Namespace OpenIddict.Server

Classes

AttachTokenDigests

Contains the logic responsible of generating and attaching the hashes of the access token and authorization code to the identity token principal.

AttachTokenParameters

Contains the logic responsible of attaching the tokens and their metadata to the sign-in response.

BeautifyUserCode

Contains the logic responsible of beautifying the user code returned to the client. Note: this handler is not used when the degraded mode is enabled.

CreateIdentityTokenEntry

Contains the logic responsible of creating an identity token entry. Note: this handler is not used when the degraded mode is enabled.

GenerateIdentityModelIdentityToken

Contains the logic responsible of generating an identity token using IdentityModel.

OpenIddictServerConfiguration

Contains the methods required to ensure that the OpenIddict server configuration is valid.

OpenIddictServerConstants.Properties

OpenIddictServerEvents.ApplyAuthorizationResponseContext

Represents an event called before the authorization response is returned to the caller.

OpenIddictServerEvents.ApplyConfigurationResponseContext

Represents an event called before the configuration response is returned to the caller.

OpenIddictServerEvents.ApplyCryptographyResponseContext

Represents an event called before the cryptography response is returned to the caller.

OpenIddictServerEvents.ApplyDeviceResponseContext

Represents an event called before the device response is returned to the caller.

OpenIddictServerEvents.ApplyIntrospectionResponseContext

Represents an event called before the introspection response is returned to the caller.

OpenIddictServerEvents.ApplyLogoutResponseContext

Represents an event called before the logout response is returned to the caller.

OpenIddictServerEvents.ApplyRevocationResponseContext

Represents an event called before the revocation response is returned to the caller.

OpenIddictServerEvents.ApplyTokenResponseContext

Represents an event called before the token response is returned to the caller.

OpenIddictServerEvents.ApplyUserinfoResponseContext

Represents an event called before the userinfo response is returned to the caller.

OpenIddictServerEvents.ApplyVerificationResponseContext

Represents an event called before the verification response is returned to the caller.

OpenIddictServerEvents.BaseContext

Represents an abstract base class used for certain event contexts.

OpenIddictServerEvents.BaseRequestContext

Represents an abstract base class used for certain event contexts.

OpenIddictServerEvents.BaseValidatingClientContext

Represents an abstract base class used for certain event contexts.

OpenIddictServerEvents.BaseValidatingContext

Represents an abstract base class used for certain event contexts.

OpenIddictServerEvents.BaseValidatingTicketContext

Represents an abstract base class used for certain event contexts.

OpenIddictServerEvents.ExtractAuthorizationRequestContext

Represents an event called for each request to the authorization endpoint to give the user code a chance to manually extract the authorization request from the ambient HTTP context.

OpenIddictServerEvents.ExtractConfigurationRequestContext

Represents an event called for each request to the configuration endpoint to give the user code a chance to manually extract the configuration request from the ambient HTTP context.

OpenIddictServerEvents.ExtractCryptographyRequestContext

Represents an event called for each request to the cryptography endpoint to give the user code a chance to manually extract the cryptography request from the ambient HTTP context.

OpenIddictServerEvents.ExtractDeviceRequestContext

Represents an event called for each request to the device endpoint to give the user code a chance to manually extract the device request from the ambient HTTP context.

OpenIddictServerEvents.ExtractIntrospectionRequestContext

Represents an event called for each request to the introspection endpoint to give the user code a chance to manually extract the introspection request from the ambient HTTP context.

OpenIddictServerEvents.ExtractLogoutRequestContext

Represents an event called for each request to the logout endpoint to give the user code a chance to manually extract the logout request from the ambient HTTP context.

OpenIddictServerEvents.ExtractRevocationRequestContext

Represents an event called for each request to the revocation endpoint to give the user code a chance to manually extract the revocation request from the ambient HTTP context.

OpenIddictServerEvents.ExtractTokenRequestContext

Represents an event called for each request to the token endpoint to give the user code a chance to manually extract the token request from the ambient HTTP context.

OpenIddictServerEvents.ExtractUserinfoRequestContext

Represents an event called for each request to the userinfo endpoint to give the user code a chance to manually extract the userinfo request from the ambient HTTP context.

OpenIddictServerEvents.ExtractVerificationRequestContext

Represents an event called for each request to the verification endpoint to give the user code a chance to manually extract the verification request from the ambient HTTP context.

