OpenIddict.Abstractions

Exposes common helpers used by the OpenIddict assemblies.

Generates a sequence of non-overlapping adjacent buffers over the source sequence.

The source sequence element type. The source sequence. The number of elements for allocated buffers. A sequence of buffers containing source sequence elements.

Finds the first base type that matches the specified generic type definition.

The type to introspect. The generic type definition. A instance if the base type was found, otherwise.

Finds all the base types that matches the specified generic type definition.

The type to introspect. The generic type definition. A instance if the base type was found, otherwise.

Determines whether the specified is considered fatal.

The exception. if the exception is considered fatal, otherwise.

Computes an absolute URI from the specified and URIs. Note: if the URI is already absolute, it is directly returned.

The left part. The right part. An absolute URI from the specified and . is not an absolute URI.

Computes an absolute URI from the specified and URIs. Note: if the URI is already absolute, it is directly returned.

The left part. The right part. An absolute URI from the specified and . is not an absolute URI.

Determines whether the URI is a base of the URI.

The left part. The right part. if is base of , otherwise. or is . is not an absolute URI.

Determines whether the specified represents an implicit file URI.

The URI. if represents an implicit file URI, otherwise. is .

Adds a query string parameter to the specified .

The URI to which the query string parameter will be appended. The name of the query string parameter to append. The value of the query string parameter to append. The final instance, with the specified parameter appended.

Adds query string parameters to the specified .

The URI to which the query string parameters will be appended. The query string parameters to append. The final instance, with the specified parameters appended. is . is .

Extracts the parameters from the specified query string.

The query string, which may start with a '?'. The parameters extracted from the specified query string. is .

Extracts the parameters from the specified fragment.

The fragment string, which may start with a '#'. The parameters extracted from the specified fragment. is .

Extracts the parameters from the specified stream.

The stream containing the formurl-encoded data. The encoding used to decode the data. The that can be used to abort the operation. The parameters extracted from the specified stream. is .

Creates a new key.

A new key. The implementation resolved from is not valid.

Creates a new key.

The EC curve to use to create the key. A new key. The implementation resolved from is not valid.

Creates a new key.

The key size to use to create the key. A new key. The implementation resolved from is not valid.

Computes the SHA-256 message authentication code (HMAC) of the specified array.

The cryptographic key. The data to hash. The SHA-256 message authentication code (HMAC) of the specified array. The implementation resolved from is not valid.

Computes the SHA-256 hash of the specified array.

The data to hash. The SHA-256 hash of the specified array. The implementation resolved from is not valid.

Computes the SHA-384 hash of the specified array.

The data to hash. The SHA-384 hash of the specified array. The implementation resolved from is not valid.

Computes the SHA-512 hash of the specified array.

The data to hash. The SHA-512 hash of the specified array. The implementation resolved from is not valid.

Creates a new array of containing random data.

The desired entropy, in bits. A new array of containing random data. The implementation resolved from is not valid.

Creates a new containing characters randomly selected in the specified .

The characters allowed to be included in the . The number of characters. A new containing random data. The implementation resolved from is not valid.

Determines the equality of two byte sequences in an amount of time which depends on the length of the sequences, but not the values.

The first buffer to compare. The second buffer to compare. if and have the same values for and the same contents, otherwise.

Converts the specified hex-encoded to a byte array.

The hexadecimal string. The byte array.

Removes the characters that are not part of from the specified string.

Note: if no character is present in , all characters are considered valid. The original string. The list of allowed characters. The original string with the disallowed characters removed. is .

Creates a derived key based on the specified using PBKDF2.

The secret from which the derived key is created. The salt. The hash algorithm to use. The number of iterations to use. The desired length of the derived key. A derived key based on the specified . The implementation resolved from is not valid.

Determines whether the specified represent a specific EC curve.

The . The . if is identical to the specified , otherwise.

Determines whether the items contained in are of the specified .

The . The expected . if the array doesn't contain any value or if all the items are of the specified , otherwise.

Determines whether the items contained in are of the specified .

The . The expected . if the object doesn't contain any value or if all the items are of the specified , otherwise.

Note: this implementation was taken from ASP.NET Core.

Note: this implementation was taken from ASP.NET Core.

Provides methods allowing to cache applications after retrieving them from the store.

The type of the Application entity.

Add the specified application to the cache.

The application to add to the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves an application using its client identifier.

The client identifier associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client application corresponding to the identifier.

Retrieves an application using its unique identifier.

The unique identifier associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client application corresponding to the identifier.

Retrieves all the applications associated with the specified post_logout_redirect_uri.

