Updates ReadMe and Examples.md

kailash-b · kailash-b · commit ec57fb62cc68 · 2026-02-17T17:50:37.000+05:30
diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -6,6 +6,7 @@
 - [Organizations](#organizations)
 - [Extra parameters](#extra-parameters)
 - [Roles](#roles)
+- [Multiple Custom Domains](#multiple-custom-domains)
 - [Backchannel Logout](#backchannel-logout)
 - [Blazor Server](#blazor-server)
 
@@ -314,6 +315,161 @@ public IActionResult Admin()
 }
 ```
 
+## Multiple Custom Domains
+
+The SDK supports scenarios where a single application needs to authenticate users against **multiple Auth0 tenants** or **custom domains**. This is useful for multi-tenant SaaS applications where each customer has their own Auth0 tenant.
+
+### Basic Configuration
+
+Enable Multiple Custom Domains by calling `WithCustomDomains()` and providing a `DomainResolver` function:
+
+```csharp
+services.AddAuth0WebAppAuthentication(options =>
+{
+    options.Domain = Configuration["Auth0:Domain"];
+    options.ClientId = Configuration["Auth0:ClientId"];
+})
+.WithCustomDomains(options =>
+{
+    options.DomainResolver = httpContext =>
+    {
+        var host = httpContext.Request.Host.Host;
+
+        // Route to different Auth0 tenants based on subdomain
+        if (host.StartsWith("tenant-a."))
+        {
+            return Task.FromResult("tenant-a.us.auth0.com");
+        }
+
+        if (host.StartsWith("tenant-b."))
+        {
+            return Task.FromResult("tenant-b.us.auth0.com");
+        }
+
+        // Default domain
+        return Task.FromResult("your-default-domain.us.auth0.com");
+    };
+});
+```
+
+### Configuring the DomainResolver
+
+The `DomainResolver` function receives the `HttpContext` and returns the Auth0 domain as a string. You can inspect any aspect of the HTTP request. The resolver can perform simple lookups or complex operations like querying a database:
+
+```csharp
+options.DomainResolver = httpContext =>
+{
+    // Option 1: Based on subdomain
+    var host = httpContext.Request.Host.Host;
+    var subdomain = host.Split('.')[0];
+    return Task.FromResult($"{subdomain}.us.auth0.com");
+
+    // Option 2: Based on path
+    var path = httpContext.Request.Path.Value;
+    if (path.StartsWith("/tenant-a"))
+        return Task.FromResult("tenant-a.us.auth0.com");
+
+    // Option 3: Based on custom header
+    var tenantHeader = httpContext.Request.Headers["X-Tenant-Id"].FirstOrDefault();
+    return Task.FromResult($"{tenantHeader}.us.auth0.com");
+
+    // Option 4: Based on cookie
+    var tenantCookie = httpContext.Request.Cookies["tenant"];
+    return Task.FromResult($"{tenantCookie}.us.auth0.com");
+};
+
+// Option 5: Complex resolution with database lookup
+options.DomainResolver = async httpContext =>
+{
+    var host = httpContext.Request.Host.Host;
+    var tenantId = host.Split('.')[0];
+
+    // Look up tenant configuration from database
+    var tenantService = httpContext.RequestServices
+        .GetRequiredService<ITenantService>();
+    var tenant = await tenantService.GetTenantAsync(tenantId);
+
+    return tenant?.Auth0Domain ?? "default.us.auth0.com";
+};
+```
+
+### Caching Configuration
+
+Control how OpenID Connect configurations are cached for each domain using `ConfigurationManagerCache`.
+
+#### MemoryConfigurationManagerCache (Default)
+
+Caches configurations in memory with configurable size and expiration:
+
+```csharp
+.WithCustomDomains(options =>
+{
+    options.DomainResolver = httpContext => { /* ... */ };
+
+    options.ConfigurationManagerCache = new MemoryConfigurationManagerCache(
+        maxSize: 100,                              // Maximum number of domains to cache
+        slidingExpiration: TimeSpan.FromHours(1)   // Optional: cache entries expire after 1 hour of inactivity
+    );
+});
+```
+
+#### NullConfigurationManagerCache
+
+Disables caching entirely (not recommended for production):
+
+```csharp
+.WithCustomDomains(options =>
+{
+    options.DomainResolver = httpContext => { /* ... */ };
+    options.ConfigurationManagerCache = new NullConfigurationManagerCache();
+});
+```
+
+#### Custom Cache Implementation
+
+Implement `IConfigurationManagerCache` for custom caching strategies (e.g., Redis, distributed cache):
+
+```csharp
+public class RedisConfigurationManagerCache : IConfigurationManagerCache
+{
+    private readonly IDistributedCache _cache;
+
+    public RedisConfigurationManagerCache(IDistributedCache cache)
+    {
+        _cache = cache;
+    }
+
+    public IConfigurationManager<OpenIdConnectConfiguration> GetOrCreate(
+        string metadataAddress,
+        Func<string, IConfigurationManager<OpenIdConnectConfiguration>> factory)
+    {
+        // Implement Redis-based caching logic
+    }
+
+    public void Clear() => _cache.Remove("oidc-configs");
+    public void Dispose() { }
+}
+
+// Usage
+.WithCustomDomains(options =>
+{
+    options.DomainResolver = httpContext => { /* ... */ };
+    options.ConfigurationManagerCache = new RedisConfigurationManagerCache(distributedCache);
+});
+```
+
+### Important Considerations
+
+1. **Domain Resolution Timing**: The `DomainResolver` is called early in the request pipeline and the result is cached for the duration of the request.
