Sample C# Application

This tutorial illustrates how to use SLB Authenticator in your C# application. It demonstrates how to implement the OpenID Connect (OIDC) Authorization Code flow with Proof Key for Code Exchange (PKCE). Instead of building the implementation from scratch, we'll use the proven Duende IdentityModel.OidcClient library, which provides a robust and well-tested OIDC client implementation.

The PKCE flow is the recommended approach for public clients (such as mobile apps, SPAs, and native desktop applications) as it provides additional security by eliminating the need to store client secrets and mitigates authorization code interception attacks.In this tutorial we will use Cross Platform Console Applications Sample. Refer to the Duende IdentityModel OIDC Client Samples if you want to explore more samples.

Note: This tutorial was prepared and tested using IdentityModel.OidcClient version 6.0.0. While newer versions should work, we recommend using this specific version to ensure compatibility with the provided examples.

Before starting this tutorial, ensure you have the following:

• .NET 9.0 SDK or later installed on your development machine.
• Git installed for cloning the repository.
• Visual Studio 2022, Visual Studio Code, or your preferred .NET IDE.
• Access to SLB Developer Portal.
• You need to be a member of a Team on SLB Developer.

Before implementing the OIDC flow, you need to register your application in the SLB Developer Portal.

Next you will need to register client. Refer to Create Clients for Desktop/Mobile Apps to know details on how to create client.

Note During client creation add http:/127.0.0.1 as a redirect URI. Do not specify port as sample application will use dynamic port.

Clone the Duende IdentityModel sample repository that contains the OIDC client implementation:

git clone https://github.com/DuendeSoftware/foss.git
cd foss/identity-model-oidc-client/samples/NetCoreConsoleClient

The sample application contains the following key files:

• NetCoreConsoleClient.sln - Solution file.
• src/NetCoreConsoleClient/Program.cs - Main application entry point with OIDC client configuration.
• src/NetCoreConsoleClient/NetCoreConsoleClient.csproj - Project file with required NuGet packages.
• src/NetCoreConsoleClient/SystemBrowser.cs - Helper class for launching system browser for authentication.

Open Program.cs and locate declaration of the field _authority of the class Program:

    public class Program
    {
        static string _authority = "https://demo.duendesoftware.com";
        ...

By default this sample code uses https://demo.duendesoftware.com as OIDC provider authority. Replace _authority field value URI with https://csi.slb.com/v2:

    public class Program
    {
        static string _authority = "https://csi.slb.com/v2";
        ...

In the same file locate initialization of OidcClientOptions class inside Login method:

        private static async Task Login()
        {
            ...
            var options = new OidcClientOptions
            {
                Authority = _authority,
                ClientId = "interactive.public",
                RedirectUri = redirectUri,
                Scope = "openid profile api",
                FilterClaims = false,
                Browser = browser,
            };
            ...

Replace ClientId property with your Client ID. Replace value of the Scope property with "openid profile". Or you can replace "api" with any APIs allowed for your application:

        private static async Task Login()
        {
            ...
            var options = new OidcClientOptions
            {
                Authority = _authority,
                ClientId = "<<your clientId>>",
                RedirectUri = redirectUri,
                Scope = "openid profile",
                FilterClaims = false,
                Browser = browser,
            };
            ...

At the end of Login method locate and comment next line:

            await NextSteps(result, oidcClient);

Note: By default this example can demonstrate how to refresh token or how to implement API call using acquired Access Token. Fill free to update this sample code to use any Slb Digital APIs allowed for your application. You would need to:

• Keep call of NextSteps method uncommented .
• Replace field _api value with the API base URI of the Delfi API you are planning to use.
• Add API client Id to the scope (space separated) in OidcClientOptions.
• Update CallApi method to make a call to specific endpoint.

Restore the packages:

dotnet restore

Note You can restore the packages from your IDE as well

Build and run the sample application:

dotnet build
dotnet run

When you run the application:

1. The application will open your default browser.
2. You'll be redirected to the SLB Authenticator login page.
3. Enter your Delfi credentials.
4. After successful authentication, you'll be redirected back to the application.
5. The application will display the received tokens and user claims.

The sample application should output:

• Access Token: Used for API calls to Digital Platform services.
• Identity Token: Contains user identity information.
• Refresh Token: Used to obtain new access tokens.
• User Claims: Information about the authenticated user.

These instructions work with Duende Software Cross Platform Console Applications Sample as of June 4th, 2025, but this public sample is constantly being updated. The detailed instructions are provided as a convenience for new web developers and are only to be used as a guide. The documentation in Cross Platform Console Applications Sample take precedence.

• User context in SLB Digital platform
• Secret management on SLB Digital platform
• API Maturity of cloud APIs
• Refer tutorial of various solutions (e.g. FDPlan, DrillPlan, MPDF etc.) to learn more about their extensibility and how to integrate with APIs offered by these solutions into your application.