The post_logout_redirect_uri associated with the applications. The that can be used to abort the operation. The client applications corresponding to the specified redirect_uri.

Retrieves all the applications associated with the specified redirect_uri.

The redirect_uri associated with the applications. The that can be used to abort the operation. The client applications corresponding to the specified redirect_uri.

Removes the specified application from the cache.

The application to remove from the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Provides methods allowing to cache authorizations after retrieving them from the store.

The type of the Authorization entity.

Add the specified authorization to the cache.

The authorization to add to the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves the authorizations matching the specified parameters.

The subject associated with the authorization, or not to filter out specific subjects. The client associated with the authorization, or not to filter out specific clients. The authorization status, or not to filter out specific authorization statuses. The authorization type, or not to filter out specific authorization types. The minimal scopes associated with the authorization, or not to filter out scopes. The that can be used to abort the operation. The authorizations corresponding to the criteria.

Retrieves the list of authorizations corresponding to the specified application identifier.

The application identifier associated with the authorizations. The that can be used to abort the operation. The authorizations corresponding to the specified application.

Retrieves an authorization using its unique identifier.

The unique identifier associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization corresponding to the identifier.

Retrieves all the authorizations corresponding to the specified subject.

The subject associated with the authorization. The that can be used to abort the operation. The authorizations corresponding to the specified subject.

Removes the specified authorization from the cache.

The authorization to remove from the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Provides methods allowing to cache scopes after retrieving them from the store.

The type of the Scope entity.

Add the specified scope to the cache.

The scope to add to the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves a scope using its unique identifier.

The unique identifier associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scope corresponding to the identifier.

Retrieves a scope using its name.

The name associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scope corresponding to the specified name.

Retrieves a list of scopes using their name.

The names associated with the scopes. The that can be used to abort the operation. The scopes corresponding to the specified names.

Retrieves all the scopes that contain the specified resource.

The resource associated with the scopes. The that can be used to abort the operation. The scopes associated with the specified resource.

Removes the specified scope from the cache.

The scope to remove from the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Provides methods allowing to cache tokens after retrieving them from the store.

The type of the Token entity.

Add the specified token to the cache.

The token to add to the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves the tokens matching the specified parameters.

The subject associated with the token, or not to filter out specific subjects. The client associated with the token, or not to filter out specific clients. The token status, or not to filter out specific token statuses. The token type, or not to filter out specific token types. The that can be used to abort the operation. The tokens corresponding to the criteria.

Retrieves the list of tokens corresponding to the specified application identifier.

The application identifier associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified application.

Retrieves the list of tokens corresponding to the specified authorization identifier.

The authorization identifier associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified authorization.

Retrieves a token using its unique identifier.

The unique identifier associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the token corresponding to the unique identifier.

Retrieves the list of tokens corresponding to the specified reference identifier. Note: the reference identifier may be hashed or encrypted for security reasons.

The reference identifier associated with the tokens. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the tokens corresponding to the specified reference identifier.

Retrieves the list of tokens corresponding to the specified subject.

The subject associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified subject.

Removes the specified token from the cache.

The token to remove from the cache. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Represents an OpenIddict application descriptor.

Gets or sets the application type associated with the application.

Gets or sets the client identifier associated with the application.

Gets or sets the client secret associated with the application. Note: depending on the application manager used when creating it, this property may be hashed or encrypted for security reasons.

Gets or sets the client type associated with the application.

Gets or sets the consent type associated with the application.

Gets or sets the display name associated with the application.

Gets the localized display names associated with the application.

Gets or sets the JSON Web Key Set associated with the application.

Gets the permissions associated with the application.

Gets the post-logout redirect URIs associated with the application.

Gets the additional properties associated with the application.

Gets the redirect URIs associated with the application.

Gets the requirements associated with the application.

Gets the settings associated with the application.

Represents an OpenIddict authorization descriptor.

Gets or sets the application identifier associated with the authorization.

Gets or sets the creation date associated with the authorization.

Gets or sets the optional principal associated with the authorization. Note: this property is not stored by the default authorization stores.

Gets the additional properties associated with the authorization.

Gets the scopes associated with the authorization.

Gets or sets the status associated with the authorization.

Gets or sets the subject associated with the authorization.

Gets or sets the type of the authorization.

Represents an OpenIddict scope descriptor.

Gets or sets the description associated with the scope.

Gets the localized descriptions associated with the scope.

Gets or sets the display name associated with the scope.

Gets the localized display names associated with the scope.

Gets or sets the unique name associated with the scope.

