OpenIdConnectOptions Class¶

Inheritance Hierarchy¶

• System.Object
• Microsoft.AspNetCore.Builder.AuthenticationOptions
• Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions
• Microsoft.AspNetCore.Builder.OpenIdConnectOptions

Syntax¶

public class OpenIdConnectOptions : RemoteAuthenticationOptions

class Microsoft.AspNetCore.Builder.OpenIdConnectOptions

Constructors¶

OpenIdConnectOptions()¶

Initializes a new Microsoft.AspNetCore.Builder.OpenIdConnectOptions

public OpenIdConnectOptions()

OpenIdConnectOptions(System.String)

Initializes a new Microsoft.AspNetCore.Builder.OpenIdConnectOptions

Arguments:	authenticationScheme (System.String) – will be used to when creating the System.Security.Claims.ClaimsIdentity for the AuthenticationScheme property.

public OpenIdConnectOptions(string authenticationScheme)

Properties¶

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.AuthenticationMethod¶

Gets or sets the method used to redirect the user agent to the identity provider.

Return type:	Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior

public OpenIdConnectRedirectBehavior AuthenticationMethod { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.Authority¶

Gets or sets the Authority to use when making OpenIdConnect calls.

Return type:	System.String

public string Authority { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.ClientId¶

Gets or sets the ‘client_id’.

Return type:	System.String

public string ClientId { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.ClientSecret¶

Gets or sets the ‘client_secret’.

Return type:	System.String

public string ClientSecret { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.Configuration¶

Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties will not be used. This information should not be updated during request processing.

Return type:	Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration

public OpenIdConnectConfiguration Configuration { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.ConfigurationManager¶

Responsible for retrieving, caching, and refreshing the configuration from metadata. If not provided, then one will be created using the MetadataAddress and Backchannel properties.

Return type:	Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>

public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.Events¶

Gets or sets the Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents to notify when processing OpenIdConnect messages.

Return type:	Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents

public IOpenIdConnectEvents Events { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.GetClaimsFromUserInfoEndpoint¶

Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.

Return type:	System.Boolean

public bool GetClaimsFromUserInfoEndpoint { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.MetadataAddress¶

Gets or sets the discovery endpoint for obtaining metadata

Return type:	System.String

public string MetadataAddress { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.PostLogoutRedirectUri¶

Gets or sets the ‘post_logout_redirect_uri’

Return type:	System.String

public string PostLogoutRedirectUri { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.ProtocolValidator¶

Gets or sets the Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator that is used to ensure that the ‘id_token’ received is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation

Return type:	Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator

public OpenIdConnectProtocolValidator ProtocolValidator { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.RefreshOnIssuerKeyNotFound¶

Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic recovery in the event of a signature key rollover. This is enabled by default.

Return type:	System.Boolean

public bool RefreshOnIssuerKeyNotFound { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.RemoteSignOutPath¶

Requests received on this path will cause the middleware to invoke SignOut using the SignInScheme.

Return type:	Microsoft.AspNetCore.Http.PathString

public PathString RemoteSignOutPath { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.RequireHttpsMetadata¶

Gets or sets if HTTPS is required for the metadata address or authority. The default is true. This should be disabled only in development environments.

Return type:	System.Boolean

public bool RequireHttpsMetadata { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.Resource¶

Gets or sets the ‘resource’.

Return type:	System.String

public string Resource { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.ResponseMode¶

Gets or sets the ‘response_mode’.

Return type:	System.String

public string ResponseMode { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.ResponseType¶

Gets or sets the ‘response_type’.

Return type:	System.String

public string ResponseType { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.Scope¶

Gets the list of permissions to request.

Return type:	System.Collections.Generic.ICollection<System.String>

public ICollection<string> Scope { get; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.SecurityTokenValidator¶

Gets or sets the Microsoft.IdentityModel.Tokens.ISecurityTokenValidator used to validate identity tokens.

Return type:	Microsoft.IdentityModel.Tokens.ISecurityTokenValidator

public ISecurityTokenValidator SecurityTokenValidator { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.SignOutScheme¶

The Authentication Scheme to use with SignOut on the SignOutPath. SignInScheme will be used if this is not set.

Return type:	System.String

public string SignOutScheme { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.SkipUnrecognizedRequests¶

Indicates if requests to the CallbackPath may also be for other components. If enabled the middleware will pass requests through that do not contain OpenIdConnect authentication responses. Disabling this and setting the CallbackPath to a dedicated endpoint may provide better error handling. This is disabled by default.

Return type:	System.Boolean

public bool SkipUnrecognizedRequests { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.StateDataFormat¶

Gets or sets the type used to secure data handled by the middleware.

Return type:	Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>

public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.StringDataFormat¶

Gets or sets the type used to secure strings used by the middleware.

Return type:	Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String>

public ISecureDataFormat<string> StringDataFormat { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.SystemClock¶

For testing purposes only.

Return type:	Microsoft.AspNetCore.Authentication.ISystemClock

[EditorBrowsable(EditorBrowsableState.Never)]
public ISystemClock SystemClock { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.TokenValidationParameters¶

Gets or sets the parameters used to validate identity tokens.

Return type:	Microsoft.IdentityModel.Tokens.TokenValidationParameters

public TokenValidationParameters TokenValidationParameters { get; set; }

Microsoft.AspNetCore.Builder.OpenIdConnectOptions.UseTokenLifetime¶

Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token. If the token does not provide lifetime information then normal session lifetimes will be used. This is disabled by default.

Return type:	System.Boolean

public bool UseTokenLifetime { get; set; }