IBeam.Identity.Services 2.0.64

.NET 10.0

dotnet add package IBeam.Identity.Services --version 2.0.64

NuGet\Install-Package IBeam.Identity.Services -Version 2.0.64

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="IBeam.Identity.Services" Version="2.0.64" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="IBeam.Identity.Services" Version="2.0.64" />
                    

                            Directory.Packages.props

<PackageReference Include="IBeam.Identity.Services" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add IBeam.Identity.Services --version 2.0.64

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: IBeam.Identity.Services, 2.0.64"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package IBeam.Identity.Services@2.0.64

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=IBeam.Identity.Services&version=2.0.64
                    

                            Install as a Cake Addin

#tool nuget:?package=IBeam.Identity.Services&version=2.0.64
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

IBeam.Identity.Services

Core identity orchestration package for OTP, password, OAuth, tokens, and tenant selection.

Narrative Introduction

This package is where identity behavior is implemented. It consumes contracts from IBeam.Identity and composes authentication workflows while delegating storage and delivery concerns to repository and communications providers.

Features and Components

auth flow implementations:
- PasswordAuthService
- OtpAuthService
- OAuthAuthService
supporting services:
- OtpService
- JwtTokenService
- TenantSelectionService
- IdentityCommunicationAdapter
- PermissionAccessAuthorizer (dynamic permission map authorization)
- PermissionCatalogProvider (exposed permission catalog discovery)
DI extension methods:
- AddIBeamIdentityServices(IConfiguration)
- AddIBeamIdentityPermissionMappings(...)
- AddIBeamIdentityPermissionCatalog(...)
- AddIBeamIdentityAuthPasswordService()
- AddIBeamIdentityAuthOtpService()
- AddIBeamIdentityAuthOAuthService()
- AddIBeamAuthEvents(...)

Cross-Pattern Auth Orchestration

IBeam.Identity.Services lets one user move between auth patterns without creating duplicate users. The service layer always works against UserId after the repository resolves an auth identifier.

Supported flows:

OTP with SMS: StartOtpAsync(phone) then CompleteOtpAsync(...).
OTP with email: StartOtpAsync(email) then CompleteOtpAsync(...).
Email/password: StartEmailPasswordRegistrationAsync(...), CompleteEmailPasswordRegistrationAsync(...), then PasswordLoginAsync(...).
Add email/password to an existing SMS user: StartEmailPasswordLinkAsync(...), then CompleteEmailPasswordLinkAsync(...).
Add SMS to an existing email user: StartPhoneLinkAsync(...), then CompletePhoneLinkAsync(...).
2FA: StartTwoFactorSetupAsync(...), CompleteTwoFactorSetupAsync(...), then CompleteTwoFactorLoginAsync(...).

The repository provider is responsible for fast identifier resolution. For Azure Table, this is done by an AuthIdentifiers table keyed by identifier type and normalized value.

Dependencies

Internal packages:
- IBeam.Identity
- IBeam.Communications
External packages:
- Microsoft.Extensions.Configuration.Abstractions
- Microsoft.Extensions.Caching.Abstractions
- Microsoft.Extensions.Http
- Microsoft.Extensions.Options
- Microsoft.Extensions.Options.ConfigurationExtensions
- Microsoft.Extensions.Identity.Stores
- System.IdentityModel.Tokens.Jwt

Required Configuration

IBeam:Identity:Jwt
IBeam:Identity:Otp
IBeam:Identity:Features
IBeam:Identity:OAuth (when OAuth is enabled)
IBeam:Identity:Events (optional)
IBeam:Identity:TenantProvisioning (optional; auth tenant creation/linking policy)
IBeam:Identity:PermissionAccess (optional; JSON permission map source)
IBeam:Identity:RoleManagement (optional; tenant/admin policy toggles)

OTP Auto-Provision Toggle

IBeam:Identity:Otp:AllowAutoProvisionForUnknownUser
- true: OTP sign-in may create users for unknown destinations
- false: unknown destinations are blocked in OTP start/complete flows
Default when omitted:
- Development: true
- Test / Production: false
Environment-variable override:
- IBeam__Identity__Otp__AllowAutoProvisionForUnknownUser=true|false

Tenant Provisioning Policy

IBeam:Identity:TenantProvisioning:Mode controls tenant behavior after OTP, password, and OAuth authentication resolves a user.

AutoCreateTenantForNewUser: default/current behavior; creates a tenant/workspace when the authenticated user has no active membership.
RequireExistingTenant: never creates or links a tenant from auth; missing membership fails with a validation error.
UseDefaultTenant: uses DefaultTenantId when auth requests omit tenant id.

For UseDefaultTenant, set AutoLinkUserToDefaultTenant to true when IBeam should link authenticated users to the configured tenant automatically. Optional AutoLinkRoleNames are granted during that link.

Configuration example for a single-tenant deployment:

{
  "IBeam": {
    "Identity": {
      "TenantProvisioning": {
        "Mode": "UseDefaultTenant",
        "DefaultTenantId": "225925cc-995e-4584-a63b-4f2cb4f38f6f",
        "AutoLinkUserToDefaultTenant": true,
        "AutoLinkRoleNames": [ "Member" ]
      }
    }
  }
}

Configuration example for strict membership-only auth:

{
  "IBeam": {
    "Identity": {
      "TenantProvisioning": {
        "Mode": "RequireExistingTenant",
        "DefaultTenantId": "225925cc-995e-4584-a63b-4f2cb4f38f6f"
      }
    }
  }
}

Code Samples

SMS OTP first, email/password later

var otp = await otpAuth.StartOtpAsync("16145551212", ct: ct);
var signedIn = await otpAuth.CompleteOtpAsync(
    otp.ChallengeId,
    codeFromSms,
    "16145551212",
    displayName: "Adam",
    ct);

var userIdClaim = signedIn.Token!.Claims.First(c => c.Type == "uid").Value;
Guid userId = Guid.Parse(userIdClaim);

await passwordAuth.StartEmailPasswordLinkAsync(
    userId,
    "adam@test.com",
    resetUrlBase: "https://app.example.com/finish-email-link",
    ct: ct);

await passwordAuth.CompleteEmailPasswordLinkAsync(
    userId,
    "adam@test.com",
    challengeId,
    verificationToken,
    "new secure password",
    ct);

Email user adds SMS

var challenge = await passwordAuth.StartPhoneLinkAsync(userId, "16145551212", ct);

await passwordAuth.CompletePhoneLinkAsync(
    userId,
    "16145551212",
    challenge.ChallengeId,
    codeFromSms,
    ct);

Single-tenant OTP with configured tenant

With Mode = UseDefaultTenant, an omitted OTP tenant id resolves to DefaultTenantId. The service also stores the effective tenant id on the OTP challenge.

var otp = await otpAuth.StartOtpAsync("+16142649686", ct: ct);

var result = await otpAuth.CompleteOtpAsync(
    otp.ChallengeId,
    codeFromSms,
    "16142649686",
    displayName: "Care Team User",
    ct);

If AutoLinkUserToDefaultTenant is false and the user is not already linked to DefaultTenantId, completion fails with an IdentityValidationException.

Code-based options configuration

builder.Services.AddIBeamIdentityServices(builder.Configuration);

builder.Services.Configure<TenantProvisioningOptions>(options =>
{
    options.Mode = TenantProvisioningMode.RequireExistingTenant;
    options.DefaultTenantId = Guid.Parse(builder.Configuration["Wellderly:TenantId"]!);
    options.AutoLinkUserToDefaultTenant = false;
});

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- IBeam.Communications (>= 2.0.64)
- IBeam.Identity (>= 2.0.64)
- Microsoft.Extensions.Caching.Abstractions (>= 10.0.3)
- Microsoft.Extensions.Configuration.Abstractions (>= 10.0.3)
- Microsoft.Extensions.Http (>= 10.0.0)
- Microsoft.Extensions.Identity.Stores (>= 8.0.19)
- Microsoft.Extensions.Options (>= 10.0.3)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 10.0.3)
- System.IdentityModel.Tokens.Jwt (>= 8.16.0)

NuGet packages (3)

Showing the top 3 NuGet packages that depend on IBeam.Identity.Services:

Package	Downloads
IBeam.Identity.Repositories.AzureTable IBeam modular framework components for .NET APIs and services.	1.8K
IBeam.Identity.Api IBeam modular framework components for .NET APIs and services.	1.6K
IBeam.Identity.Repositories.EntityFramework IBeam modular framework components for .NET APIs and services.	1.4K

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
2.0.64	108	6/17/2026
2.0.63	114	6/16/2026
2.0.62	110	6/16/2026
2.0.57	165	6/8/2026
2.0.56	136	6/7/2026
2.0.54	179	5/27/2026
2.0.52	136	5/27/2026
2.0.35	162	5/15/2026
2.0.32	277	3/25/2026
2.0.30	126	3/25/2026
2.0.29	123	3/25/2026
2.0.28	116	3/25/2026
2.0.26	122	3/25/2026
2.0.22	133	3/25/2026