Gets the additional properties associated with the scope.

Gets the resources associated with the scope.

Represents an OpenIddict token descriptor.

Gets or sets the application identifier associated with the token.

Gets or sets the authorization identifier associated with the token.

Gets or sets the creation date associated with the token.

Gets or sets the expiration date associated with the token.

Gets or sets the payload associated with the token.

Gets or sets the optional principal associated with the token. Note: this property is not stored by the default token stores.

Gets the additional properties associated with the token.

Gets or sets the redemption date associated with the token.

Gets or sets the reference identifier associated with the token. Note: depending on the application manager used when creating it, this property may be hashed or encrypted for security reasons.

Gets or sets the status associated with the token.

Gets or sets the subject associated with the token.

Gets or sets the token type.

Provides methods allowing to manage the applications stored in the store. Note: this interface is not meant to be implemented by custom managers, that should inherit from the generic OpenIddictApplicationManager class. It is primarily intended to be used by services that cannot easily depend on the generic application manager. The actual application entity type is automatically determined at runtime based on the OpenIddict core options.

Determines the number of applications that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of applications in the database.

Determines the number of applications that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of applications that match the specified query.

Creates a new application based on the specified descriptor. Note: the default implementation automatically hashes the client secret before storing it in the database, for security reasons.

The application descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the application.

Creates a new application.

The application to create. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Creates a new application. Note: the default implementation automatically hashes the client secret before storing it in the database, for security reasons.

The application to create. The client secret associated with the application, if applicable. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes an existing application.

The application to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves an application using its client identifier.

The client identifier associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client application corresponding to the identifier.

Retrieves an application using its unique identifier.

The unique identifier associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client application corresponding to the identifier.

Retrieves all the applications associated with the specified post_logout_redirect_uri.

The post_logout_redirect_uri associated with the applications. The that can be used to abort the operation. The client applications corresponding to the specified post_logout_redirect_uri.

Retrieves all the applications associated with the specified redirect_uri.

The redirect_uri associated with the applications. The that can be used to abort the operation. The client applications corresponding to the specified redirect_uri.

Retrieves the application type associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the application type of the application (by default, "web").

Executes the specified query and returns the first element.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the client identifier associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client identifier associated with the application.

Retrieves the client type associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client type of the application (by default, "public").

Retrieves the consent type associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the consent type of the application (by default, "explicit").

Retrieves the display name associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the display name associated with the application.

Retrieves the localized display names associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the localized display names associated with the application.

Retrieves the unique identifier associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the application.

Retrieves the JSON Web Key Set associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the JSON Web Key Set associated with the application.

Retrieves the localized display name associated with an application and corresponding to the current UI culture or one of its parents. If no matching value can be found, the non-localized value is returned.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the matching localized display name associated with the application.

Retrieves the localized display name associated with an application and corresponding to the specified culture or one of its parents. If no matching value can be found, the non-localized value is returned.

The application. The culture (typically ). The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the matching localized display name associated with the application.

Retrieves the permissions associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the permissions associated with the application.

Retrieves the post-logout redirect URIs associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the post_logout_redirect_uri associated with the application.

Retrieves the additional properties associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the application.

Retrieves the redirect URIs associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the redirect_uri associated with the application.

Retrieves the requirements associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the requirements associated with the application.

Retrieves the settings associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the settings associated with the application.

Determines whether a given application has the specified application type.

The application. The expected application type. The that can be used to abort the operation. if the application has the specified application type, otherwise.

Determines whether a given application has the specified client type.

The application. The expected client type. The that can be used to abort the operation. if the application has the specified client type, otherwise.

Determines whether a given application has the specified consent type.

The application. The expected consent type. The that can be used to abort the operation. if the application has the specified consent type, otherwise.

Determines whether the specified permission has been granted to the application.

The application. The permission. The that can be used to abort the operation. if the application has been granted the specified permission, otherwise.

Determines whether the specified requirement has been enforced for the specified application.

The application. The requirement. The that can be used to abort the operation. if the requirement has been enforced for the specified application, otherwise.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The result type. The query to execute. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Populates the specified descriptor using the properties exposed by the application.

The descriptor. The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Populates the application using the specified descriptor.

The application. The descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing application.

The application to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing application.

The application to update. The descriptor used to update the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing application and replaces the existing secret. Note: the default implementation automatically hashes the client secret before storing it in the database, for security reasons.

The application to update. The client secret associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Validates the application to ensure it's in a consistent state.

The application. The that can be used to abort the operation. The validation error encountered when validating the application.

