> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> This tutorial demonstrates how to add authorization to an ASP.NET OWIN API using the standard JWT middleware.

# Add Authorization to Your ASP.NET OWIN Web API Application

export const LoggedInForm = ({sampleApp}) => {
  const LS_APPS_KEY = "auth_demo_apps";
  const LS_APP_CFG_KEY = "auth_demo_app_cfg";
  const CHANNEL = "auth_flows_sync_v1";
  const mkChannel = () => new BroadcastChannel(CHANNEL);
  function uid() {
    return Math.random().toString(36).slice(2) + Date.now().toString(36);
  }
  function loadApps() {
    const raw = localStorage.getItem(LS_APPS_KEY);
    if (raw) return JSON.parse(raw);
    const seeded = [{
      id: "mz9iNEIo2PHu7oeh8QRt19ndTyyCIgai",
      name: "Default App"
    }];
    localStorage.setItem(LS_APPS_KEY, JSON.stringify(seeded));
    return seeded;
  }
  function saveApps(apps) {
    localStorage.setItem(LS_APPS_KEY, JSON.stringify(apps));
  }
  function loadCfg() {
    const raw = localStorage.getItem(LS_APP_CFG_KEY);
    return raw ? JSON.parse(raw) : {};
  }
  function saveCfg(cfg) {
    localStorage.setItem(LS_APP_CFG_KEY, JSON.stringify(cfg));
  }
  const RightChevron = ({className = "w-5 h-5", ...props}) => <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" className={className} {...props}>
      <polyline points="9 18 15 12 9 6" />
    </svg>;
  const LightningIcon = () => <svg width="24" height="24" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
      <path fillRule="evenodd" clipRule="evenodd" className="fill-[#3F59E4] dark:fill-[#99A7F1]" d="M24.971 30.152H7.088c-1.786 0-2.745-2.103-1.574-3.453l19.07-21.988c1.33-1.532 3.835-.4 3.569 1.607L24.97 30.152z" />
      <path fillRule="evenodd" clipRule="evenodd" className="fill-[#3F59E4] dark:fill-[#99A7F1]" d="M23.201 17.885h17.885c1.787 0 2.746 2.102 1.575 3.453l-19.073 21.99c-1.33 1.532-3.835.4-3.568-1.607L23.2 17.885z" />
    </svg>;
  const LayersIcon = () => <svg width="24" height="24" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
      <path className="fill-[#3F59E4] dark:fill-[#99A7F1]" d="M34.54 29.135l6.373 3.183c1.566.782 1.566 3.017 0 3.8l-14.815 7.396a4.623 4.623 0 01-4.125 0L7.174 36.12c-1.565-.782-1.565-3.017 0-3.798l6.532-3.214" />
      <path className="fill-[#AAB6F3] dark:fill-[#3449BA]" d="M34.54 18.86l6.373 3.183c1.566.782 1.566 3.016 0 3.8L26.098 33.24a4.623 4.623 0 01-4.125 0L7.174 25.843c-1.565-.781-1.565-3.016 0-3.798l6.33-3.164" />
      <path className="fill-[#CFD6F8] dark:fill-[#22307C]" d="M21.94 23.058L7.306 15.745c-1.62-.81-1.62-3.123 0-3.932l14.631-7.319a4.693 4.693 0 014.194 0l14.648 7.319c1.622.81 1.62 3.124 0 3.932L26.13 23.058c-1.321.66-2.873.66-4.191 0z" />
    </svg>;
  const GithubIcon = () => <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" className="w-5 h-5">
      <path d="M9 19c-5 1.5-5-2.5-7-3m14 6v-3.87a3.37 3.37 0 0 0-.94-2.61c3.14-.35 6.44-1.54 6.44-7A5.44 5.44 0 0 0 20 4.77 5.07 5.07 0 0 0 19.91 1S18.73.65 16 2.48a13.38 13.38 0 0 0-7 0C6.27.65 5.09 1 5.09 1A5.07 5.07 0 0 0 5 4.77a5.44 5.44 0 0 0-1.5 3.78c0 5.42 3.3 6.61 6.44 7A3.37 3.37 0 0 0 9 18.13V22"></path>
    </svg>;
  function IconTile({children}) {
    return <div className="
          shrink-0 grid place-items-center w-10 h-10 rounded-lg
          bg-indigo-50 ring-1 ring-indigo-200/60
          dark:bg-indigo-950/40 dark:ring-white/10
        ">
        {children}
      </div>;
  }
  function Card({className = "", children}) {
    return <div className={`rounded-2xl shadow-sm ring-1 ring-zinc-200 dark:ring-zinc-800 ${className}`}>{children}</div>;
  }
  function Button({variant = "primary", type = "button", onClick, children}) {
    const base = "inline-flex items-center justify-center gap-2 h-10 px-4 rounded-xl font-medium transition";
    let styles = "";
    if (variant === "primary") {
      styles = "mint-bg-indigo-600 text-white hover:mint-bg-indigo-700";
    } else if (variant === "outline") {
      styles = "border border-zinc-300 dark:border-zinc-700 mint-bg-transparent hover:mint-bg-zinc-50 dark:hover:mint-bg-zinc-800";
    } else if (variant === "ghost") {
      styles = "hover:mint-bg-zinc-100 dark:hover:mint-bg-zinc-800";
    }
    return <button type={type} onClick={onClick} className={`${base} ${styles}`}>
        {children}
      </button>;
  }
  function Input({id, label, value, onChange, placeholder, name}) {
