ASP.NET Core (OpenID Connect)
See the Applications overview for prerequisites, configuration endpoints, and available scopes.
ASP.NET Core includes built-in OpenID Connect middleware. Key configuration:
- Requires .NET 10.0 or later with
Microsoft.AspNetCore.Authentication.OpenIdConnect - Enable PKCE with
options.UsePkce = true - Set
GetClaimsFromUserInfoEndpoint = trueandSaveTokens = true - The hardware attestation claim (
hardware_verified) is in the access token JWT — decode withJsonDocument.Parse()after base64url decoding with padding adjustment
Example
web/aspnet-core — Complete working example with OIDC middleware, PKCE, and hardware claim extraction.