Validates the client_secret associated with an application.

The application. The secret that should be compared to the client_secret stored in the database. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation. A that can be used to monitor the asynchronous operation, whose result returns a boolean indicating whether the client secret was valid.

Validates the post_logout_redirect_uri to ensure it's associated with an application.

The application. The URI that should be compared to one of the post_logout_redirect_uri stored in the database. The that can be used to abort the operation. Note: if no client_id parameter is specified in end session requests, this method may not be called. A that can be used to monitor the asynchronous operation, whose result returns a boolean indicating whether the post_logout_redirect_uri was valid.

Validates the redirect_uri to ensure it's associated with an application.

The application. The URI that should be compared to one of the redirect_uri stored in the database. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns a boolean indicating whether the redirect_uri was valid.

Provides methods allowing to manage the authorizations stored in the store. Note: this interface is not meant to be implemented by custom managers, that should inherit from the generic OpenIddictAuthorizationManager class. It is primarily intended to be used by services that cannot easily depend on the generic authorization manager. The actual authorization entity type is automatically determined at runtime based on the OpenIddict core options.

Determines the number of authorizations that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of authorizations in the database.

Determines the number of authorizations that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of authorizations that match the specified query.

Creates a new permanent authorization based on the specified parameters.

The identity associated with the authorization. The subject associated with the authorization. The client associated with the authorization. The authorization type. The minimal scopes associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization.

Creates a new permanent authorization based on the specified parameters.

The principal associated with the authorization. The subject associated with the authorization. The client associated with the authorization. The authorization type. The minimal scopes associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization.

Creates a new authorization based on the specified descriptor.

The authorization descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization.

Creates a new authorization.

The application to create. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes an existing authorization.

The authorization to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves the authorizations matching the specified parameters.

The subject associated with the authorization, or not to filter out specific subjects. The client associated with the authorization, or not to filter out specific clients. The authorization status, or not to filter out specific authorization statuses. The authorization type, or not to filter out specific authorization types. The minimal scopes associated with the authorization, or not to filter out scopes. The that can be used to abort the operation. The authorizations corresponding to the criteria.

Retrieves the list of authorizations corresponding to the specified application identifier.

The application identifier associated with the authorizations. The that can be used to abort the operation. The authorizations corresponding to the specified application.

Retrieves an authorization using its unique identifier.

The unique identifier associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization corresponding to the identifier.

Retrieves all the authorizations corresponding to the specified subject.

The subject associated with the authorization. The that can be used to abort the operation. The authorizations corresponding to the specified subject.

Retrieves the optional application identifier associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the application identifier associated with the authorization.

Executes the specified query and returns the first element.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the creation date associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the creation date associated with the specified authorization.

Retrieves the unique identifier associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the authorization.

Retrieves the additional properties associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the authorization.

Retrieves the scopes associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scopes associated with the specified authorization.

Retrieves the status associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the status associated with the specified authorization.

Retrieves the subject associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the subject associated with the specified authorization.

Retrieves the type associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the type associated with the specified authorization.

Determines whether the specified scopes are included in the authorization.

The authorization. The scopes. The that can be used to abort the operation. if the scopes are included in the authorization, otherwise.

Determines whether a given authorization has the specified status.

The authorization. The expected status. The that can be used to abort the operation. if the authorization has the specified status, otherwise.

Determines whether a given authorization has the specified type.

The authorization. The expected type. The that can be used to abort the operation. if the authorization has the specified type, otherwise.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The result type. The query to execute. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Populates the specified descriptor using the properties exposed by the authorization.

The descriptor. The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Populates the authorization using the specified descriptor.

The authorization. The descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes the authorizations that are marked as invalid and don't have any token attached. Only authorizations created before the specified are removed.

Since authorizations with tokens still attached are not deleted, tokens should always be pruned first. The date before which authorizations are not pruned. The that can be used to abort the operation. The number of authorizations that were removed.

Revokes all the authorizations matching the specified parameters.

The subject associated with the authorization, or not to filter out specific subjects. The client associated with the authorization, or not to filter out specific clients. The authorization status, or not to filter out specific authorization statuses. The authorization type, or not to filter out specific authorization types. The that can be used to abort the operation. The number of authorizations corresponding to the criteria that were marked as revoked.

Revokes all the authorizations associated with the specified application identifier.

The application identifier associated with the authorizations. The that can be used to abort the operation. The number of authorizations associated with the specified application that were marked as revoked.

Revokes all the authorizations associated with the specified subject.