    return <label className="block space-y-1">
        <span className="text-sm text-zinc-700 dark:text-zinc-300">{label}</span>
        <input id={id} name={name} className="w-full h-11 px-3 rounded-xl border border-zinc-300 dark:border-zinc-700 bg-white dark:bg-zinc-900 text-zinc-900 dark:text-zinc-100 focus:outline-none focus:ring-2 focus:ring-indigo-500" placeholder={placeholder} value={value} onChange={e => onChange(e.target.value)} />
      </label>;
  }
  function Select({label, value, onChange, options}) {
    return <label className="block space-y-1 max-w-[300px]">
        <span className="text-sm text-zinc-700 dark:text-zinc-300">{label}</span>
        <div className="relative">
          <select className="w-full h-11 appearance-none px-3 pr-9 rounded-xl border border-zinc-300 dark:border-zinc-700 bg-white dark:bg-zinc-900 text-zinc-900 dark:text-zinc-100 focus:outline-none focus:ring-2 focus:ring-indigo-500" value={value} onChange={e => onChange(e.target.value)}>
            <optgroup label="Generic Applications">
              {options.map(o => <option key={o.id} value={o.id}>
                  {o.name}
                </option>)}
            </optgroup>
          </select>
          <svg className="pointer-events-none absolute right-3 top-1/2 -translate-y-1/2 w-5 h-5 text-zinc-500" viewBox="0 0 24 24">
            <path d="M7 10l5 5 5-5z" fill="currentColor" />
          </svg>
        </div>
      </label>;
  }
  function Toast({open, onClose, children}) {
    useEffect(() => {
      if (!open) return;
      const t = setTimeout(onClose, 2200);
      return () => clearTimeout(t);
    }, [open, onClose]);
    return <div className={`fixed right-4 top-4 z-50 transition ${open ? "opacity-100 translate-y-0" : "opacity-0 -translate-y-2 pointer-events-none"}`}>
        <div className="flex items-center gap-2 rounded-xl shadow ring-1 ring-emerald-200 bg-white dark:bg-zinc-900 px-4 py-2">
          <span className="w-1.5 h-8 rounded-l bg-emerald-500" />
          <svg className="w-5 h-5 text-emerald-600" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
            <path d="M20 6L9 17l-5-5" />
          </svg>
          <span className="text-sm text-zinc-900 dark:text-zinc-100">{children}</span>
        </div>
      </div>;
  }
  function Flows() {
    const [route, setRoute] = useState("menu");
    const [apps, setApps] = useState(loadApps());
    const [cfg, setCfg] = useState(loadCfg());
    const [selected, setSelected] = useState(apps[0]?.id || "");
    const [toast, setToast] = useState(false);
    const [bc] = useState(() => mkChannel());
    useEffect(() => {
      if (!apps.find(a => a.id === selected)) {
        setSelected(apps[0]?.id || "");
      }
    }, [apps, selected]);
    useEffect(() => {
      const onMsg = e => {
        const {type, payload} = e.data || ({});
        switch (type) {
          case "NAV":
            setRoute(payload.route);
            break;
          case "SELECT":
            setSelected(payload.appId);
            break;
          case "APPS_UPDATED":
            setApps(loadApps());
            break;
          case "CFG_UPDATED":
            setCfg(loadCfg());
            setToast(true);
            break;
          default:
            break;
        }
      };
      bc.addEventListener("message", onMsg);
      return () => bc.removeEventListener("message", onMsg);
    }, [bc]);
    const nav = nextRoute => {
      setRoute(nextRoute);
      bc.postMessage({
        type: "NAV",
        payload: {
          route: nextRoute
        }
      });
    };
    const selectApp = appId => {
      setSelected(appId);
      bc.postMessage({
        type: "SELECT",
        payload: {
          appId
        }
      });
    };
    const onCreate = name => {
      const id = uid();
      const next = [...apps, {
        id,
        name: name || "Untitled"
      }];
      setApps(next);
      saveApps(next);
      bc.postMessage({
        type: "APPS_UPDATED"
      });
      selectApp(id);
      nav("integrate");
    };
    const onSaveCfg = (appId, data) => {
      const next = {
        ...cfg,
        [appId]: data
      };
      setCfg(next);
      saveCfg(next);
      setToast(true);
      bc.postMessage({
        type: "CFG_UPDATED"
      });
    };
    return <div>
        {route === "menu" && <Menu onCreate={() => nav("create")} onIntegrate={() => nav("integrate")} />}