OpenIddictServerEvents.HandleAuthorizationRequestContext

Represents an event called for each validated authorization request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleConfigurationRequestContext

Represents an event called for each validated configuration request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleCryptographyRequestContext

Represents an event called for each validated cryptography request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleDeviceRequestContext

Represents an event called for each validated device request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleIntrospectionRequestContext

Represents an event called for each validated introspection request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleLogoutRequestContext

Represents an event called for each validated logout request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleRevocationRequestContext

Represents an event called for each validated revocation request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleTokenRequestContext

Represents an event called for each validated token request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleUserinfoRequestContext

Represents an event called for each validated userinfo request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.HandleVerificationRequestContext

Represents an event called for each validated verification request to allow the user code to decide how the request should be handled.

OpenIddictServerEvents.ProcessAuthenticationContext

Represents an event called when processing an authentication operation.

OpenIddictServerEvents.ProcessChallengeContext

Represents an event called when processing a challenge response.

OpenIddictServerEvents.ProcessErrorContext

Represents an event called when processing an errored response.

OpenIddictServerEvents.ProcessRequestContext

Represents an event called when processing an incoming request.

OpenIddictServerEvents.ProcessSignInContext

Represents an event called when processing a sign-in response.

OpenIddictServerEvents.ProcessSignOutContext

Represents an event called when processing a sign-out response.

OpenIddictServerEvents.ValidateAuthorizationRequestContext

Represents an event called for each request to the authorization endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateConfigurationRequestContext

Represents an event called for each request to the configuration endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateCryptographyRequestContext

Represents an event called for each request to the cryptography endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateDeviceRequestContext

Represents an event called for each request to the device endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateIntrospectionRequestContext

Represents an event called for each request to the introspection endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateLogoutRequestContext

Represents an event called for each request to the logout endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateRevocationRequestContext

Represents an event called for each request to the revocation endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateTokenRequestContext

Represents an event called for each request to the token endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateUserinfoRequestContext

Represents an event called for each request to the userinfo endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerEvents.ValidateVerificationRequestContext

Represents an event called for each request to the verification endpoint to determine if the request is valid and should continue to be processed.

OpenIddictServerHandler<TContext>

Represents a handler able to process TContext events.

OpenIddictServerHandlerDescriptor

Represents an immutable descriptor of an OpenIddict server event handler.

OpenIddictServerHandlerDescriptor.Builder<TContext>

Contains methods allowing to build a descriptor instance.

OpenIddictServerHandlerFilters

OpenIddictServerHandlerFilters.RequireAccessTokenGenerated

Represents a filter that excludes the associated handlers if no access token is generated.

OpenIddictServerHandlerFilters.RequireAuthorizationCodeGenerated

Represents a filter that excludes the associated handlers if no authorization code is generated.

OpenIddictServerHandlerFilters.RequireAuthorizationRequest

Represents a filter that excludes the associated handlers if the request is not an authorization request.

OpenIddictServerHandlerFilters.RequireAuthorizationStorageEnabled

Represents a filter that excludes the associated handlers if authorization storage was not enabled.

OpenIddictServerHandlerFilters.RequireClientIdParameter

Represents a filter that excludes the associated handlers when no client identifier is received.

OpenIddictServerHandlerFilters.RequireConfigurationRequest

Represents a filter that excludes the associated handlers if the request is not a configuration request.

OpenIddictServerHandlerFilters.RequireCryptographyRequest

Represents a filter that excludes the associated handlers if the request is not a cryptography request.

OpenIddictServerHandlerFilters.RequireDegradedModeDisabled

Represents a filter that excludes the associated handlers if the degraded mode was not enabled.

OpenIddictServerHandlerFilters.RequireDeviceCodeGenerated

Represents a filter that excludes the associated handlers if no device code is generated.

OpenIddictServerHandlerFilters.RequireDeviceRequest

Represents a filter that excludes the associated handlers if the request is not a device request.

OpenIddictServerHandlerFilters.RequireEndpointPermissionsEnabled

Represents a filter that excludes the associated handlers if endpoint permissions were disabled.

OpenIddictServerHandlerFilters.RequireGrantTypePermissionsEnabled

Represents a filter that excludes the associated handlers if grant type permissions were disabled.