The subject associated with the authorizations. The that can be used to abort the operation. The number of authorizations associated with the specified subject that were marked as revoked.

Tries to revoke an authorization.

The authorization to revoke. The that can be used to abort the operation. if the authorization was successfully revoked, otherwise.

Updates an existing authorization.

The authorization to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing authorization.

The authorization to update. The descriptor used to update the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Validates the authorization to ensure it's in a consistent state.

The authorization. The that can be used to abort the operation. The validation error encountered when validating the authorization.

Provides methods allowing to manage the scopes stored in the store. Note: this interface is not meant to be implemented by custom managers, that should inherit from the generic OpenIddictScopeManager class. It is primarily intended to be used by services that cannot easily depend on the generic scope manager. The actual scope entity type is automatically determined at runtime based on the OpenIddict core options.

Determines the number of scopes that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of scopes in the database.

Determines the number of scopes that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of scopes that match the specified query.

Creates a new scope based on the specified descriptor.

The scope descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scope.

Creates a new scope.

The scope to create. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes an existing scope.

The scope to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves a scope using its unique identifier.

The unique identifier associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scope corresponding to the identifier.

Retrieves a scope using its name.

The name associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scope corresponding to the specified name.

Retrieves a list of scopes using their name.

The names associated with the scopes. The that can be used to abort the operation. The scopes corresponding to the specified names.

Retrieves all the scopes that contain the specified resource.

The resource associated with the scopes. The that can be used to abort the operation. The scopes associated with the specified resource.

Executes the specified query and returns the first element.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the description associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the description associated with the specified scope.

Retrieves the localized descriptions associated with an scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the localized descriptions associated with the scope.

Retrieves the display name associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the display name associated with the scope.

Retrieves the localized display names associated with an scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the localized display names associated with the scope.

Retrieves the unique identifier associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the scope.

Retrieves the localized description associated with an scope and corresponding to the current UI culture or one of its parents. If no matching value can be found, the non-localized value is returned.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the matching localized description associated with the scope.

Retrieves the localized description associated with an scope and corresponding to the specified culture or one of its parents. If no matching value can be found, the non-localized value is returned.

The scope. The culture (typically ). The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the matching localized description associated with the scope.

Retrieves the localized display name associated with an scope and corresponding to the current UI culture or one of its parents. If no matching value can be found, the non-localized value is returned.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the display name associated with the scope.

Retrieves the localized display name associated with an scope and corresponding to the specified culture or one of its parents. If no matching value can be found, the non-localized value is returned.

The scope. The culture (typically ). The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the display name associated with the scope.

Retrieves the name associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the name associated with the specified scope.

Retrieves the additional properties associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the scope.

Retrieves the resources associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the resources associated with the scope.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The result type. The query to execute. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Lists all the resources associated with the specified scopes.

The scopes. The that can be used to abort the operation. All the resources associated with the specified scopes.

Populates the specified descriptor using the properties exposed by the scope.

The descriptor. The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Populates the scope using the specified descriptor.

The scope. The descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing scope.

The scope to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing scope.

The scope to update. The descriptor used to update the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Validates the scope to ensure it's in a consistent state.

The scope. The that can be used to abort the operation. The validation error encountered when validating the scope.

Provides methods allowing to manage the tokens stored in the store. Note: this interface is not meant to be implemented by custom managers, that should inherit from the generic OpenIddictTokenManager class. It is primarily intended to be used by services that cannot easily depend on the generic token manager. The actual token entity type is automatically determined at runtime based on the OpenIddict core options.

Determines the number of tokens that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of tokens in the database.

Determines the number of tokens that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of tokens that match the specified query.

Creates a new token based on the specified descriptor.

The token descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the token.

Creates a new token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes an existing token.

The token to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves the tokens matching the specified parameters.

The subject associated with the token, or not to filter out specific subjects. The client associated with the token, or not to filter out specific clients. The token status, or not to filter out specific token statuses. The token type, or not to filter out specific token types. The that can be used to abort the operation. The tokens corresponding to the criteria.

Retrieves the list of tokens corresponding to the specified application identifier.

The application identifier associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified application.

Retrieves the list of tokens corresponding to the specified authorization identifier.

The authorization identifier associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified authorization.

Retrieves a token using its unique identifier.

The unique identifier associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the token corresponding to the unique identifier.

Retrieves the list of tokens corresponding to the specified reference identifier. Note: the reference identifier may be hashed or encrypted for security reasons.

The reference identifier associated with the tokens. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the tokens corresponding to the specified reference identifier.

Retrieves the list of tokens corresponding to the specified subject.

The subject associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified subject.

Retrieves the optional application identifier associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the application identifier associated with the token.

Executes the specified query and returns the first element.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the optional authorization identifier associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization identifier associated with the token.

Retrieves the creation date associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the creation date associated with the specified token.

Retrieves the expiration date associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the expiration date associated with the specified token.

Retrieves the unique identifier associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the token.

Retrieves the payload associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the payload associated with the specified token.

Retrieves the additional properties associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the token.

Retrieves the redemption date associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the redemption date associated with the specified token.

Retrieves the reference identifier associated with a token. Note: depending on the manager used to create the token, the reference identifier may be hashed for security reasons.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the reference identifier associated with the specified token.

Retrieves the status associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the status associated with the specified token.

Retrieves the subject associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the subject associated with the specified token.

Retrieves the token type associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the token type associated with the specified token.

Determines whether a given token has the specified status.

The token. The expected status. The that can be used to abort the operation. if the token has the specified status, otherwise.

Determines whether a given token has the specified type.

The token. The expected type. The that can be used to abort the operation. if the token has the specified type, otherwise.

Determines whether a given token has any of the specified types.

The token. The expected types. The that can be used to abort the operation. if the token has any of the specified types, otherwise.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The result type. The query to execute. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Populates the specified descriptor using the properties exposed by the token.

The descriptor. The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Populates the token using the specified descriptor.

The token. The descriptor. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes the tokens that are marked as invalid or whose attached authorization is no longer valid. Only tokens created before the specified are removed.

The date before which tokens are not pruned. The that can be used to abort the operation. The number of tokens that were removed.

Revokes all the tokens matching the specified parameters.

The subject associated with the token, or not to filter out specific subjects. The client associated with the token, or not to filter out specific clients. The token status, or not to filter out specific token statuses. The token type, or not to filter out specific token types. The that can be used to abort the operation. The number of tokens corresponding to the criteria that were marked as revoked.

Revokes all the tokens associated with the specified application identifier.

The application identifier associated with the tokens. The that can be used to abort the operation. The number of tokens associated with the specified application that were marked as revoked.

Revokes all the tokens associated with the specified authorization identifier.

The authorization identifier associated with the tokens. The that can be used to abort the operation. The number of tokens associated with the specified authorization that were marked as revoked.

Revokes all the tokens associated with the specified subject.

The subject associated with the tokens. The that can be used to abort the operation. The number of tokens associated with the specified subject that were marked as revoked.

Tries to redeem a token.

The token to redeem. The that can be used to abort the operation. if the token was successfully redemeed, otherwise.

Tries to reject a token.

The token to reject. The that can be used to abort the operation. if the token was successfully redemeed, otherwise.

Tries to revoke a token.

The token to revoke. The that can be used to abort the operation. if the token was successfully revoked, otherwise.

Updates an existing token.

The token to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing token.

The token to update. The descriptor used to update the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Validates the token to ensure it's in a consistent state.

The token. The that can be used to abort the operation. The validation error encountered when validating the token.

Exposes common exceptions thrown by OpenIddict.

Represents an OpenIddict concurrency exception.

Creates a new .

The exception message.

Creates a new .

The exception message. The inner exception.

Represents an OpenIddict protocol exception.

Creates a new .

The exception message.

Creates a new .

The exception message. The error type.

Creates a new .

The exception message. The error type. The error description.

Creates a new .

The exception message. The error type. The error description. The error URI.

Gets the error type.

Gets the error description.

Gets the error URI.

Represents an OpenIddict validation exception.

Creates a new .

The exception message.

Creates a new .

The exception message. The validation results.

Creates a new .

The exception message. The validation results. The inner exception.

Gets the validation results associated with this exception.

Represents the configuration of an authorization server.

Note: depending on the stack used to produce this instance, only a few select properties may be available.

Gets or sets the URI of the authorization endpoint.

Gets or sets a boolean indicating whether the "iss" parameter is returned in authorization responses.

Gets the code challenge methods supported by the server.

Gets or sets the URI of the device authorization endpoint.

Gets the client authentication methods supported by the device authorization endpoint.

Gets or sets the URI of the end session endpoint.

Gets the grant types supported by the server.

Gets or sets the URI of the introspection endpoint.

Gets the client authentication methods supported by the introspection endpoint.

Gets or sets the URI of the issuer.

Gets or sets the JSON Web Key set containing the keys exposed by the server.

Gets or sets the URI of the JSON Web Key Set.

Gets or sets the URI of the mTLS-enabled device authorization endpoint.

Gets or sets the URI of the mTLS-enabled introspection endpoint.

Gets or sets the URI of the mTLS-enabled pushed authorization endpoint.

Gets or sets the URI of the mTLS-enabled revocation endpoint.

Gets or sets the URI of the mTLS-enabled token endpoint.

Gets or sets the URI of the mTLS-enabled userinfo endpoint.

Gets the additional properties.

Gets or sets the URI of the pushed authorization endpoint.

Gets the client authentication methods supported by the pushed authorization endpoint.

Gets or sets a boolean indicating whether pushed authorization requests are required.

Gets the response mode supported by the server.

Gets the response types supported by the server.

Gets or sets the URI of the revocation endpoint.

Gets the client authentication methods supported by the revocation endpoint.

Gets the scopes supported by the server.

Gets the signing keys extracted from the JSON Web Key set.

Gets or sets a boolean indicating whether access tokens issued by the authorization server are bound to the client certificate when using mTLS.

Gets or sets the URI of the token endpoint.

Gets the client authentication methods supported by the token endpoint.

Gets or sets the URI of the userinfo endpoint.

Represents a JSON converter able to convert OpenIddict primitives.

Determines whether the specified type is supported by this converter.

The type to convert. if the type is supported, otherwise.

Deserializes an instance.

The JSON reader. The type of the deserialized instance. The JSON serializer options. The deserialized instance.

Serializes an OpenIddict primitive.

The JSON writer. The instance. The JSON serializer options.

Provides extension methods to make and easier to work with.

Extracts the authentication context class values from an .

The instance.

Extracts the prompt values from an .

The instance.

Extracts the response types from an .

The instance.

Extracts the scopes from an .

The instance.

Determines whether the requested authentication context class values contain the specified item.

The instance. The component to look for in the parameter.

Determines whether the requested prompt contains the specified value.

The instance. The component to look for in the parameter.

Determines whether the requested response type contains the specified value.

The instance. The component to look for in the parameter.

Determines whether the requested scope contains the specified value.

The instance. The component to look for in the parameter.

Determines whether the "response_type" parameter corresponds to the "none" response type. See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#none for more information.

The instance. if the request is a response_type=none request, otherwise.

Determines whether the "response_type" parameter corresponds to the authorization code flow. See http://tools.ietf.org/html/rfc6749#section-4.1.1 for more information.

The instance. if the request is a code flow request, otherwise.

Determines whether the "response_type" parameter corresponds to the implicit flow. See http://tools.ietf.org/html/rfc6749#section-4.2.1 and http://openid.net/specs/openid-connect-core-1_0.html for more information

The instance. if the request is an implicit flow request, otherwise.

Determines whether the "response_type" parameter corresponds to the hybrid flow. See http://tools.ietf.org/html/rfc6749#section-4.2.1 and http://openid.net/specs/openid-connect-core-1_0.html for more information.

The instance. if the request is an hybrid flow request, otherwise.

Determines whether the "response_mode" parameter corresponds to the fragment response mode. See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html for more information.

The instance. if the request specified the fragment response mode or if it's the default value for the requested flow, otherwise.

Determines whether the "response_mode" parameter corresponds to the query response mode. See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html for more information.

The instance. if the request specified the query response mode or if it's the default value for the requested flow, otherwise.

Determines whether the "response_mode" parameter corresponds to the form post response mode. See http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html for more information.

The instance. if the request specified the form post response mode or if it's the default value for the requested flow, otherwise.

Determines whether the "grant_type" parameter corresponds to the authorization code grant. See http://tools.ietf.org/html/rfc6749#section-4.1.3 for more information.

The instance. if the request is a code grant request, otherwise.

Determines whether the "grant_type" parameter corresponds to the client credentials grant. See http://tools.ietf.org/html/rfc6749#section-4.4.2 for more information.

The instance. if the request is a client credentials grant request, otherwise.

Determines whether the "grant_type" parameter corresponds to the device code grant. See https://tools.ietf.org/html/rfc8628 for more information.

The instance. if the request is a device code grant request, otherwise.

Determines whether the "grant_type" parameter corresponds to the password grant. See http://tools.ietf.org/html/rfc6749#section-4.3.2 for more information.

The instance. if the request is a password grant request, otherwise.

Determines whether the "grant_type" parameter corresponds to the refresh token grant. See http://tools.ietf.org/html/rfc6749#section-6 for more information.

The instance. if the request is a refresh token grant request, otherwise.

Gets the destinations associated with a claim.

The instance. The destinations associated with the claim.

