Microsoft.IdentityModel.Protocols.OpenIdConnect
Well-known endpoints for Microsoft Entra ID.
Contains OpenIdConnect configuration that can be populated from a json string.
Deserializes the json string into an object.
json string representing the configuration.
object representing the configuration.
Thrown if is null or empty.
Thrown if fails to deserialize.
Serializes the object to a json string.
object to serialize.
json string representing the configuration object.
Thrown if is .
Writes an as JSON to the .
The to serialize.
The to write to.
Because a is provided, this method does not return a value.
Thrown if or is .
Initializes an new instance of .
Initializes an new instance of from a json string.
a json string containing the metadata
Thrown if is null or empty.
When deserializing from JSON any properties that are not defined will be placed here.
Gets the collection of 'acr_values_supported'
Gets the collection of 'authorization_details_types_supported'
Gets or sets the 'authorization_endpoint'.
Gets the collection of 'authorization_encryption_alg_values_supported'
Gets the collection of 'authorization_encryption_enc_values_supported'
Gets or sets the 'authorization_response_iss_parameter_supported'
Gets the collection of 'authorization_signing_alg_values_supported'
Gets or sets the 'backchannel_authentication_endpoint'.
Gets the collection of 'backchannel_authentication_request_signing_alg_values_supported'
Gets the collection of 'backchannel_token_delivery_modes_supported'
Gets or sets the 'backchannel_user_code_parameter_supported'
Gets or sets the 'check_session_iframe'.
Gets the collection of 'claims_supported'
Gets the collection of 'claims_locales_supported'
Gets or sets the 'claims_parameter_supported'
Gets the collection of 'claim_types_supported'
Gets the collection of 'code_challenge_methods_supported'
Gets or sets the 'device_authorization_endpoint'.
Gets the collection of 'display_values_supported'
Gets the collection of 'dpop_signing_alg_values_supported'
Gets or sets the 'end_session_endpoint'.
Gets or sets the 'frontchannel_logout_session_supported'.
Would be breaking to change, in 6x it was string, spec says bool.
TODO - add another property, obsolete and drop in 8x?
see: https://openid.net/specs/openid-connect-frontchannel-1_0.html
Gets or sets the 'frontchannel_logout_supported'.
Would be breaking to change, in 6x it was string, spec says bool.
TODO - add another property, obsolete and drop in 8x?
see: https://openid.net/specs/openid-connect-frontchannel-1_0.html
Gets the collection of 'grant_types_supported'
Boolean value specifying whether the OP supports HTTP-based logout. Default is false.
Gets the collection of 'id_token_encryption_alg_values_supported'.
Gets the collection of 'id_token_encryption_enc_values_supported'.
Gets the collection of 'id_token_signing_alg_values_supported'.
Gets or sets the 'introspection_endpoint'.
Gets the collection of 'introspection_endpoint_auth_methods_supported'.
Gets the collection of 'introspection_endpoint_auth_signing_alg_values_supported'.
Gets or sets the 'issuer'.
Gets or sets the 'jwks_uri'
Gets or sets the
Boolean value specifying whether the OP can pass a sid (session ID) query parameter to identify the RP session at the OP when the logout_uri is used. Dafault Value is false.
Gets or sets the 'op_policy_uri'
Gets or sets the 'op_tos_uri'
Gets the collection of 'prompt_values_supported'
Gets or sets the 'pushed_authorization_request_endpoint'.
Gets or sets the 'registration_endpoint'
Gets the collection of 'request_object_encryption_alg_values_supported'.
Gets the collection of 'request_object_encryption_enc_values_supported'.
Gets the collection of 'request_object_signing_alg_values_supported'.
Gets or sets the 'request_parameter_supported'
Gets or sets the 'request_uri_parameter_supported'
Gets or sets the 'require_pushed_authorization_requests'
Gets or sets the 'require_request_uri_registration'
Gets the collection of 'response_modes_supported'.
Gets the collection of 'response_types_supported'.
Gets or sets the 'revocation_endpoint'
Gets the collection of 'revocation_endpoint_auth_methods_supported'.
Gets the collection of 'revocation_endpoint_auth_signing_alg_values_supported'.