OpenIddictServerHandlerFilters.RequireIdentityTokenGenerated

Represents a filter that excludes the associated handlers if no identity token is generated.

OpenIddictServerHandlerFilters.RequireIntrospectionRequest

Represents a filter that excludes the associated handlers if the request is not an introspection request.

OpenIddictServerHandlerFilters.RequireLogoutRequest

Represents a filter that excludes the associated handlers if the request is not a logout request.

OpenIddictServerHandlerFilters.RequirePostLogoutRedirectUriParameter

Represents a filter that excludes the associated handlers when no post_logout_redirect_uri is received.

OpenIddictServerHandlerFilters.RequireReferenceAccessTokensEnabled

Represents a filter that excludes the associated handlers if reference access tokens are disabled.

OpenIddictServerHandlerFilters.RequireReferenceRefreshTokensEnabled

Represents a filter that excludes the associated handlers if reference refresh tokens are disabled.

OpenIddictServerHandlerFilters.RequireRefreshTokenGenerated

Represents a filter that excludes the associated handlers if no refresh token is generated.

OpenIddictServerHandlerFilters.RequireResponseTypePermissionsEnabled

Represents a filter that excludes the associated handlers if response type permissions were disabled.

OpenIddictServerHandlerFilters.RequireRevocationRequest

Represents a filter that excludes the associated handlers if the request is not a revocation request.

OpenIddictServerHandlerFilters.RequireScopePermissionsEnabled

Represents a filter that excludes the associated handlers if scope permissions were disabled.

OpenIddictServerHandlerFilters.RequireScopeValidationEnabled

Represents a filter that excludes the associated handlers if scope validation was not enabled.

OpenIddictServerHandlerFilters.RequireSlidingRefreshTokenExpirationEnabled

Represents a filter that excludes the associated handlers if sliding refresh token expiration was disabled.

OpenIddictServerHandlerFilters.RequireTokenRequest

Represents a filter that excludes the associated handlers if the request is not a token request.

OpenIddictServerHandlerFilters.RequireTokenStorageEnabled

Represents a filter that excludes the associated handlers if token storage was not enabled.

OpenIddictServerHandlerFilters.RequireUserCodeGenerated

Represents a filter that excludes the associated handlers if no user code is generated.

OpenIddictServerHandlerFilters.RequireUserinfoRequest

Represents a filter that excludes the associated handlers if the request is not a userinfo request.

OpenIddictServerHandlerFilters.RequireVerificationRequest

Represents a filter that excludes the associated handlers if the request is not a verification request.

OpenIddictServerHandlers.ApplyVerificationResponse<TContext>

Contains the logic responsible of processing sign-in responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.AttachAuthorization

Contains the logic responsible of creating an ad-hoc authorization, if necessary. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.AttachDefaultChallengeError

Contains the logic responsible of ensuring that the challenge response contains an appropriate error.

OpenIddictServerHandlers.AttachDefaultPresenters

Contains the logic responsible of attaching default presenters to the authentication principal.

OpenIddictServerHandlers.AttachDefaultScopes

Contains the logic responsible of attaching default scopes to the authentication principal.

OpenIddictServerHandlers.AttachDeviceCodeIdentifier

Contains the logic responsible of generating and attaching the device code identifier to the user code principal.

OpenIddictServerHandlers.AttachPrincipal

Contains the logic responsible of attaching the principal extracted from the authorization code/refresh token to the event context.

OpenIddictServerHandlers.AttachRedirectUri

Contains the logic responsible of inferring the redirect URL used to send the response back to the client application.

OpenIddictServerHandlers.AttachResponseState

Contains the logic responsible of attaching the state to the response.

OpenIddictServerHandlers.AttachUserCodePrincipal

Contains the logic responsible of attaching the claims principal resolved from the user code.

OpenIddictServerHandlers.Authentication

OpenIddictServerHandlers.Authentication.ApplyAuthorizationResponse<TContext>

Contains the logic responsible of processing sign-in responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Authentication.ExtractAuthorizationRequest

Contains the logic responsible of extracting authorization requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Authentication.HandleAuthorizationRequest

Contains the logic responsible of handling authorization requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Authentication.ValidateAuthorizationRequest

Contains the logic responsible of validating authorization requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Authentication.ValidateClientId

Contains the logic responsible of rejecting authorization requests that use an invalid client_id. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Authentication.ValidateClientIdParameter

Contains the logic responsible of rejecting authorization requests that lack the mandatory client_id parameter.

