OpenIdConnectOptions Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Configuration options for OpenIdConnectMiddleware
public ref class OpenIdConnectOptions : Microsoft::AspNetCore::Builder::RemoteAuthenticationOptionspublic class OpenIdConnectOptions : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptionstype OpenIdConnectOptions = class
inherit RemoteAuthenticationOptionsPublic Class OpenIdConnectOptions
Inherits RemoteAuthenticationOptions- Inheritance
Constructors
| OpenIdConnectOptions() |
Initializes a new OpenIdConnectOptions |
| OpenIdConnectOptions(String) |
Initializes a new OpenIdConnectOptions |
Properties
| AuthenticationMethod |
Gets or sets the method used to redirect the user agent to the identity provider. |
| AuthenticationScheme |
The AuthenticationScheme in the options corresponds to the logical name for a particular authentication scheme. A different value may be assigned in order to use the same authentication middleware type more than once in a pipeline. (Inherited from AuthenticationOptions) |
| Authority |
Gets or sets the Authority to use when making OpenIdConnect calls. |
| AutomaticAuthenticate |
If true the authentication middleware alter the request user coming in. If false the authentication middleware will only provide identity when explicitly indicated by the AuthenticationScheme. (Inherited from AuthenticationOptions) |
| AutomaticChallenge |
If true the authentication middleware should handle automatic challenge. If false the authentication middleware will only alter responses when explicitly indicated by the AuthenticationScheme. (Inherited from AuthenticationOptions) |
| BackchannelHttpHandler |
The HttpMessageHandler used to communicate with remote identity provider. This cannot be set at the same time as BackchannelCertificateValidator unless the value can be downcast to a WebRequestHandler. (Inherited from RemoteAuthenticationOptions) |
| BackchannelTimeout |
Gets or sets timeout value in milliseconds for back channel communications with the remote identity provider. (Inherited from RemoteAuthenticationOptions) |
| CallbackPath |
The request path within the application's base path where the user-agent will be returned. The middleware will process this request when it arrives. (Inherited from RemoteAuthenticationOptions) |
| ClaimsIssuer |
Gets or sets the issuer that should be used for any claims that are created (Inherited from AuthenticationOptions) |
| ClientId |
Gets or sets the 'client_id'. |
| ClientSecret |
Gets or sets the 'client_secret'. |
| Configuration |
Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties will not be used. This information should not be updated during request processing. |
| ConfigurationManager |
Responsible for retrieving, caching, and refreshing the configuration from metadata. If not provided, then one will be created using the MetadataAddress and Backchannel properties. |
| Description |
Additional information about the authentication type which is made available to the application. (Inherited from AuthenticationOptions) |
| DisplayName |
Get or sets the text that the user can display on a sign in user interface. (Inherited from RemoteAuthenticationOptions) |
| Events |
Gets or sets the IOpenIdConnectEvents to notify when processing OpenIdConnect messages. |
| GetClaimsFromUserInfoEndpoint |
Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint. The default is 'false'. |
| MetadataAddress |
Gets or sets the discovery endpoint for obtaining metadata |
| PostLogoutRedirectUri |
The uri where the user agent will be returned to after application is signed out from the identity provider. The redirect will happen after the SignedOutCallbackPath is invoked. |
| ProtocolValidator |
Gets or sets the OpenIdConnectProtocolValidator that is used to ensure that the 'id_token' received is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation |
| RefreshOnIssuerKeyNotFound |
Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic recovery in the event of a signature key rollover. This is enabled by default. |
| RemoteAuthenticationTimeout |
Gets or sets the time limit for completing the authentication flow (15 minutes by default). (Inherited from RemoteAuthenticationOptions) |
| RemoteSignOutPath |
Requests received on this path will cause the middleware to invoke SignOut using the SignInScheme. |
| RequireHttpsMetadata |
Gets or sets if HTTPS is required for the metadata address or authority. The default is true. This should be disabled only in development environments. |
| Resource |
Gets or sets the 'resource'. |
| ResponseMode |
Gets or sets the 'response_mode'. |
| ResponseType |
Gets or sets the 'response_type'. |
| SaveTokens |
Defines whether access and refresh tokens should be stored in the
AuthenticationProperties after a successful authorization.
This property is set to |
| Scope |
Gets the list of permissions to request. |
| SecurityTokenValidator |
Gets or sets the ISecurityTokenValidator used to validate identity tokens. |
| SignedOutCallbackPath |
The request path within the application's base path where the user agent will be returned after sign out from the identity provider. |
| SignInScheme |
Gets or sets the authentication scheme corresponding to the middleware responsible of persisting user's identity after a successful authentication. This value typically corresponds to a cookie middleware registered in the Startup class. When omitted, SignInScheme is used as a fallback value. (Inherited from RemoteAuthenticationOptions) |
| SignOutScheme |
The Authentication Scheme to use with SignOut on the SignOutPath. SignInScheme will be used if this is not set. |
| SkipUnrecognizedRequests |
Indicates if requests to the CallbackPath may also be for other components. If enabled the middleware will pass requests through that do not contain OpenIdConnect authentication responses. Disabling this and setting the CallbackPath to a dedicated endpoint may provide better error handling. This is disabled by default. |
| StateDataFormat |
Gets or sets the type used to secure data handled by the middleware. |
| StringDataFormat |
Gets or sets the type used to secure strings used by the middleware. |
| SystemClock |
For testing purposes only. |
| SystemClock |
For testing purposes only. (Inherited from AuthenticationOptions) |
| TokenValidationParameters |
Gets or sets the parameters used to validate identity tokens. |
| UseTokenLifetime |
Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token. If the token does not provide lifetime information then normal session lifetimes will be used. This is disabled by default. |