Gets or sets the 'service_documentation'
Gets the collection of 'scopes_supported'
Gets the that the IdentityProvider indicates are to be used signing tokens.
Gets the collection of 'subject_types_supported'.
Gets or sets the 'token_endpoint'.
This base class property is not used in OpenIdConnect.
Gets the collection of 'token_endpoint_auth_methods_supported'.
Gets the collection of 'token_endpoint_auth_signing_alg_values_supported'.
Gets or sets the 'tls_client_certificate_bound_access_tokens'
Gets the collection of 'ui_locales_supported'
Gets or sets the 'user_info_endpoint'.
Gets the collection of 'userinfo_encryption_alg_values_supported'
Gets the collection of 'userinfo_encryption_enc_values_supported'
Gets the collection of 'userinfo_signing_alg_values_supported'
Gets a bool that determines if the 'acr_values_supported' (AcrValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'acr_values_supported' (AcrValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'authorization_details_types_supported' (AuthorizationDetailsTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'authorization_details_types_supported' (AuthorizationDetailsTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'authorization_encryption_alg_values_supported' (AuthorizationEncryptionAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'authorization_encryption_alg_values_supported' (AuthorizationEncryptionAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'authorization_encryption_enc_values_supported' (AuthorizationEncryptionEncValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'authorization_encryption_enc_values_supported' (AuthorizationEncryptionEncValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'authorization_signing_alg_values_supported' (AuthorizationSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'authorization_signing_alg_values_supported' (AuthorizationSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'backchannel_token_delivery_modes_supported' (BackchannelTokenDeliveryModesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'backchannel_token_delivery_modes_supported' (BackchannelTokenDeliveryModesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'backchannel_authentication_request_signing_alg_values_supported' (BackchannelAuthenticationRequestSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'backchannel_authentication_request_signing_alg_values_supported' (BackchannelAuthenticationRequestSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'claims_supported' (ClaimsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'claims_supported' (ClaimsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'claims_locales_supported' (ClaimsLocalesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'claims_locales_supported' (ClaimsLocalesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'claim_types_supported' (ClaimTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'claim_types_supported' (ClaimTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'code_challenge_methods_supported' (CodeChallengeMethodsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'code_challenge_methods_supported' (CodeChallengeMethodsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'display_values_supported' (DisplayValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'display_values_supported' (DisplayValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'dpop_signing_alg_values_supported' (DPoPSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'dpop_signing_alg_values_supported' (DPoPSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'grant_types_supported' (GrantTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'grant_types_supported' (GrantTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'id_token_encryption_alg_values_supported' (IdTokenEncryptionAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'id_token_encryption_alg_values_supported' (IdTokenEncryptionAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'id_token_encryption_enc_values_supported' (IdTokenEncryptionEncValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'id_token_encryption_enc_values_supported' (IdTokenEncryptionEncValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'id_token_signing_alg_values_supported' (IdTokenSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'id_token_signing_alg_values_supported' (IdTokenSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'introspection_endpoint_auth_methods_supported' (IntrospectionEndpointAuthMethodsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'introspection_endpoint_auth_methods_supported' (IntrospectionEndpointAuthMethodsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'introspection_endpoint_auth_signing_alg_values_supported' (IntrospectionEndpointAuthSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'introspection_endpoint_auth_signing_alg_values_supported' (IntrospectionEndpointAuthSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'prompt_values_supported' (PromptValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'prompt_values_supported' (PromptValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'request_object_encryption_alg_values_supported' (RequestObjectEncryptionAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'request_object_encryption_alg_values_supported' (RequestObjectEncryptionAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'request_object_encryption_enc_values_supported' (RequestObjectEncryptionEncValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'request_object_encryption_enc_values_supported' (RequestObjectEncryptionEncValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'request_object_signing_alg_values_supported' (RequestObjectSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'request_object_signing_alg_values_supported' (RequestObjectSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'response_modes_supported' (ResponseModesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'response_modes_supported' (ResponseModesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'response_types_supported' (ResponseTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'response_types_supported' (ResponseTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'revocation_endpoint_auth_methods_supported' (RevocationEndpointAuthMethodsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'revocation_endpoint_auth_methods_supported' (RevocationEndpointAuthMethodsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'revocation_endpoint_auth_signing_alg_values_supported' (RevocationEndpointAuthSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'revocation_endpoint_auth_signing_alg_values_supported' (RevocationEndpointAuthSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'SigningKeys' property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
This method always returns false.