        {route === "create" && <CreateForm onCancel={() => nav("menu")} onSave={onCreate} />}

        {route === "integrate" && <IntegrateForm apps={apps} selected={selected} onSelect={selectApp} saved={cfg[selected]} onSave={data => onSaveCfg(selected, data)} onCancel={() => nav("menu")} />}

        <Toast open={toast} onClose={() => setToast(false)}>
          Successfully saved your changes.
        </Toast>
      </div>;
  }
  function Menu({onCreate, onIntegrate}) {
    return <ul className="space-y-4 list-none login_list">
        <li className="list-none !px-0">
          <button onClick={onCreate} className="w-full text-left">
            <Card className="p-5 hover:shadow-md transition">
              <div className="flex items-center justify-between">
                <div className="flex items-center gap-4">
                  <IconTile>
                    <LightningIcon />
                  </IconTile>
                  <h2 className="text-lg">Create a new application</h2>
                </div>
                <RightChevron className="w-4 h-4 text-zinc-500" />
              </div>
            </Card>
          </button>
        </li>
        <li className="list-none !px-0">
          <button onClick={onIntegrate} className="w-full text-left">
            <Card className="p-5 hover:shadow-md transition">
              <div className="flex items-center justify-between">
                <div className="flex items-center gap-4">
                  <IconTile>
                    <LayersIcon />
                  </IconTile>
                  <h2 className="text-lg">Integrate with an existing application</h2>
                </div>
                <RightChevron className="w-4 h-4 text-zinc-500" />
              </div>
            </Card>
          </button>
        </li>
        <li className="list-none !px-0">
          <a className="no_external_icon block" href={sampleApp ? sampleApp : "/"} target="_blank" rel="noreferrer">
            <Card className="p-5 hover:shadow-md transition">
              <div className="flex items-center justify-between">
                <div className="flex items-center gap-4">
                  <IconTile>
                    <GithubIcon />
                  </IconTile>
                  <h2 className="text-lg">View a sample application</h2>
                </div>
                <RightChevron className="w-4 h-4 text-zinc-500" />
              </div>
            </Card>
          </a>
        </li>
      </ul>;
  }
  function CreateForm({onSave, onCancel}) {
    const [name, setName] = useState("");
    return <div className="space-y-6">
        <Input id="app-name" label="Application Name" placeholder="My App" value={name} onChange={setName} />
        <p className="text-sm text-zinc-500">You can change this later in the application settings.</p>
        <div className="flex gap-3">
          <Button onClick={() => onSave(name)}>Save</Button>
          <Button variant="outline" onClick={onCancel}>
            Cancel
          </Button>
        </div>
      </div>;
  }
  function IntegrateForm({apps, selected, onSelect, saved, onSave, onCancel}) {
    const [callbacks, setCallbacks] = useState(saved?.callbacks ?? "");
    const [logouts, setLogouts] = useState(saved?.logouts ?? "");
    const [origins, setOrigins] = useState(saved?.origins ?? "");
    useEffect(() => {
      setCallbacks(loadCfg()[selected]?.callbacks ?? "");
      setLogouts(loadCfg()[selected]?.logouts ?? "");
      setOrigins(loadCfg()[selected]?.origins ?? "");
    }, [selected]);
    return <div className="space-y-6">
        <div>
          <span className="block text-sm text-zinc-600 dark:text-zinc-300 mb-1">Select your Application</span>
          <Select label="" value={selected} onChange={onSelect} options={apps} />
        </div>