OpenIddictServerHandlers.Authentication.ValidateClientRedirectUri

Contains the logic responsible of rejecting authorization requests that use an invalid redirect_uri. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Authentication.ValidateClientType

Contains the logic responsible of rejecting authorization requests that use a response_type containing token if the application is a confidential client. Note: this handler is not used when the degraded mode is enabled or when response type permissions enforcement is not disabled.

OpenIddictServerHandlers.Authentication.ValidateNonceParameter

Contains the logic responsible of rejecting authorization requests that don't specify a nonce.

OpenIddictServerHandlers.Authentication.ValidatePromptParameter

Contains the logic responsible of rejecting authorization requests that don't specify a valid prompt parameter.

OpenIddictServerHandlers.Authentication.ValidateProofKeyForCodeExchangeParameters

Contains the logic responsible of rejecting authorization requests that don't specify valid PKCE parameters.

OpenIddictServerHandlers.Authentication.ValidateRedirectUriParameter

Contains the logic responsible of rejecting authorization requests that lack the mandatory redirect_uri parameter.

OpenIddictServerHandlers.Authentication.ValidateRequestParameter

Contains the logic responsible of rejecting authorization requests that specify the unsupported request parameter.

OpenIddictServerHandlers.Authentication.ValidateRequestUriParameter

Contains the logic responsible of rejecting authorization requests that specify the unsupported request_uri parameter.

OpenIddictServerHandlers.Authentication.ValidateResponseModeParameter

Contains the logic responsible of rejecting authorization requests that specify an invalid response_mode parameter.

OpenIddictServerHandlers.Authentication.ValidateResponseTypeParameter

Contains the logic responsible of rejecting authorization requests that specify an invalid response_type parameter.

OpenIddictServerHandlers.Authentication.ValidateScopeParameter

Contains the logic responsible of rejecting authorization requests that don't specify a valid scope parameter.

OpenIddictServerHandlers.Authentication.ValidateScopes

Contains the logic responsible of rejecting authorization requests that use unregistered scopes. Note: this handler partially works with the degraded mode but is not used when scope validation is disabled.

OpenIddictServerHandlers.ConvertReferenceAccessToken

Contains the logic responsible of converting the access token to a reference token. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ConvertReferenceAuthorizationCode

Contains the logic responsible of converting the authorization code to a reference token. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ConvertReferenceDeviceCode

Contains the logic responsible of creating a reference device code entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ConvertReferenceRefreshToken

Contains the logic responsible of converting the refresh token to a reference token. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ConvertReferenceUserCode

Contains the logic responsible of converting the user code to a reference token. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.CreateAccessTokenEntry

Contains the logic responsible of creating an access token entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.CreateAuthorizationCodeEntry

Contains the logic responsible of creating an authorization code entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.CreateDeviceCodeEntry

Contains the logic responsible of creating a device code entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.CreateRefreshTokenEntry

Contains the logic responsible of creating a refresh token entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.CreateUserCodeEntry

Contains the logic responsible of creating a user code entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Device

OpenIddictServerHandlers.Device.ApplyDeviceResponse<TContext>

Contains the logic responsible of processing sign-in responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Device.ExtractDeviceRequest

Contains the logic responsible of extracting device requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Device.HandleDeviceRequest

Contains the logic responsible of handling device requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Device.ValidateClientIdParameter

Contains the logic responsible of rejecting device requests that don't specify a client identifier.

OpenIddictServerHandlers.Device.ValidateDeviceRequest

Contains the logic responsible of validating device requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Device.ValidateScopeParameter

Contains the logic responsible of rejecting device requests that don't specify a valid scope parameter.

