How-to

Use OAuth for authorization

Applies to: .NET SDK Last updated: 2026-06-11

Pattern

Implement IAuthorizationProvider as a wrapper that validates an OAuth token associated with each sender:

public sealed class OAuthAuthorizationProvider : IAuthorizationProvider
{
    private readonly string _issuerUrl;
    private readonly string _audience;

    // The sender's OAuth token is communicated via the envelope body
    // (or a custom field). The provider validates it against the issuer.

    public async Task<PolicyDecision> AuthorizeAsync(...)
    {
        // 1. Extract token from request context
        // 2. Validate signature, expiry, audience against _issuerUrl
        // 3. Inspect scopes / claims
        // 4. Return PolicyDecision(...)
    }
}

See also