Cross.Identity
1.1.0-dev.119
See the version list below for details.
dotnet add package Cross.Identity --version 1.1.0-dev.119
NuGet\Install-Package Cross.Identity -Version 1.1.0-dev.119
<PackageReference Include="Cross.Identity" Version="1.1.0-dev.119" />
<PackageVersion Include="Cross.Identity" Version="1.1.0-dev.119" />
<PackageReference Include="Cross.Identity" />
paket add Cross.Identity --version 1.1.0-dev.119
#r "nuget: Cross.Identity, 1.1.0-dev.119"
#:package Cross.Identity@1.1.0-dev.119
#addin nuget:?package=Cross.Identity&version=1.1.0-dev.119&prerelease
#tool nuget:?package=Cross.Identity&version=1.1.0-dev.119&prerelease
Cross.Identity
A .NET identity and authentication library: configurable scenarios (registration, sign-in, password recovery, token issuance and refresh), JWT, Argon2, email/SMS verification, and a process engine with JSON-defined flows.
Features
- Process Engine — runs scenarios (flows) from JSON definitions with sequential steps.
- Flows — registration, password/code sign-in, forgot password, token, refresh token, get user, request and verify codes (email/SMS).
- JWT — issue and validate access/refresh tokens, configurable claims and lifetimes.
- Security — password hashing (Argon2), one-time codes, phone normalization.
- Channels — email and SMS (code delivery via Cross.Messaging).
- External OAuth — Google, Microsoft, GitHub, Apple; OAuth state in the database (
auth.ExternalLoginStates), multi-instance without sticky sessions. - Forms — declarative field definitions and validation rules (equal, requiredIf, atLeastOneRequired, etc.).
- Licensing (JWT) — Peshkov license key check on the first flow call; without a key in dev/test, execution continues with a warning in logs.
Requirements
- .NET 8.0
Repository structure
Cross.Identity.slnx
├── Cross.Identity/ # NuGet library
│ ├── FlowExecutor.cs, IFlowExecutor.cs
│ ├── Entities/, Infrastructure/ # EF Core (users, tokens, verifications, external login)
│ ├── Services/ # User, Code, JwtToken; Crypto/; ExternalOAuth/
│ ├── Licensing/ # Peshkov JWT license (Accessor, Validator, ProductInfo)
│ ├── Options/ # AuthenticationOptions, IdentityServiceConfiguration
│ ├── Extensions/, Helpers/, Dtos/, Enums/
│ ├── ProcessEngine/
│ │ ├── Core/ # Bag, StepRegistry, ProcessLoader, Forms/validation
│ │ ├── Steps/, Factories/ # Steps and their DI factories
│ │ └── Definitions/ # Flows/*.json, Templates/, Providers/
│ ├── FLOWS.md # Flow and step documentation
│ └── config.nuspec
├── Cross.Identity.Tests/ # NUnit (unit + integration)
├── Sample.Api/ # Minimal API example (ASP.NET Core)
├── .cursor/triage/docs/ # Automated triage reports (.data/, ci-report-*.md)
├── .github/workflows/ # dotnet.yml, triage.yml
├── Infrastructure/Scripts/ # DbUp SQL example for auth schema (copy; see README)
├── RefreshToken.md
├── CONTRIBUTING.md
├── LICENSE.md
└── README.md
Usage
- Registration in the application (ASP.NET Core):
services.AddCrossIdentity(configuration);
// Registers: IFlowExecutor, StepRegistry, all IStepFactory, UserService, CodeService, JwtTokenService,
// LicenseAccessor, LicenseValidator, ILicenseProductInfo, definition providers (files + embedded), forms, etc.
License key (optional) — CrossIdentity section in configuration or the CrossIdentity__LicenseKey environment variable:
{
"CrossIdentity": {
"LicenseKey": "<license key here>"
}
}
Validation runs automatically on the first call to IFlowExecutor.ExecuteAsync — no extra code required. Keys: peshkov.biz.
Behavior:
| Scenario | Result |
|---|---|
| Key not set | LogCritical, flow runs (dev/test) |
| Invalid JWT | LogError, flow runs |
| Expired / wrong product type | LogError + LogCritical, flow runs |
| Valid key | LogInformation with edition and expiration date |
- Running a scenario — in a controller or minimal API, pass the request body as a dictionary and call:
var result = await _flowExecutor.ExecuteAsync(
input: requestBodyAsDictionary,
flow: "license", // e.g. license, game, shop, edoctors
operation: FlowOperationEnum.Token,
cancellationToken);
// result.Data — dictionary of fields from the collectResult step (e.g. access_token, refresh_token, LastCode).
- Flow definitions — JSON in
ProcessEngine/Definitions/Flows/(and optionally from the file system). File names:{flow}.{Operation}.json(e.g.license.Token.json,game.Register.json). See FLOWS.md for detailed flow and step documentation.
Dependencies (NuGet)
- Cross.ErrorHandlers
- Cross.Headers
- Cross.Messaging
- Cross.PepperVault
- Konscious.Security.Cryptography.Argon2
- Microsoft.EntityFrameworkCore (+ InMemory, Relational)
- Microsoft.Extensions.Http
- Microsoft.IdentityModel.JsonWebTokens
- PhoneNumbersCore
Build and tests
dotnet build
dotnet test
Tests
Categories (NUnit)
Constants — Cross.Identity.Tests.Common.TestCategory, attributes: [Category(TestCategory.UNIT)], [Category(TestCategory.INTEGRATION)], [Category(TestCategory.FUNCTIONAL)].
| Category | Purpose |
|---|---|
| UNIT | Mocks, single component, no InMemory EF |
| INTEGRATION | EFTestsBase (InMemory EF + real services), RunFlowCommandHandlerTestsBase / Identity/FlowTests (end-to-end process engine) |
| FUNCTIONAL | Reserved (E2E / TestServer / external dependencies), not used yet |
Run examples:
dotnet test --filter "Category=Unit"
dotnet test --filter "Category=Integration"
Method naming
Given_When_Then convention:
- Given — context/preconditions.
- When — action.
- Then — expected result.
Example: ExistingUser_RequestCode_SendsCodeAndReturnsLastCode.
Layout: Cross.Identity.Tests/Identity/ — FlowTests (integration), StepTests and StepFactoryTests (unit); Services/ — unit or integration depending on the base class (EFTestsBase → integration).
Additional resources
- CONTRIBUTING.md — how to contribute: branches, PRs, tests, code style.
- Infrastructure/Scripts/README.md — DbUp SQL example for the
authschema. - RefreshToken.md — access/refresh token lifetimes and rotation recommendations.
- LICENSE.md — license.
ToDo
Migrate from System.IdentityModel.Tokens.Jwt to Microsoft.IdentityModel.JsonWebTokens
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- Cross.ErrorHandlers (>= 7.6.0)
- Cross.Headers (>= 1.2.1)
- Cross.Messaging (>= 2.1.0)
- Cross.PepperVault (>= 1.2.0)
- Konscious.Security.Cryptography.Argon2 (>= 1.3.1)
- Microsoft.EntityFrameworkCore (>= 10.0.9)
- Microsoft.EntityFrameworkCore.InMemory (>= 10.0.9)
- Microsoft.EntityFrameworkCore.Relational (>= 10.0.9)
- Microsoft.Extensions.Http (>= 10.0.9)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.16.0)
- PhoneNumbersCore (>= 1.1.1)
-
net8.0
- Cross.ErrorHandlers (>= 7.6.0)
- Cross.Headers (>= 1.2.1)
- Cross.Messaging (>= 2.1.0)
- Cross.PepperVault (>= 1.2.0)
- Konscious.Security.Cryptography.Argon2 (>= 1.3.1)
- Microsoft.EntityFrameworkCore (>= 8.0.8)
- Microsoft.EntityFrameworkCore.InMemory (>= 8.0.8)
- Microsoft.EntityFrameworkCore.Relational (>= 8.0.8)
- Microsoft.Extensions.Http (>= 8.0.1)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.16.0)
- PhoneNumbersCore (>= 1.1.1)
-
net9.0
- Cross.ErrorHandlers (>= 7.6.0)
- Cross.Headers (>= 1.2.1)
- Cross.Messaging (>= 2.1.0)
- Cross.PepperVault (>= 1.2.0)
- Konscious.Security.Cryptography.Argon2 (>= 1.3.1)
- Microsoft.EntityFrameworkCore (>= 9.0.9)
- Microsoft.EntityFrameworkCore.InMemory (>= 9.0.9)
- Microsoft.EntityFrameworkCore.Relational (>= 9.0.9)
- Microsoft.Extensions.Http (>= 9.0.15)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.16.0)
- PhoneNumbersCore (>= 1.1.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.1.0-US-129-Make-a-user-re... | 51 | 5/28/2026 |
| 1.1.0-dev.120 | 0 | 6/30/2026 |
| 1.1.0-dev.119 | 0 | 6/30/2026 |
| 1.1.0-dev.118 | 47 | 6/29/2026 |
| 1.1.0-dev.117 | 41 | 6/29/2026 |
| 1.1.0-dev.116 | 48 | 6/29/2026 |
| 1.1.0-dev.115 | 46 | 6/29/2026 |
| 1.1.0-dev.114 | 46 | 6/29/2026 |
| 1.1.0-dev.113 | 47 | 6/29/2026 |
| 1.1.0-dev.108 | 49 | 6/29/2026 |
| 1.1.0-dev.107 | 42 | 6/29/2026 |
| 1.1.0-dev.106 | 41 | 6/29/2026 |
| 1.1.0-dev.105 | 45 | 6/29/2026 |
| 1.1.0-dev.104 | 44 | 6/29/2026 |
| 1.1.0-dev.103 | 45 | 6/29/2026 |
| 1.1.0-dev.102 | 44 | 6/29/2026 |
| 1.1.0-dev.101 | 50 | 6/29/2026 |
| 1.1.0-dev.100 | 45 | 6/26/2026 |
| 1.1.0-dev.99 | 54 | 6/25/2026 |
| 1.0.0 | 170 | 2/28/2026 |
Cross.Identity: identity and authentication flows, JWT, process engine.
Licensing
- JWT license validation (Peshkov software) on first IFlowExecutor.ExecuteAsync call.
- Configure via CrossIdentity:LicenseKey in appsettings or CrossIdentity__LicenseKey environment variable.