OpenIddictServerHandlers.Device.ValidateScopes

OpenIddictServerHandlers.Discovery

OpenIddictServerHandlers.Discovery.ApplyConfigurationResponse<TContext>

Contains the logic responsible of processing configuration responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Discovery.ApplyCryptographyResponse<TContext>

Contains the logic responsible of processing cryptography responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Discovery.AttachAdditionalMetadata

Contains the logic responsible of attaching additional metadata to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachClaims

Contains the logic responsible of attaching the supported claims to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachClientAuthenticationMethods

Contains the logic responsible of attaching the supported client authentication methods to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachCodeChallengeMethods

Contains the logic responsible of attaching the supported code challenge methods to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachEndpoints

Contains the logic responsible of attaching the endpoint URLs to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachGrantTypes

Contains the logic responsible of attaching the supported grant types to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachResponseModes

Contains the logic responsible of attaching the supported response modes to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachResponseTypes

Contains the logic responsible of attaching the supported response types to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachScopes

Contains the logic responsible of attaching the supported response types to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachSigningAlgorithms

Contains the logic responsible of attaching the supported signing algorithms to the provider discovery document.

OpenIddictServerHandlers.Discovery.AttachSigningKeys

Contains the logic responsible of attaching the signing keys to the JWKS document.

OpenIddictServerHandlers.Discovery.AttachSubjectTypes

Contains the logic responsible of attaching the supported subject types to the provider discovery document.

OpenIddictServerHandlers.Discovery.ExtractConfigurationRequest

Contains the logic responsible of extracting configuration requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Discovery.ExtractCryptographyRequest

Contains the logic responsible of extracting cryptography requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Discovery.HandleConfigurationRequest

Contains the logic responsible of handling configuration requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Discovery.HandleCryptographyRequest

Contains the logic responsible of handling cryptography requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Discovery.ValidateConfigurationRequest

Contains the logic responsible of validating configuration requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Discovery.ValidateCryptographyRequest

Contains the logic responsible of validating cryptography requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.EvaluateTokenTypes

Contains the logic responsible of selecting the token types that should be generated and optionally returned in the response.

OpenIddictServerHandlers.Exchange

OpenIddictServerHandlers.Exchange.ApplyTokenResponse<TContext>

Contains the logic responsible of processing sign-in responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Exchange.ExtractTokenRequest

Contains the logic responsible of extracting token requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Exchange.HandleTokenRequest

Contains the logic responsible of handling token requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Exchange.ValidateAuthorizationCodeParameter

Contains the logic responsible of rejecting token requests that don't specify an authorization code for the authorization code grant type.

OpenIddictServerHandlers.Exchange.ValidateClientCredentialsParameters

Contains the logic responsible of rejecting token requests that don't specify client credentials for the client credentials grant type.

OpenIddictServerHandlers.Exchange.ValidateClientIdParameter

Contains the logic responsible of rejecting token requests that don't specify a client identifier.

OpenIddictServerHandlers.Exchange.ValidateDeviceCodeParameter

Contains the logic responsible of rejecting token requests that don't specify a device code for the device code grant type.

OpenIddictServerHandlers.Exchange.ValidateGrantType

Contains the logic responsible of rejecting token requests that specify an invalid grant type.

OpenIddictServerHandlers.Exchange.ValidateProofKeyForCodeExchangeParameters

Contains the logic responsible of rejecting token requests that don't specify valid PKCE parameters.

OpenIddictServerHandlers.Exchange.ValidateRefreshTokenParameter

Contains the logic responsible of rejecting token requests that specify invalid parameters for the refresh token grant type.

OpenIddictServerHandlers.Exchange.ValidateResourceOwnerCredentialsParameters

Contains the logic responsible of rejecting token requests that specify invalid parameters for the password grant type.

OpenIddictServerHandlers.Exchange.ValidateScopes

OpenIddictServerHandlers.Exchange.ValidateTokenRequest

Contains the logic responsible of validating token requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.ExtractVerificationRequest

Contains the logic responsible of extracting verification requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.GenerateIdentityModelAccessToken

Contains the logic responsible of generating an access token using IdentityModel.

OpenIddictServerHandlers.GenerateIdentityModelAuthorizationCode

Contains the logic responsible of generating an authorization code using IdentityModel.

OpenIddictServerHandlers.GenerateIdentityModelDeviceCode

Contains the logic responsible of generating a device code using IdentityModel.

OpenIddictServerHandlers.GenerateIdentityModelRefreshToken

Contains the logic responsible of generating a refresh token using IdentityModel.

OpenIddictServerHandlers.GenerateIdentityModelUserCode

Contains the logic responsible of generating a user code using IdentityModel.