        <form className="space-y-4" onSubmit={e => {
      e.preventDefault();
      onSave({
        callbacks,
        logouts,
        origins
      });
    }}>
          <Input id="callbacks" name="callbacks" label="Callback URLs" placeholder="http://localhost:3000" value={callbacks} onChange={setCallbacks} />
          <Input id="logout" name="allowed_logout_urls" label="Logout URLs" placeholder="http://localhost:3000" value={logouts} onChange={setLogouts} />
          <Input id="origins" name="web_origins" label="Allowed Web Origins" placeholder="http://localhost:3000" value={origins} onChange={setOrigins} />

          <div className="flex gap-3 pt-2">
            <Button type="submit">Save</Button>
            <Button variant="outline" type="button" onClick={onCancel}>
              Cancel
            </Button>
          </div>
        </form>
      </div>;
  }
  return <div className="w-full mx-auto py-8">
      <Flows />
    </div>;
};

export const SignUpForm = () => {
  return <div className="flex flex-col gap-2 items-center h-full">
      <img noZoom src="/docs/img/quickstarts/action_hero_dashboard.svg" alt="Sign up for an Auth0 account" style={{
    width: "250px",
    height: "250px"
  }} />
      <span className="text-center" style={{
    width: "400px"
  }}>
        Sign up for an{" "}
        <a href="https://auth0.com/signup" target="_blank" rel="noopener noreferrer">
          Auth0 account
        </a>{" "}
        or{" "}
        <span className="font-semibold text-primary cursor-pointer" onClick={() => console.log("log in")}>
          log in
        </span>{" "}
        to your existing account to integrate directly with your own tenant.
      </span>
      <button onClick={() => console.log("sign up")} className="bg-primary dark:bg-primary-light text-white dark:text-black px-4 py-2 rounded-md mt-4 font-medium" style={{
    width: "140px"
  }}>
        Sign up
      </button>
    </div>;
};

export const SideMenuSectionItem = ({id, children}) => {
  return <div id={`side-menu-item-${id}`} className="recipe-side-menu-item flex flex-col w-full h-full">
      {children}
    </div>;
};

export const SideMenu = ({sections, children}) => {
  const [visibleSection, setVisibleSection] = useState(sections[0]?.id ?? null);
  const checkVisibility = () => {
    let currentVisible = null;
    const viewportHeight = window.innerHeight;
    const scrollY = window.scrollY;
    sections.forEach(({id}) => {
      const section = document.getElementById(id);
      if (section) {
        const rect = section.getBoundingClientRect();
        const sectionTop = rect.top + scrollY;
        const sectionBottom = sectionTop + rect.height;
        const multiplier = viewportHeight > 1600 ? 0.34 : 0.22;
        if (scrollY + viewportHeight * multiplier >= sectionTop && scrollY <= sectionBottom) {
          currentVisible = id;
        }
      }
    });
    if (currentVisible && currentVisible !== visibleSection) {
      setVisibleSection(currentVisible);
    }
  };
  useEffect(() => {
    const throttledCheck = () => {
      setTimeout(checkVisibility, 100);
    };
    checkVisibility();
    window.addEventListener("scroll", throttledCheck);
    return () => {
      window.removeEventListener("scroll", throttledCheck);
    };
  }, [sections, visibleSection]);
  useEffect(() => {
    sections.forEach(({id}) => {
      const section = document.getElementById(id);
      const sideMenuItem = document.getElementById(`side-menu-item-${id}`);
      if (section) {
        if (id === visibleSection) {
          section.classList.add("active-section");
        } else {
          section.classList.remove("active-section");
        }
      }
      if (sideMenuItem) {
        if (id === visibleSection) {
          sideMenuItem.classList.add("active-side-menu-item");
        } else {
          sideMenuItem.classList.remove("active-side-menu-item");
        }
      }
    });
  }, [visibleSection, sections]);
  return <div className="recipe-side-menu sticky px-2 py-1" style={{
    height: "calc(100vh - 7rem)",
    top: "7rem",
    scrollMarginTop: "var(--scroll-mt)"
  }}>
      {children.map(child => {
    if (child.props.id === visibleSection) {
      return child;
    }
    return null;
  })}
    </div>;
};

export const Section = ({id, title, stepNumber, children, isSingleColumn = false}) => {
  return <div id={id} className={`recipe-section flex flex-col transition-opacity duration-200`}>
      {}
      <Step title={title} stepNumber={stepNumber} titleSize="h3">
        {children}
      </Step>
    </div>;
};