Gets a bool that determines if the 'scopes_supported' (ScopesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'scopes_supported' (ScopesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'subject_types_supported' (SubjectTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'subject_types_supported' (SubjectTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'token_endpoint_auth_methods_supported' (TokenEndpointAuthMethodsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'token_endpoint_auth_methods_supported' (TokenEndpointAuthMethodsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'token_endpoint_auth_signing_alg_values_supported' (TokenEndpointAuthSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'token_endpoint_auth_signing_alg_values_supported' (TokenEndpointAuthSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'ui_locales_supported' (UILocalesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'ui_locales_supported' (UILocalesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'userinfo_encryption_alg_values_supported' (UserInfoEndpointEncryptionAlgValuesSupported ) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'userinfo_encryption_alg_values_supported' (UserInfoEndpointEncryptionAlgValuesSupported ) is not empty; otherwise, false.
Gets a bool that determines if the 'userinfo_encryption_enc_values_supported' (UserInfoEndpointEncryptionEncValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'userinfo_encryption_enc_values_supported' (UserInfoEndpointEncryptionEncValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'userinfo_signing_alg_values_supported' (UserInfoEndpointSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'userinfo_signing_alg_values_supported' (UserInfoEndpointSigningAlgValuesSupported) is not empty; otherwise, false.
Retrieves a populated given an address.
Retrieves a populated given an address.
address of the discovery document.
.
A populated instance.
Retrieves a populated given an address and an .
address of the discovery document.
the to use to read the discovery document.
.
A populated instance.
Retrieves a populated given an address and an .
address of the discovery document.
the to use to read the discovery document
.
A populated instance.
Defines a class for validating the OpenIdConnectConfiguration by using default policy.
1 is the default minimum number of keys.
Validates a OpenIdConnectConfiguration by using current policy.
The OpenIdConnectConfiguration to validate.
A that contains validation result.
The minimum number of keys.
This exception is thrown when an OpenIdConnect protocol handler encounters a protocol error.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid at_hash.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid chash.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid nonce.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid state.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
Reads config. see: https://openid.net/specs/openid-connect-discovery-1_0.html
a pointing at a StartObject.
A .
Log messages and codes
Defines grant types for token requests. See: .
Indicates the 'authorization_code' grant type. See: .
Indicates the 'refresh_token' grant type. See: .
Indicates the 'password' grant type. See: .
Indicates the 'client_credentials' grant type. See: .
Indicates the 'saml2-bearer' grant type. See: .
Indicates the 'jwt-bearer' grant type. See: .
Indicates the 'device_code' grant type. See: .
Indicates the 'token-exchange' grant type. See: .
Indicates the 'ciba' grant type. See: .
Provides access to common OpenID Connect parameters.
Initializes a new instance of the class.
Initializes a new instance of class with a json string.
Initializes a new instance of the class.
an to copy.
Thrown if is null.
Initializes a new instance of the class.
Collection of key value pairs.
Initializes a new instance of the class.
Enumeration of key value pairs.
Returns a new instance of with values copied from this object.
A new object copied from this object
This is a shallow Clone.
Creates an OpenIdConnect message using the current contents of this .
The uri to use for a redirect.
Creates a query string using the current contents of this .
The uri to use for a redirect.
Adds telemetry values to the message parameters.
Gets or sets the value for the AuthorizationEndpoint
Gets or sets 'access_Token'.
Gets or sets 'acr_values'.
Gets or sets 'claims_Locales'.
Gets or sets 'client_assertion'.
Gets or sets 'client_assertion_type'.
Gets or sets 'client_id'.
Gets or sets 'client_secret'.
Gets or sets 'code'.
Gets or sets 'display'.
Gets or sets 'domain_hint'.
Gets or sets whether parameters for the library and version are sent on the query string for this instance.
This value is set to the value of EnableTelemetryParametersByDefault at message creation time.