OpenIddictServerHandlers.HandleVerificationRequest

Contains the logic responsible of handling verification requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.InferResources

Contains the logic responsible of inferring resources from the audience claims if necessary.

OpenIddictServerHandlers.InferResponseMode

Contains the logic responsible of inferring the response mode used to send the response back to the client application.

OpenIddictServerHandlers.Introspection

OpenIddictServerHandlers.Introspection.ApplyIntrospectionResponse<TContext>

Contains the logic responsible of processing sign-in responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Introspection.AttachApplicationClaims

Contains the logic responsible of attaching the application-specific claims extracted from the token the event context. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Introspection.AttachMetadataClaims

Contains the logic responsible of attaching the metadata claims extracted from the token the event context.

OpenIddictServerHandlers.Introspection.AttachPrincipal

Contains the logic responsible of attaching the principal extracted from the introspected token to the event context.

OpenIddictServerHandlers.Introspection.ExtractIntrospectionRequest

Contains the logic responsible of extracting introspection requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Introspection.HandleIntrospectionRequest

Contains the logic responsible of handling introspection requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Introspection.NormalizeErrorResponse

Contains the logic responsible of converting introspection errors to standard active: false responses.

OpenIddictServerHandlers.Introspection.ValidateAuthorizedParty

Contains the logic responsible of rejecting introspection requests that specify a token that cannot be introspected by the client application sending the introspection requests.

OpenIddictServerHandlers.Introspection.ValidateClientId

Contains the logic responsible of rejecting introspection requests that use an invalid client_id. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Introspection.ValidateClientIdParameter

Contains the logic responsible of rejecting introspection requests that don't specify a client identifier.

OpenIddictServerHandlers.Introspection.ValidateClientSecret

Contains the logic responsible of rejecting introspection requests specifying an invalid client secret. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Introspection.ValidateClientType

Contains the logic responsible of rejecting introspection requests made by applications whose client type is not compatible with the presence or absence of a client secret. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Introspection.ValidateEndpointPermissions

Contains the logic responsible of rejecting introspection requests made by applications that haven't been granted the introspection endpoint permission. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Introspection.ValidateIntrospectionRequest

Contains the logic responsible of validating introspection requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Introspection.ValidateToken

Contains the logic responsible of rejecting introspection requests that don't specify a valid token.

OpenIddictServerHandlers.Introspection.ValidateTokenParameter

Contains the logic responsible of rejecting introspection requests that don't specify a token.

OpenIddictServerHandlers.Introspection.ValidateTokenType

Contains the logic responsible of rejecting introspection requests that specify an unsupported token.

OpenIddictServerHandlers.MapInternalClaims

Contains the logic responsible of mapping internal claims used by OpenIddict.

OpenIddictServerHandlers.NormalizeScopeClaims

Contains the logic responsible of normalizing the scope claims stored in the tokens.

OpenIddictServerHandlers.NormalizeUserCode

Contains the logic responsible of normalizing user codes. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.PrepareAccessTokenPrincipal

Contains the logic responsible of preparing and attaching the claims principal used to generate the access token, if one is going to be returned.

OpenIddictServerHandlers.PrepareAuthorizationCodePrincipal

Contains the logic responsible of preparing and attaching the claims principal used to generate the authorization code, if one is going to be returned.

OpenIddictServerHandlers.PrepareDeviceCodePrincipal

Contains the logic responsible of preparing and attaching the claims principal used to generate the device code, if one is going to be returned.

OpenIddictServerHandlers.PrepareIdentityTokenPrincipal

Contains the logic responsible of preparing and attaching the claims principal used to generate the identity token, if one is going to be returned.

OpenIddictServerHandlers.PrepareRefreshTokenPrincipal

Contains the logic responsible of preparing and attaching the claims principal used to generate the refresh token, if one is going to be returned.

OpenIddictServerHandlers.PrepareUserCodePrincipal

Contains the logic responsible of preparing and attaching the claims principal used to generate the user code, if one is going to be returned.