+
+2. **Callback URLs**: Each Auth0 tenant must have the appropriate callback URLs configured:
+   - **Allowed Callback URLs**: `https://{your-domain}/callback`
+   - **Allowed Logout URLs**: `https://{your-domain}/`
+
+3. **Token Validation**: The SDK automatically validates that tokens come from the expected issuer (the domain returned by your `DomainResolver`).
+
+4. **Performance**: Use the default `MemoryConfigurationManagerCache` for most scenarios. The cache significantly reduces the overhead of fetching OIDC configuration for each request.
+
 ## Backchannel Logout
 
 Backchannel logout can be configured by calling `WithBackchannelLogout()` when calling `AddAuth0WebAppAuthentication`.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ A library based on `Microsoft.AspNetCore.Authentication.OpenIdConnect` to make i
 ![Downloads](https://img.shields.io/nuget/dt/auth0.aspnetcore.authentication)
 [![License](https://img.shields.io/:license-MIT-blue.svg?style=flat)](https://opensource.org/licenses/MIT)
 [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/auth0/auth0-aspnetcore-authentication)
-![AzureDevOps](https://img.shields.io/azure-devops/build/Auth0SDK/Auth0.AspNetCore.Authentication/8)
+[![Build and Test](https://github.com/auth0/auth0-aspnetcore-authentication/actions/workflows/build.yml/badge.svg)](https://github.com/auth0/auth0-aspnetcore-authentication/actions/workflows/build.yml)
 
 :books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :computer: [API Reference](#api-reference) - :speech_balloon: [Feedback](#feedback)
 
@@ -15,12 +15,12 @@ A library based on `Microsoft.AspNetCore.Authentication.OpenIdConnect` to make i
 - [Quickstart](https://auth0.com/docs/quickstart/webapp/aspnet-core) - our interactive guide for quickly adding login, logout and user information to an ASP.NET MVC application using Auth0.
 - [Sample App](https://github.com/auth0-samples/auth0-aspnetcore-mvc-samples/tree/master/Quickstart/Sample) - a full-fledged ASP.NET MVC application integrated with Auth0.
 - [Examples](https://github.com/auth0/auth0-aspnetcore-authentication/blob/main/EXAMPLES.md) - code samples for common ASP.NET MVC authentication scenario's.
-- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about 
+- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0. 
 
 ## Getting started
 ### Requirements
 
-This library supports .NET 6.0 and above.
+This library supports .NET 6.0, 7.0, 8.0, and 10.0.
 
 ### Installation
 
@@ -114,6 +114,38 @@ For more code samples on how to integrate the **auth0-aspnetcore-authentication*
 
 > This SDK also works with Blazor Server, for more info see [the Blazor Server section in our examples](https://github.com/auth0/auth0-aspnetcore-authentication/blob/main/EXAMPLES.md#blazor-server).
 
+## Multiple Custom Domains
+
+The SDK supports scenarios where a single application needs to authenticate users against **multiple Auth0 tenants** or **custom domains**. This is useful for multi-tenant SaaS applications where each customer has their own Auth0 tenant.
+
+### Configuration
+
+```csharp
+services.AddAuth0WebAppAuthentication(options =>
+{
+    options.Domain = Configuration["Auth0:Domain"];
+    options.ClientId = Configuration["Auth0:ClientId"];
+})
+.WithCustomDomains(options =>
+{
+    options.DomainResolver = httpContext =>
+    {
+        var host = httpContext.Request.Host.Host;
+
+        // Route to different Auth0 tenants based on subdomain
+        if (host.StartsWith("tenant-a."))
+            return Task.FromResult("tenant-a.us.auth0.com");
+
+        if (host.StartsWith("tenant-b."))
+            return Task.FromResult("tenant-b.us.auth0.com");
+
+        return Task.FromResult("default.us.auth0.com");
+    };
+});
+```
+
+For detailed configuration options, caching strategies, and more examples, see the [Multiple Custom Domains Examples](EXAMPLES.md#multiple-custom-domains).
+
 ## API reference
 Explore public API's available in auth0-aspnetcore-authentication.
 
@@ -152,4 +184,4 @@ Please do not report security vulnerabilities on the public GitHub issue tracker
 </p>
 <p align="center">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
 <p align="center">
-This project is licensed under the MIT license. See the <a href="https://github.com/auth0/auth0-aspnetcore-authentication/blob/main/LICENSE"> LICENSE</a> file for more info.</p>
+This project is licensed under the MIT license. See the <a href="https://github.com/auth0/auth0-aspnetcore-authentication/blob/main/LICENSE">LICENSE</a> file for more info.</p>