export const Content = ({title, children}) => {
  return <div className="recipe-content flex flex-col">
      {title && <h1 className="text-3xl">{title}</h1>}
      {children}
    </div>;
};

export const Recipe = ({children, isSingleColumn = false}) => {
  return <div className={`pl-4 recipe-container mx-auto grid grid-cols-1 gap-10 relative ${isSingleColumn ? "md:grid-cols-1" : "md:grid-cols-2"}`}>
      {children}
    </div>;
};

export const sections = [{
  id: "define-permissions",
  title: "Define permissions"
}, {
  id: "install-dependencies",
  title: "Install dependencies"
}, {
  id: "configure-the-middleware",
  title: "Configure the middleware"
}, {
  id: "verify-the-token-signature",
  title: "Verify the token signature"
}, {
  id: "validate-scopes",
  title: "Validate scopes"
}, {
  id: "protect-api-endpoints",
  title: "Protect API endpoints"
}];

<Recipe>
  <Content>
    Auth0 allows you to add authorization to any kind of application. This guide demonstrates how to integrate Auth0
    with any new or existing ASP.NET Owin Web API application using the `Microsoft.Owin.Security.Jwt`
    package.

    If you have not created an API in your Auth0 dashboard yet, you can use the interactive selector to create a new
    Auth0 API or select an existing API for your project.

    To set up your first API through the Auth0 dashboard, review our getting started guide.

    Each Auth0 API uses the API Identifier, which your application needs to validate the access token.

    <Info>
      **New to Auth0?** Learn how Auth0 works and
      read about implementing API authentication and
      authorization using the OAuth 2.0 framework.
    </Info>

    <Section id={sections[0].id} title={sections[0].title} stepNumber="1">
      Permissions let you define how resources can be accessed on behalf of the user with a given access token. For
      example, you might choose to grant read access to the `messages` resource if users have the manager
      access level, and a write access to that resource if they have the administrator access level.

      You can define allowed permissions in the **Permissions** view of the Auth0 Dashboard's [APIs](https://manage.auth0.com/#/apis) section. The following
      example uses the `read:messages` scope.

      <Frame>
        <img src="https://mintcdn.com/docs-staging-quickstart-revamp/fNPG21NgQLCA0axA/images/cdy7uua7fh8z/1s3Yp5zqJiKiSWqbPSezNO/e61793a2822d095666002c3f65c71ac2/configure-permissions.png?fit=max&auto=format&n=fNPG21NgQLCA0axA&q=85&s=460e697ffac537de4d7729d0e20a23ea" width="1078" height="679" data-path="images/cdy7uua7fh8z/1s3Yp5zqJiKiSWqbPSezNO/e61793a2822d095666002c3f65c71ac2/configure-permissions.png" />
      </Frame>
    </Section>

    <Section id={sections[1].id} title={sections[1].title} stepNumber="2">
      Install the `Microsoft.Owin.Security.Jwt` NuGetPackage. This package contains the OWIN JWT Middleware
      necessary to use Auth0 access tokens in the ASP.NET Owin Web API.

      ```ps lines
      Install-Package Microsoft.Owin.Security.Jwt
      ```
    </Section>

    <Section id={sections[2].id} title={sections[2].title} stepNumber="3">
      Go to the `Configuration` method of your `Startup` class and add a call to
      `UseJwtBearerAuthentication` passing in the configured `JwtBearerAuthenticationOptions`.

      The `JwtBearerAuthenticationOptions` needs to specify your Auth0 API Identifier in the
      `ValidAudience` property, and the full path to your Auth0 domain as the `ValidIssuer`. You
      will need to configure the `IssuerSigningKeyResolver` to use the instance of
      `OpenIdConnectSigningKeyResolver` to resolve the signing key.

      <Warning>
        **Do not forget the trailing slash.**

        Ensure the URL specified for `ValidIssuer` contains a trailing forward slash
        (`/`). This must match exactly with the JWT issuer claim. API calls will not authenticate
        correctly if you misconfigured this value.
      </Warning>
    </Section>

    <Section id={sections[3].id} title={sections[3].title} stepNumber="4">
      The OWIN JWT middleware does not use Open ID Connect Discovery by default, so you must provide a custom
      `IssuerSigningKeyResolver`.

      Create the `OpenIdConnectSigningKeyResolver` class and ensure to return the correct
      `SecurityKey` by implementing `GetSigningKey`. This class is then used as
      `TokenValidationParameters.IssuerSigningKeyResolver` while configuring the middleware in
      `Startup.cs`.