OpenIddictServerHandlers.RedeemTokenEntry

Contains the logic responsible of redeeming the token entry corresponding to the received authorization code, device code, user code or refresh token. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.RejectDeviceCodeEntry

Contains the logic responsible of rejecting the device code entry associated with the user code. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.RejectUserCodeEntry

Contains the logic responsible of rejecting the user code entry, if applicable. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.RestoreInternalClaims

Contains the logic responsible of re-attaching internal claims to the authentication principal.

OpenIddictServerHandlers.RestoreReferenceTokenProperties

Contains the logic responsible of restoring the properties associated with a reference token entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Revocation

OpenIddictServerHandlers.Revocation.ApplyRevocationResponse<TContext>

Contains the logic responsible of processing sign-in responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Revocation.AttachPrincipal

Contains the logic responsible of attaching the principal extracted from the revoked token to the event context.

OpenIddictServerHandlers.Revocation.ExtractRevocationRequest

Contains the logic responsible of extracting revocation requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Revocation.HandleRevocationRequest

Contains the logic responsible of handling revocation requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Revocation.NormalizeErrorResponse

Contains the logic responsible of converting revocation errors to standard empty responses.

OpenIddictServerHandlers.Revocation.RevokeToken

Contains the logic responsible of revoking the token sent by the client application. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Revocation.ValidateAuthorizedParty

Contains the logic responsible of rejecting revocation requests that specify a token that cannot be revoked by the client application sending the revocation requests.

OpenIddictServerHandlers.Revocation.ValidateClientId

Contains the logic responsible of rejecting revocation requests that use an invalid client_id. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Revocation.ValidateClientIdParameter

Contains the logic responsible of rejecting revocation requests that don't specify a client identifier.

OpenIddictServerHandlers.Revocation.ValidateClientSecret

Contains the logic responsible of rejecting revocation requests specifying an invalid client secret. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Revocation.ValidateClientType

Contains the logic responsible of rejecting revocation requests made by applications whose client type is not compatible with the presence or absence of a client secret. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Revocation.ValidateEndpointPermissions

Contains the logic responsible of rejecting revocation requests made by applications that haven't been granted the revocation endpoint permission. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Revocation.ValidateRevocationRequest

Contains the logic responsible of validating revocation requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Revocation.ValidateToken

Contains the logic responsible of rejecting revocation requests that don't specify a valid token.

OpenIddictServerHandlers.Revocation.ValidateTokenParameter

Contains the logic responsible of rejecting revocation requests that don't specify a token.

OpenIddictServerHandlers.Revocation.ValidateTokenType

Contains the logic responsible of rejecting revocation requests that specify an unsupported token.

OpenIddictServerHandlers.Session

OpenIddictServerHandlers.Session.ApplyLogoutResponse<TContext>

Contains the logic responsible of processing sign-in responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Session.AttachPostLogoutRedirectUri

Contains the logic responsible of inferring the redirect URL used to send the response back to the client application.

OpenIddictServerHandlers.Session.AttachResponseState

Contains the logic responsible of attaching the state to the response.

OpenIddictServerHandlers.Session.ExtractLogoutRequest

Contains the logic responsible of extracting logout requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Session.HandleLogoutRequest

Contains the logic responsible of handling logout requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri

Contains the logic responsible of rejecting logout requests that use an invalid redirect_uri. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Session.ValidateLogoutRequest

Contains the logic responsible of validating logout requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Session.ValidatePostLogoutRedirectUriParameter

Contains the logic responsible of rejecting logout requests that specify an invalid post_logout_redirect_uri parameter.

OpenIddictServerHandlers.UpdateReferenceDeviceCodeEntry

Contains the logic responsible of updating the existing reference device code entry. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.Userinfo

OpenIddictServerHandlers.Userinfo.ApplyUserinfoResponse<TContext>

Contains the logic responsible of processing userinfo responses and invoking the corresponding event handlers.

OpenIddictServerHandlers.Userinfo.AttachAudiences

Contains the logic responsible of attaching the audiences to the userinfo response.

OpenIddictServerHandlers.Userinfo.AttachClaims

Contains the logic responsible of attaching well known claims to the userinfo response.

OpenIddictServerHandlers.Userinfo.AttachPrincipal

Contains the logic responsible of attaching the principal extracted from the access token to the event context.

OpenIddictServerHandlers.Userinfo.ExtractUserinfoRequest

Contains the logic responsible of extracting userinfo requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Userinfo.HandleUserinfoRequest

Contains the logic responsible of handling userinfo requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.Userinfo.ValidateAccessTokenParameter

Contains the logic responsible of rejecting userinfo requests that don't specify an access token.

OpenIddictServerHandlers.Userinfo.ValidateToken

Contains the logic responsible of rejecting userinfo requests that don't specify a valid token.

OpenIddictServerHandlers.Userinfo.ValidateUserinfoRequest

Contains the logic responsible of validating userinfo requests and invoking the corresponding event handlers.

OpenIddictServerHandlers.ValidateAuthenticationDemand

Contains the logic responsible of rejecting authentication demands made from unsupported endpoints.

OpenIddictServerHandlers.ValidateAuthorizationEntry

Contains the logic responsible of authentication demands a token whose associated authorization entry is no longer valid (e.g was revoked). Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateChallengeDemand

Contains the logic responsible of rejecting challenge demands made from unsupported endpoints.

OpenIddictServerHandlers.ValidateClientId

Contains the logic responsible of rejecting token requests that use an invalid client_id. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateClientSecret

Contains the logic responsible of rejecting token requests specifying an invalid client secret. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateClientType

Contains the logic responsible of rejecting token requests made by applications whose client type is not compatible with the requested grant type. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateCodeVerifier

Contains the logic responsible of rejecting token requests that specify an invalid code verifier.

OpenIddictServerHandlers.ValidateEndpointPermissions

Contains the logic responsible of rejecting token requests made by applications that haven't been granted the token endpoint permission. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateExpirationDate

Contains the logic responsible of rejecting authentication demands that use an expired token.

OpenIddictServerHandlers.ValidateGrantedScopes

Contains the logic responsible of rejecting token requests that specify scopes that were not initially granted by the resource owner during the authorization request.

OpenIddictServerHandlers.ValidateGrantTypePermissions

Contains the logic responsible of rejecting token requests made by applications that haven't been granted the appropriate grant type permissions. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateIdentityModelToken

Contains the logic responsible of validating tokens generated using IdentityModel.

OpenIddictServerHandlers.ValidatePresenters

Contains the logic responsible of rejecting token requests that use an authorization code, a device code or a refresh token that was issued for a different client application.

OpenIddictServerHandlers.ValidatePrincipal

Contains the logic responsible of rejecting authentication demands for which no valid principal was resolved.

OpenIddictServerHandlers.ValidateProofKeyForCodeExchangeRequirement

Contains the logic responsible of rejecting token requests made by applications for which proof key for code exchange (PKCE) was enforced. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateRedirectUri

Contains the logic responsible of rejecting token requests that specify an invalid redirect_uri.

OpenIddictServerHandlers.ValidateReferenceTokenIdentifier

Contains the logic responsible of validating reference token identifiers. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateResponseTypePermissions

Contains the logic responsible of rejecting authorization requests made by unauthorized applications. Note: this handler is not used when the degraded mode is enabled or when grant type permissions are disabled.

OpenIddictServerHandlers.ValidateScopePermissions

Contains the logic responsible of rejecting token requests made by applications that haven't been granted the appropriate grant type permission. Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateSignInDemand

Contains the logic responsible of ensuring that the sign-in demand is compatible with the type of the endpoint that handled the request.

OpenIddictServerHandlers.ValidateToken

Contains the logic responsible of rejecting token requests that don't specify a valid authorization code, device code or refresh token.

OpenIddictServerHandlers.ValidateTokenEntry

Contains the logic responsible of rejecting authentication demands that use a token whose entry is no longer valid (e.g was revoked). Note: this handler is not used when the degraded mode is enabled.

OpenIddictServerHandlers.ValidateTokenParameter

Contains the logic responsible of resolving the token from the incoming request.

OpenIddictServerHandlers.ValidateVerificationRequest

Contains the logic responsible of validating verification requests and invoking the corresponding event handlers.

OpenIddictServerHelpers

Exposes extensions simplifying the integration with the OpenIddict server services.

OpenIddictServerOptions

Provides various settings needed to configure the OpenIddict server handler.

OpenIddictServerTransaction

Represents the context associated with an OpenID Connect server request.

ValidateSignOutDemand

Contains the logic responsible of ensuring that the sign-out demand is compatible with the type of the endpoint that handled the request.