Gets or sets whether parameters for the library and version are sent on the query string for all instances of .
Gets or sets 'error'.
Gets or sets 'error_description'.
Gets or sets 'error_uri'.
Gets or sets 'expires_in'.
Gets or sets 'grant_type'.
Gets or sets 'id_token'.
Gets or sets 'id_token_hint'.
Gets or sets 'identity_provider'.
Gets or sets 'iss'.
Gets or sets 'login_hint'.
Gets or sets 'max_age'.
Gets or sets 'nonce'.
Gets or sets 'password'.
Gets or sets 'post_logout_redirect_uri'.
Gets or sets 'prompt'.
Gets or sets 'redirect_uri'.
Gets or sets 'refresh_token'.
Gets or set the request type for this message
This is helpful when sending different messages through a common routine, when extra parameters need to be set or checked.
Gets or sets 'request_uri'.
Gets or sets 'response_mode'.
Gets or sets 'response_type'.
Gets or sets 'resource'
Gets or sets 'scope'.
Gets or sets 'session_state'.
Gets or sets 'sid'.
Gets the string that is sent as telemetry data in an OpenIdConnectMessage.
Gets or sets 'state'.
Gets or sets 'target_link_uri'.
Gets or sets the value for the token endpoint.
Gets or sets 'token_type'.
Gets or sets 'ui_locales'.
Gets or sets 'user_id'.
Gets or sets 'username'.
Parameter names for OpenID Connect Request/Response messages.
Parameter names for OpenIdConnect Request/Response messages as UTF8 bytes.
Used by UTF8JsonReader/Writer for performance gains.
Defines prompt types for OpenID Connect.
Indicates the 'none' prompt type. See: .
Indicates the 'create' prompt type. See: .
Indicates the 'login' prompt type. See: .
Indicates the 'consent' prompt type. See: .
Indicates the 'select_account' prompt type. See: .
A context that is used by a when validating an OpenIdConnect Response
to ensure it's compliant with .
Creates an instance of
Gets or sets the 'client_id'.
Gets or sets the 'nonce' that was sent with the 'Request'.
Gets or sets the that represents the 'Response'.
Gets or sets the state that was sent with the 'Request'.
Gets or sets the response received from userinfo_endpoint.
This id_token is assumed to have audience, issuer, lifetime and signature validated.
Delegate for validating additional claims in 'id_token'.
The to validate.
The used for validation.
is used to ensure that an
obtained using OpenID Connect is compliant with .
Default for the how long the nonce is valid.
The default is 1 hour.
Creates a new instance of ,
Generates a value suitable to use as a nonce.
A nonce
If is true then the 'nonce' will contain the Epoch time as the prefix, seperated by a '.'.
For example: 635410359229176103.MjQxMzU0ODUtMTdiNi00NzAwLWE4MjYtNTE4NGExYmMxNTNlZmRkOGU4NjctZjQ5OS00MWIyLTljNTEtMjg3NmM0NzI4ZTc5
Gets the algorithm mapping between OpenIdConnect and .Net for Hash algorithms.
a that contains mappings from the JWT namespace to .NET.
Gets or set the defining how long a nonce is valid.
Thrown if 'value' is less than or equal to 'TimeSpan.Zero'.
If is true, then the nonce timestamp is bound by DateTime.UtcNow + NonceLifetime.
Gets or sets a value indicating if an 'acr' claim is required.
Gets or sets a value indicating if an 'amr' claim is required.
Gets or sets a value indicating if an 'auth_time' claim is required.
Gets or sets a value indicating if an 'azp' claim is required.
Get or sets if a nonce is required.
Gets or sets a value indicating if a 'state' is required.
Gets or sets a value indicating if validation of 'state' is turned on or off.
Gets or sets a value indicating if a 'sub' claim is required.
Gets or sets a value for default RequreSub.
default: true.
Gets or set logic to control if a nonce is prefixed with a timestamp.
if is true then:
will return a 'nonce' with the Epoch time as the prefix, delimited with a '.'.
will require that the 'nonce' has a valid time as the prefix.
Gets or sets the delegate for validating 'id_token'.
Validates that an OpenID Connect response from 'authorization_endpoint" is valid as per .
the that contains expected values.
