OpenIdConnectOptions Class¶
Configuration options for Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware
- Namespace
Microsoft.AspNetCore.Builder
- Assemblies
- Microsoft.AspNetCore.Authentication.OpenIdConnect
Syntax¶
public class OpenIdConnectOptions : RemoteAuthenticationOptions
-
class
Microsoft.AspNetCore.Builder.
OpenIdConnectOptions
Constructors¶
-
OpenIdConnectOptions
()¶ Initializes a new
Microsoft.AspNetCore.Builder.OpenIdConnectOptions
public OpenIdConnectOptions()
-
OpenIdConnectOptions
(System.String) Initializes a new
Microsoft.AspNetCore.Builder.OpenIdConnectOptions
Arguments: authenticationScheme (System.String) – will be used to when creating the System.Security.Claims.ClaimsIdentity
for the AuthenticationScheme property.public OpenIdConnectOptions(string authenticationScheme)
-
Properties¶
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
AuthenticationMethod
¶ Gets or sets the method used to redirect the user agent to the identity provider.
Return type: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior public OpenIdConnectRedirectBehavior AuthenticationMethod { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
Authority
¶ Gets or sets the Authority to use when making OpenIdConnect calls.
Return type: System.String public string Authority { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
ClientId
¶ Gets or sets the ‘client_id’.
Return type: System.String public string ClientId { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
ClientSecret
¶ Gets or sets the ‘client_secret’.
Return type: System.String public string ClientSecret { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
Configuration
¶ Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties will not be used. This information should not be updated during request processing.
Return type: Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration public OpenIdConnectConfiguration Configuration { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
ConfigurationManager
¶ Responsible for retrieving, caching, and refreshing the configuration from metadata. If not provided, then one will be created using the MetadataAddress and Backchannel properties.
Return type: Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
Events
¶ Gets or sets the
Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents
to notify when processing OpenIdConnect messages.Return type: Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents public IOpenIdConnectEvents Events { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
GetClaimsFromUserInfoEndpoint
¶ Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
Return type: System.Boolean public bool GetClaimsFromUserInfoEndpoint { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
MetadataAddress
¶ Gets or sets the discovery endpoint for obtaining metadata
Return type: System.String public string MetadataAddress { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
PostLogoutRedirectUri
¶ Gets or sets the ‘post_logout_redirect_uri’
Return type: System.String public string PostLogoutRedirectUri { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
ProtocolValidator
¶ Gets or sets the
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator
that is used to ensure that the ‘id_token’ received is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidationReturn type: Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator public OpenIdConnectProtocolValidator ProtocolValidator { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
RefreshOnIssuerKeyNotFound
¶ Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic recovery in the event of a signature key rollover. This is enabled by default.
Return type: System.Boolean public bool RefreshOnIssuerKeyNotFound { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
RemoteSignOutPath
¶ Requests received on this path will cause the middleware to invoke SignOut using the SignInScheme.
Return type: Microsoft.AspNetCore.Http.PathString public PathString RemoteSignOutPath { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
RequireHttpsMetadata
¶ Gets or sets if HTTPS is required for the metadata address or authority. The default is true. This should be disabled only in development environments.
Return type: System.Boolean public bool RequireHttpsMetadata { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
Resource
¶ Gets or sets the ‘resource’.
Return type: System.String public string Resource { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
ResponseMode
¶ Gets or sets the ‘response_mode’.
Return type: System.String public string ResponseMode { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
ResponseType
¶ Gets or sets the ‘response_type’.
Return type: System.String public string ResponseType { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
Scope
¶ Gets the list of permissions to request.
Return type: System.Collections.Generic.ICollection<System.String> public ICollection<string> Scope { get; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
SecurityTokenValidator
¶ Gets or sets the
Microsoft.IdentityModel.Tokens.ISecurityTokenValidator
used to validate identity tokens.Return type: Microsoft.IdentityModel.Tokens.ISecurityTokenValidator public ISecurityTokenValidator SecurityTokenValidator { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
SignOutScheme
¶ The Authentication Scheme to use with SignOut on the SignOutPath. SignInScheme will be used if this is not set.
Return type: System.String public string SignOutScheme { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
SkipUnrecognizedRequests
¶ Indicates if requests to the CallbackPath may also be for other components. If enabled the middleware will pass requests through that do not contain OpenIdConnect authentication responses. Disabling this and setting the CallbackPath to a dedicated endpoint may provide better error handling. This is disabled by default.
Return type: System.Boolean public bool SkipUnrecognizedRequests { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
StateDataFormat
¶ Gets or sets the type used to secure data handled by the middleware.
Return type: Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties> public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
StringDataFormat
¶ Gets or sets the type used to secure strings used by the middleware.
Return type: Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String> public ISecureDataFormat<string> StringDataFormat { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
SystemClock
¶ For testing purposes only.
Return type: Microsoft.AspNetCore.Authentication.ISystemClock [EditorBrowsable(EditorBrowsableState.Never)] public ISystemClock SystemClock { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
TokenValidationParameters
¶ Gets or sets the parameters used to validate identity tokens.
Return type: Microsoft.IdentityModel.Tokens.TokenValidationParameters public TokenValidationParameters TokenValidationParameters { get; set; }
-
Microsoft.AspNetCore.Builder.OpenIdConnectOptions.
UseTokenLifetime
¶ Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token. If the token does not provide lifetime information then normal session lifetimes will be used. This is disabled by default.
Return type: System.Boolean public bool UseTokenLifetime { get; set; }
-