      <Info>
        This custom resolver is deprecated and [no longer available](https://github.com/auth0/auth0-aspnet-owin/blob/master/SECURITY-NOTICE.md). You must provide this custom resolver yourself.
      </Info>
    </Section>

    <Section id={sections[4].id} title={sections[4].title} stepNumber="5">
      The JWT middleware verifies that the access token included in the request is valid; however, it doesn't yet
      include any mechanism for checking that the token has the sufficient **scope** to access the requested
      resources.

      Create a class called `ScopeAuthorizeAttribute` which inherits from
      `System.Web.Http.AuthorizeAttribute`. This attribute will check that the `scope` claim
      issued by your Auth0 tenant is present, and if so, it will ensure that the `scope` claim contains the
      requested scope.
    </Section>

    <Section id={sections[5].id} title={sections[5].title} stepNumber="6">
      The routes shown below are available for the following requests:

      * `GET /api/public`: Available for non-authenticated requests.
      * `GET /api/private`: Available for authenticated requests containing an access token with no
        additional scopes.
      * `GET /api/private-scoped`: Available for authenticated requests containing an access token with
        the `read:messages`scope granted.

      The JWT middleware integrates with the standard ASP.NET authentication and authorization mechanisms, so you only
      need to decorate your controller action with the `[Authorize]` attribute to secure an endpoint.

      Update the action with the `ScopeAuthorize` attribute and pass the name of the required
      `scope` in the `scope` parameter. This ensures the correct scope is available to call a
      specific API endpoint.

      <Note>
        ##### Checkpoint

        Now that you have configured your application, run your application and verify that:

        * `GET /api/public`is available for non-authenticated requests.
        * `GET /api/private`is available for authenticated requests.
        * `GET /api/private-scoped`is available for authenticated requests containing an access
          token with the `read:messages`scope.
      </Note>
    </Section>

    ## Next Steps

    Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.

    This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out:

    * [Auth0 Dashboard](https://manage.auth0.com/dashboard/us/dev-gja8kxz4ndtex3rq) - Learn how to configure and manage your Auth0 tenant and applications
    * [Auth0 Marketplace](https://marketplace.auth0.com/) - Discover integrations you can enable to extend Auth0’s functionality
  </Content>

  <SideMenu sections={sections}>
    <SideMenuSectionItem id={sections[0].id}>
      <SignUpForm />
    </SideMenuSectionItem>

    <SideMenuSectionItem id={sections[1].id}>
      <SignUpForm />
    </SideMenuSectionItem>

    <SideMenuSectionItem id={sections[2].id}>
      <CodeGroup>
        ```cs OpenIdConnectSigningKeyResolver.cs lines highlight={}
        public class OpenIdConnectSigningKeyResolver
        {
            private readonly OpenIdConnectConfiguration openIdConfig;

            public OpenIdConnectSigningKeyResolver(string authority)
            {
                var cm = new ConfigurationManager<OpenIdConnectConfiguration>($"{authority.TrimEnd('/')}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
                openIdConfig = AsyncHelper.RunSync(async () => await cm.GetConfigurationAsync());
            }

            public SecurityKey[] GetSigningKey(string kid)
            {
                return new[] { openIdConfig.JsonWebKeySet.GetSigningKeys().FirstOrDefault(t => t.KeyId == kid) };
            }
        }
        ```

        ```cs ScopeAuthorizeAttribute.cs lines highlight={}
        public class ScopeAuthorizeAttribute : AuthorizeAttribute
        {
            private readonly string scope;

            public ScopeAuthorizeAttribute(string scope)
            {
                this.scope = scope;
            }

            public override void OnAuthorization(HttpActionContext actionContext)
            {
                base.OnAuthorization(actionContext);

                // Get the Auth0 domain, in order to validate the issuer
                var domain = $"https://{ConfigurationManager.AppSettings["Auth0Domain"]}/";

                // Get the claim principal
                ClaimsPrincipal principal = actionContext.ControllerContext.RequestContext.Principal as ClaimsPrincipal;

                // Get the scope clain. Ensure that the issuer is for the correcr Auth0 domain
                var scopeClaim = principal?.Claims.FirstOrDefault(c => c.Type == "scope" && c.Issuer == domain);
                if (scopeClaim != null)
                {
                    // Split scopes
                    var scopes = scopeClaim.Value.Split(' ');

                    // Succeed if the scope array contains the required scope
                    if (scopes.Any(s => s == scope))
                        return;
                }

                HandleUnauthorizedRequest(actionContext);
            }
        }
        ```

        ```cs ApiController.cs lines highlight={}
        [RoutePrefix("api")]
        public class ApiController : ApiController
        {
            [HttpGet]
            [Route("public")]
            public IHttpActionResult Public()
            {
                return Json(new
                {
                    Message = "Hello from a public endpoint!"
                });
            }

            [HttpGet]
            [Route("private")]
            [Authorize]
            public IHttpActionResult Private()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated to see this."
                });
            }

            [HttpGet]
            [Route("private-scoped")]
            [ScopeAuthorize("read:messages")]
            public IHttpActionResult Scoped()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this."
                });
            }
        }
        ```
      </CodeGroup>
    </SideMenuSectionItem>

    <SideMenuSectionItem id={sections[3].id}>
      <CodeGroup>
        ```cs OpenIdConnectSigningKeyResolver.cs lines highlight={}
        public class OpenIdConnectSigningKeyResolver
        {
            private readonly OpenIdConnectConfiguration openIdConfig;

            public OpenIdConnectSigningKeyResolver(string authority)
            {
                var cm = new ConfigurationManager<OpenIdConnectConfiguration>($"{authority.TrimEnd('/')}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
                openIdConfig = AsyncHelper.RunSync(async () => await cm.GetConfigurationAsync());
            }

            public SecurityKey[] GetSigningKey(string kid)
            {
                return new[] { openIdConfig.JsonWebKeySet.GetSigningKeys().FirstOrDefault(t => t.KeyId == kid) };
            }
        }
        ```

        ```cs ScopeAuthorizeAttribute.cs lines highlight={}
        public class ScopeAuthorizeAttribute : AuthorizeAttribute
        {
            private readonly string scope;

            public ScopeAuthorizeAttribute(string scope)
            {
                this.scope = scope;
            }

            public override void OnAuthorization(HttpActionContext actionContext)
            {
                base.OnAuthorization(actionContext);

                // Get the Auth0 domain, in order to validate the issuer
                var domain = $"https://{ConfigurationManager.AppSettings["Auth0Domain"]}/";

                // Get the claim principal
                ClaimsPrincipal principal = actionContext.ControllerContext.RequestContext.Principal as ClaimsPrincipal;

                // Get the scope clain. Ensure that the issuer is for the correcr Auth0 domain
                var scopeClaim = principal?.Claims.FirstOrDefault(c => c.Type == "scope" && c.Issuer == domain);
                if (scopeClaim != null)
                {
                    // Split scopes
                    var scopes = scopeClaim.Value.Split(' ');

                    // Succeed if the scope array contains the required scope
                    if (scopes.Any(s => s == scope))
                        return;
                }

                HandleUnauthorizedRequest(actionContext);
            }
        }
        ```

        ```cs ApiController.cs lines highlight={}
        [RoutePrefix("api")]
        public class ApiController : ApiController
        {
            [HttpGet]
            [Route("public")]
            public IHttpActionResult Public()
            {
                return Json(new
                {
                    Message = "Hello from a public endpoint!"
                });
            }

            [HttpGet]
            [Route("private")]
            [Authorize]
            public IHttpActionResult Private()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated to see this."
                });
            }

            [HttpGet]
            [Route("private-scoped")]
            [ScopeAuthorize("read:messages")]
            public IHttpActionResult Scoped()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this."
                });
            }
        }
        ```
      </CodeGroup>
    </SideMenuSectionItem>

    <SideMenuSectionItem id={sections[4].id}>
      <CodeGroup>
        ```cs ScopeAuthorizeAttribute.cs lines highlight={}
        public class ScopeAuthorizeAttribute : AuthorizeAttribute
        {
            private readonly string scope;

            public ScopeAuthorizeAttribute(string scope)
            {
                this.scope = scope;
            }

            public override void OnAuthorization(HttpActionContext actionContext)
            {
                base.OnAuthorization(actionContext);

                // Get the Auth0 domain, in order to validate the issuer
                var domain = $"https://{ConfigurationManager.AppSettings["Auth0Domain"]}/";

                // Get the claim principal
                ClaimsPrincipal principal = actionContext.ControllerContext.RequestContext.Principal as ClaimsPrincipal;

                // Get the scope clain. Ensure that the issuer is for the correcr Auth0 domain
                var scopeClaim = principal?.Claims.FirstOrDefault(c => c.Type == "scope" && c.Issuer == domain);
                if (scopeClaim != null)
                {
                    // Split scopes
                    var scopes = scopeClaim.Value.Split(' ');

                    // Succeed if the scope array contains the required scope
                    if (scopes.Any(s => s == scope))
                        return;
                }

                HandleUnauthorizedRequest(actionContext);
            }
        }
        ```

        ```cs OpenIdConnectSigningKeyResolver.cs lines highlight={}
        public class OpenIdConnectSigningKeyResolver
        {
            private readonly OpenIdConnectConfiguration openIdConfig;

            public OpenIdConnectSigningKeyResolver(string authority)
            {
                var cm = new ConfigurationManager<OpenIdConnectConfiguration>($"{authority.TrimEnd('/')}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
                openIdConfig = AsyncHelper.RunSync(async () => await cm.GetConfigurationAsync());
            }

            public SecurityKey[] GetSigningKey(string kid)
            {
                return new[] { openIdConfig.JsonWebKeySet.GetSigningKeys().FirstOrDefault(t => t.KeyId == kid) };
            }
        }
        ```

        ```cs ApiController.cs lines highlight={}
        [RoutePrefix("api")]
        public class ApiController : ApiController
        {
            [HttpGet]
            [Route("public")]
            public IHttpActionResult Public()
            {
                return Json(new
                {
                    Message = "Hello from a public endpoint!"
                });
            }

            [HttpGet]
            [Route("private")]
            [Authorize]
            public IHttpActionResult Private()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated to see this."
                });
            }

            [HttpGet]
            [Route("private-scoped")]
            [ScopeAuthorize("read:messages")]
            public IHttpActionResult Scoped()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this."
                });
            }
        }
        ```
      </CodeGroup>
    </SideMenuSectionItem>

    <SideMenuSectionItem id={sections[5].id}>
      <CodeGroup>
        ```cs ApiController.cs lines highlight={}
        [RoutePrefix("api")]
        public class ApiController : ApiController
        {
            [HttpGet]
            [Route("public")]
            public IHttpActionResult Public()
            {
                return Json(new
                {
                    Message = "Hello from a public endpoint!"
                });
            }

            [HttpGet]
            [Route("private")]
            [Authorize]
            public IHttpActionResult Private()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated to see this."
                });
            }

            [HttpGet]
            [Route("private-scoped")]
            [ScopeAuthorize("read:messages")]
            public IHttpActionResult Scoped()
            {
                return Json(new
                {
                    Message = "Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this."
                });
            }
        }
        ```

        ```cs OpenIdConnectSigningKeyResolver.cs lines highlight={}
        public class OpenIdConnectSigningKeyResolver
        {
            private readonly OpenIdConnectConfiguration openIdConfig;

            public OpenIdConnectSigningKeyResolver(string authority)
            {
                var cm = new ConfigurationManager<OpenIdConnectConfiguration>($"{authority.TrimEnd('/')}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
                openIdConfig = AsyncHelper.RunSync(async () => await cm.GetConfigurationAsync());
            }

            public SecurityKey[] GetSigningKey(string kid)
            {
                return new[] { openIdConfig.JsonWebKeySet.GetSigningKeys().FirstOrDefault(t => t.KeyId == kid) };
            }
        }
        ```

        ```cs ScopeAuthorizeAttribute.cs lines highlight={}
        public class ScopeAuthorizeAttribute : AuthorizeAttribute
        {
            private readonly string scope;

            public ScopeAuthorizeAttribute(string scope)
            {
                this.scope = scope;
            }

            public override void OnAuthorization(HttpActionContext actionContext)
            {
                base.OnAuthorization(actionContext);

                // Get the Auth0 domain, in order to validate the issuer
                var domain = $"https://{ConfigurationManager.AppSettings["Auth0Domain"]}/";

                // Get the claim principal
                ClaimsPrincipal principal = actionContext.ControllerContext.RequestContext.Principal as ClaimsPrincipal;

                // Get the scope clain. Ensure that the issuer is for the correcr Auth0 domain
                var scopeClaim = principal?.Claims.FirstOrDefault(c => c.Type == "scope" && c.Issuer == domain);
                if (scopeClaim != null)
                {
                    // Split scopes
                    var scopes = scopeClaim.Value.Split(' ');

                    // Succeed if the scope array contains the required scope
                    if (scopes.Any(s => s == scope))
                        return;
                }

                HandleUnauthorizedRequest(actionContext);
            }
        }
        ```
      </CodeGroup>
    </SideMenuSectionItem>
  </SideMenu>
</Recipe>