Thrown if is null.
Thrown if the response is not spec compliant.
It is assumed that the IdToken had ('aud', 'iss', 'signature', 'lifetime') validated.
Validates that an OpenID Connect response from "token_endpoint" is valid as per .
the that contains expected values.
Thrown if is null.
Thrown if the response is not spec compliant.
It is assumed that the IdToken had ('aud', 'iss', 'signature', 'lifetime') validated.
Validates that an OpenIdConnect response from "useinfo_endpoint" is valid as per .
the that contains expected values.
Thrown if is null.
Thrown if the response is not spec compliant.
Validates the claims in the 'id_token' as per .
the that contains expected values.
Returns a corresponding to string 'algorithm' after translation using .
string representing the hash algorithm
A .
Gets or sets the that will be used for crypto operations.
Validates the 'token' or 'code'. See: .
The expected value of the hash. normally the c_hash or at_hash claim.
Item to be hashed per oidc spec.
Algorithm for computing hash over hashItem.
Thrown if the expected value does not equal the hashed value.
Validates the 'code' according to .
A that contains the protocol message to validate.
Thrown if is null.
Thrown if is null.
Thrown if contains a 'code' and there is no 'c_hash' claim in the 'id_token'.
Thrown if contains a 'code' and the 'c_hash' claim is not a string in the 'id_token'.
Thrown if the 'c_hash' claim in the 'id_token' does not correspond to the 'code' in the response.
Validates the 'token' according to .
A that contains the protocol message to validate.
Thrown if is null.
Thrown if is null.
Thrown if the contains a 'token' and there is no 'at_hash' claim in the id_token.
Thrown if the contains a 'token' and the 'at_hash' claim is not a string in the 'id_token'.
Thrown if the 'at_hash' claim in the 'id_token' does not correspond to the 'access_token' in the response.
Validates that the contains the nonce.
A that contains the 'nonce' to validate.
Thrown if is null.
Thrown if is null.
Thrown if is null and RequireNonce is true.
Thrown if the 'nonce' found in the 'id_token' does not match .
Thrown if is true and a timestamp is not: found, well formed, negatire or expired.
The timestamp is only validated if is true.
If is not-null, then a matching 'nonce' must exist in the 'id_token'.
Validates that the 'state' in message is valid.
A that contains the 'state' to validate.
Thrown if is null.
Thrown if is null.
Thrown if is present in but either or its state property is null.
Thrown if 'state' in the context does not match the state in the message.
Defines request types for OpenID Connect.
Can be used to determine the message type in an .
Indicates an Authentication Request. See: .
Indicates a Logout Request. See: .
Indicates a Token Request. See: .
Defines response modes for OpenID Connect.
Can be used to determine the response mode in an .
Indicates a Query Response. See: .
Indicates a Form Post Response. See: .
Indicates a Fragment Response. See: .
Defines response types for OpenID Connect.
Can be used to determine the message type in an .
Indicates the 'code' response type. See: .
For example: .
Indicates the 'code id_token' response type. See: .
For example: .
Indicates the 'code id_token token' response type. See: .
For example: .
Indicates the 'code token' response type. See: .
For example: .
Indicates the 'id_token' response type. See: .
For example: .
Indicates the 'id_token token' response type. See: .
For example: .
Defined in the OAuth v2 Multiple Response Types 1.0 spec for completeness.
See: .
Defined in the OAuth 2.0 spec for completeness.
See: .
Defines scopes for OpenID Connect. For details, See: .
Can be used to determine the scope in an .
Indicates the address scope. See: .
Indicates the email scope. See: .
Indicates the offline_access scope. See: .
Indicates the openid scope. See: .
Indicates both openid and profile scopes. See: .
Indicates the phone scope. See: .
Indicates the profile scope. See: .
Indicates the user_impersonation scope for Microsoft Entra ID.
Defines a set of properties names.
Property defined for 'check_session_iframe'.
Property defined for 'redirect_uri' set in the request for a 'code'
Property defined for 'session state'
OpenID Provider Metadata parameter names
.
OpenId Provider Metadata parameter names as UTF8Bytes
Used by UTF8JsonReader/Writer for performance gains.
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata