI Container Configuration (ASP.NET Core & Worker Services)
- Install
Clerk.Net.DependencyInjectionfrom Nuget. - Add the following code to your service configuration:
builder.Services.AddClerkApiClient(config =>
{
config.SecretKey = builder.Configuration["Clerk:SecretKey"]!;
});
- Request the
ClerkApiClientin your services
public class MyBackgroundWorker : BackgroundService
{
private readonly ClerkApiClient _clerkApiClient;
public MyBackgroundWorker(ClerkApiClient clerkApiClient)
{
_clerkApiClient = clerkApiClient;
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
var invites = await _clerkApiClient.Organizations["org_abc1234"].Invitations.GetAsync(x =>
{
x.QueryParameters.Status = "pending";
});
}
}
Standalone Client
If you want to use the client by itself, install Clerk.Net and call ClerkApiClientFactory.Create, passing in your secret key.
The returned client should be treated as a singleton and created once for the lifetime of your application.
HttpClient Customization
If you need to configure the underlying HttpClient used by the client, you can do in one of two ways:
- Configure the
IHttpClientBuilderreturned byAddClerkApiClient. - Pass in a custom
HttpClientinstance toClerkApiClientFactory.Create
Rate Limiting
This package applies Kiota's default handlers which enables automated retries when hitting Clerk's rate limits. No additional configuration is required.
Testing
For unit testing, see Unit testing Kiota API clients.
Getting Stated - Authentication (Beta)
Note: This package is currently in Beta due to potential API changes before 1.0, but is safe to use in production applications.
You should have a new or existing ASP.NET Core application created before continuing.
- Install
Clerk.Net.AspNetCore.Securityto your project. - Call
AddClerkAuthenticationwithin your authentication builder, passing in anAuthority- the Frontend URI of your Clerk instance - and anAuthorizedParty- the Frontend URL of your application:
builder.Services.AddAuthentication(ClerkAuthenticationDefaults.AuthenticationScheme)
.AddClerkAuthentication(x =>
{
x.Authority = builder.Configuration["Clerk:Authority"]!;
x.AuthorizedParty = builder.Configuration["Clerk:AuthorizedParty"]!;
});
- Configure an Authorization policy to require authorization by default:
builder.Services.AddAuthorizationBuilder()
.SetFallbackPolicy(new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build());
This authentication middleware is compatible with both cross-origin & same-origin requests.
Inbound Clerk Webhooks
If you're accepting webhooks from Clerk, you will need to validate the incoming webhook signature. To do this, you'll need to install the Svix package:
dotnet add package Svix
Then, you can use the following code to validate the webhook signature:
[HttpPost("webhook")]
public async Task<IActionResult> ClerkWebhook(IConfiguration configuration)
{
// Retrieve the Clerk webhook secret from the configuration
var clerkWebhookSecret = configuration["Clerk:WebhookSecret"];
// Read the request body
var json = await new StreamReader(HttpContext.Request.Body).ReadToEndAsync();
// Retrieve the Svix headers
var svixId = Request.Headers["svix-id"].ToString();
var svixTimestamp = Request.Headers["svix-timestamp"].ToString();
var svixSignature = Request.Headers["svix-signature"].ToString();
if (string.IsNullOrEmpty(svixId) || string.IsNullOrEmpty(svixTimestamp) || string.IsNullOrEmpty(svixSignature))
{
return BadRequest("Missing headers");
}
// Attempt signature verification with the raw signature
var wh = new Webhook(clerkWebhookSecret);
WebHeaderCollection headers = new WebHeaderCollection
{
{ "svix-id", svixId },
{ "svix-timestamp", svixTimestamp },
{ "svix-signature", svixSignature }
};
Event webhookEvent;
try
{
wh.Verify(json, headers); // Verify doesn't return anything, just verifies the signature and throws if it's invalid
webhookEvent = JsonSerializer.Deserialize<Event>(json); // Deserialize the JSON into an Event object
}
catch (Svix.Exceptions.WebhookVerificationException ex)
{
return BadRequest("Invalid signature");
}
catch (Exception ex)
{
return BadRequest("An error occurred");
}
switch (webhookEvent.Type)
{
case "user.created":
// Handle user created event
break;
case "user.updated":
// Handle user updated event
break;
case "user.deleted":
// Handle user deleted event
break;
default:
return BadRequest("Unhandled event type");
}
return Ok();
}
// Define the Event class to represent the webhook event
public class Event
{
public string? Type { get; set; }
public ClerkUser? Data { get; set; }
}
public class ClerkUser
{
public string Id { get; set; }
public string? ExternalId { get; set; }
[JsonPropertyName("first_name")]
public string? FirstName { get; set; }
[JsonPropertyName("last_name")]
public string? LastName { get; set; }
[JsonPropertyName("email_addresses")]
public List<ClerkEmailAddress> EmailAddresses { get; set; } = new List<ClerkEmailAddress>();
}
public class ClerkEmailAddress
{
[JsonPropertyName("email_address")]
public string? EmailAddress { get; set; }
}
Disclaimer
I am not affiliated with nor represent Clerk. All support queries regarding the underlying service should go to Clerk Support.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
-
net8.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 8.0.13)
-
net9.0
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|---|---|
| 1.0.0 | 0 | 3/4/2025 |
| 1.0.0-beta.1 | 83 | 2/24/2025 |