OneIdentity.SafeguardDotNet.DeviceCodeLogin 8.3.0

.NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher.
There is a newer prerelease version of this package available.
See the version list below for details. 
dotnet add package OneIdentity.SafeguardDotNet.DeviceCodeLogin --version 8.3.0
                    


                    

                
NuGet\Install-Package OneIdentity.SafeguardDotNet.DeviceCodeLogin -Version 8.3.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="OneIdentity.SafeguardDotNet.DeviceCodeLogin" Version="8.3.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="OneIdentity.SafeguardDotNet.DeviceCodeLogin" Version="8.3.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="OneIdentity.SafeguardDotNet.DeviceCodeLogin" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add OneIdentity.SafeguardDotNet.DeviceCodeLogin --version 8.3.0
                    


                    

                
#r "nuget: OneIdentity.SafeguardDotNet.DeviceCodeLogin, 8.3.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package OneIdentity.SafeguardDotNet.DeviceCodeLogin@8.3.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=OneIdentity.SafeguardDotNet.DeviceCodeLogin&version=8.3.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=OneIdentity.SafeguardDotNet.DeviceCodeLogin&version=8.3.0
                    


                            Install as a Cake Tool

SafeguardDotNet.DeviceCodeLogin

OAuth 2.0 Device Authorization Grant (RFC 8628) authentication for the Safeguard Web API.

Overview

This library enables authentication to Safeguard from environments that lack a local browser:

  • Docker containers
  • Remote SSH sessions
  • Headless VMs and CI runners
  • IoT/embedded devices

The flow displays a URL and user code. The user authenticates from any browser on any device, and the token is delivered back to the requesting application automatically.

Key Features

  • No Browser Required: Authenticate from any headless environment
  • No Credentials in Code: Unlike PkceNoninteractiveLogin, no username/password needed
  • SSO/MFA Compatible: User authenticates normally in their browser, supporting any identity provider
  • Async Support: Both Connect() and ConnectAsync() with CancellationToken
  • Standard RFC 8628: Implements the OAuth 2.0 Device Authorization Grant

Prerequisites

  • Safeguard appliance firmware ≥ 8.2
  • Device Code grant type must be enabled on the appliance:
    • UI: Settings → OAuth 2.0 Grant Types → check "Device Code"
    • API: PUT /service/core/v4/Settings/Allowed%20OAuth2%20Grant%20Types with body {"Value":"ResourceOwner, DeviceCode"}

Usage Example

using OneIdentity.SafeguardDotNet;
using OneIdentity.SafeguardDotNet.DeviceCodeLogin;

// Synchronous
using var connection = DeviceCodeLogin.Connect(
    "safeguard.example.com",
    new DeviceCodeLoginParameters
    {
        DisplayCallback = info =>
        {
            Console.WriteLine($"To sign in, visit: {info.VerificationUriComplete}");
            Console.WriteLine($"Or go to {info.VerificationUri} and enter code: {info.UserCode}");
        }
    });

var me = connection.InvokeMethod(Service.Core, Method.Get, "Me");

Async with cancellation

using var cts = new CancellationTokenSource(TimeSpan.FromMinutes(3));

using var connection = await DeviceCodeLogin.ConnectAsync(
    "safeguard.example.com",
    new DeviceCodeLoginParameters
    {
        DisplayCallback = info =>
        {
            Console.WriteLine($"Visit: {info.VerificationUriComplete}");
            Console.WriteLine($"Code: {info.UserCode}");
        }
    },
    cancellationToken: cts.Token);

Comparison with Other Login Packages

Feature BrowserLogin PkceNoninteractiveLogin DeviceCodeLogin
Browser Required Yes (local) No No
Credentials in Code No Yes (username/password) No
SSO/MFA Support Yes Limited Yes
Headless Compatible No Yes Yes
Async API No No Yes
Use Case Desktop apps Automation with known creds Headless with user auth

Configuration

Parameter Default Description
DisplayCallback (required) Callback to display the verification URL and code to the user
ClientId "SafeguardDotNet" OAuth2 client ID (change only if appliance has RelyingPartyApplications configured)
Scope "rsts:sts:primaryproviderid:local" Identity provider scope
PollingIntervalSeconds 5 Seconds between token polling requests (auto-increases on slow_down)

Dependencies

  • SafeguardDotNet (core SDK)
  • Serilog (logging)
  • Newtonsoft.Json

Testing

See Test/SafeguardDotNetDeviceCodeLoginTester for a CLI tool that demonstrates the full flow.

License

Apache 2.0. See LICENSE file for details.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
8.3.1-pre39597 0 6/2/2026
8.3.0 0 6/2/2026
8.3.0-pre39380 30 6/2/2026
8.3.0-pre38787 63 5/29/2026

Device Code Login for One Identity Safeguard Web API .NET SDK

     Allows custom application to use the Safeguard Web API by authenticating to
     Safeguard using OAuth 2.0 Device Authorization Grant (RFC 8628). This enables
     authentication from headless environments without a local browser.