Standards-first integration
NexinID uses OpenID Connect, OAuth 2.0, discovery metadata, and documented REST API route families. Public SDK pages should point developers to stable protocol clients until package-specific guides are published.
OIDC clients
Use mature OIDC client libraries for Authorization Code with PKCE, discovery, token validation, and logout handling.
REST clients
Use generated or hand-authored REST clients against documented route families and tenant-aware authorization headers.
Nexin.SharedAuth
For .NET, the SDK is split into focused packages with runnable reference samples for the top-3 integration paths (below). Public-registry distribution is being finalized.
The .NET SDK and consumer profiles
For .NET apps, Nexin.SharedAuth wires NexinID authentication, tenant context, permission evaluation, and service-to-service clients. Choose the profile that matches how your app integrates — take only the packages that concern you.
OIDC sign-in (Authorization Code + PKCE)
User-facing web apps: cookie + OIDC wiring, tenant-context accessor, and permission policies. Add the core, context, and permissions packages.
JWT bearer validation
APIs that accept NexinID access tokens: JWT validation against the platform JWKS plus scope/permission checks. Core + permissions only — no EF Core dependency.
Client-credentials machine clients
Backend workers calling NexinID or other services: client-credentials token acquisition, bearer-token delegation, and API-version headers.
Catalog, installations, entitlements
Apps that publish or consume marketplace products: typed marketplace/licensing client over the service-client lane.
{
"NexAuth": {
"Mode": "NexIdentityServer",
"Web": {
"Authority": "https://identity.nexinid.com",
"ClientId": "your-app-web",
"ClientSecret": "__set-in-secret-store__",
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath": "/signout-callback-oidc"
}
}
}Nexin.SharedAuth is split into focused packages so a Protected API or Service Client consumer no longer pulls in EF Core or unused contracts. Take only the concern you need:
Nexin.SharedAuth— core schemes, claims, options, and OIDC web sign-inNexin.SharedAuth.Context— tenant-context accessor and claim helpersNexin.SharedAuth.Permissions— permission contracts and evaluation helpersNexin.SharedAuth.Authorization— JWT/API authentication, scope policies, and the runtime authorization clientNexin.SharedAuth.ServiceClient(+.Marketplace) — client-credentials and user-token-forwarding service clients, route helpersNexin.SharedAuth.Contracts— canonical request/response payloadsNexin.SharedAuth.LocalIdentity— the only package carrying EF Core / ASP.NET Identity UI
Runnable samples for the top integration paths
The SDK ships three runnable reference samples, each consuming only the focused packages it needs.
OIDC + PKCE sign-in
A web app that signs users in and reads the tenant context from the principal. Uses the core and context packages.
Client-credentials call
A backend worker that acquires a client-credentials token and calls a NexinID API. Uses the service-client package.
Activation + offline lease
A device activating against an entitlement seat and receiving a server-issued, device-bound offline lease. Uses the service-client and contracts packages.
Where SDK content connects
Use these routes for current implementation detail until package-specific examples are published.