Determines whether the given claim contains the required destination.

The instance. The required destination.

Adds specific destinations to a claim.

The instance. The destinations.

Adds specific destinations to a claim.

The instance. The destinations.

Adds specific destinations to a claim.

The instance. The destinations.

Gets the destinations associated with all the claims of the given identity.

The identity. The destinations, returned as a flattened dictionary.

Gets the destinations associated with all the claims of the given principal.

The principal. The destinations, returned as a flattened dictionary.

Sets the destinations associated with all the claims of the given identity.

The identity. The destinations, as a flattened dictionary. The identity.

Sets the destinations associated with all the claims of the given principal.

The principal. The destinations, as a flattened dictionary. The principal.

Sets the destinations associated with all the claims of the given identity.

The identity. The destinations selector delegate. The identity.

Sets the destinations associated with all the claims of the given principal.

The principal. The destinations selector delegate. The principal.

Clones an identity by filtering its claims and the claims of its actor, recursively.

The instance to filter. The delegate filtering the claims: return to accept the claim, to remove it.

Clones a principal by filtering its identities.

The instance to filter. The delegate filtering the claims: return to accept the claim, to remove it.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim.

Adds a claim to a given identity.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds a claim to a given principal.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim.

Adds claims to a given identity.

The identity. The type associated with the claims. The values associated with the claims.

Adds claims to a given principal.

The principal. The type associated with the claims. The values associated with the claims.

Adds claims to a given identity.

The identity. The type associated with the claims. The values associated with the claims. The issuer associated with the claims.

Adds claims to a given principal.

The principal. The type associated with the claims. The values associated with the claims. The issuer associated with the claims.

Adds claims to a given identity.

The identity. The type associated with the claims. The value associated with the claims.

Adds claims to a given principal.

The principal. The type associated with the claims. The value associated with the claims.

Adds claims to a given identity.

The identity. The type associated with the claims. The value associated with the claims. The issuer associated with the claims.

Adds claims to a given principal.

The principal. The type associated with the claims. The value associated with the claims. The issuer associated with the claims.

Gets the unique claim value corresponding to the given type.

The identity. The type associated with the claim. Multiple claims using the same are present in the identity. The claim value.

Gets the unique claim value corresponding to the given type.

The principal. The type associated with the claim. Multiple claims using the same are present in the principal. The claim value.

Gets all the claim values corresponding to the given type.

The claims identity. The type associated with the claims. The claim values.

Gets all the claim values corresponding to the given type.

The claims principal. The type associated with the claims. The claim values.

Determines whether the claims identity contains at least one claim of the specified type.

The claims identity. The claim type. if the identity contains at least one claim of the specified type.

Determines whether the claims principal contains at least one claim of the specified type.

The claims principal. The claim type. if the principal contains at least one claim of the specified type.

Removes all the claims corresponding to the given type.

The identity. The type associated with the claims. The claims identity.

Removes all the claims corresponding to the given type.

The principal. The type associated with the claims. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The identity. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claim. The value associated with the claim. The issuer associated with the claim. The claims identity.

Sets the claim values corresponding to the given type.

The identity. The type associated with the claims. The values associated with the claims. The claims identity.

Sets the claim values corresponding to the given type.

The principal. The type associated with the claims. The values associated with the claims. The claims identity.

Sets the claim values corresponding to the given type.

The identity. The type associated with the claims. The values associated with the claims. The issuer associated with the claims. The claims identity.

Sets the claim values corresponding to the given type.

The principal. The type associated with the claims. The values associated with the claims. The issuer associated with the claims. The claims identity.

Sets the claim values corresponding to the given type.

The identity. The type associated with the claims. The JSON array from which claim values are extracted. The claims identity.

Sets the claim values corresponding to the given type.

The principal. The type associated with the claims. The JSON array from which claim values are extracted. The claims identity.

Sets the claim values corresponding to the given type.

The identity. The type associated with the claims. The JSON array from which claim values are extracted. The issuer associated with the claims. The claims identity.

Sets the claim value corresponding to the given type.

The principal. The type associated with the claims. The JSON array from which claim values are extracted. The issuer associated with the claims. The claims identity.

Gets the creation date stored in the claims identity.

The claims identity. The creation date or if the claim cannot be found.

Gets the creation date stored in the claims principal.

The claims principal. The creation date or if the claim cannot be found.

Gets the expiration date stored in the claims identity.

The claims identity. The expiration date or if the claim cannot be found.

Gets the expiration date stored in the claims principal.

The claims principal. The expiration date or if the claim cannot be found.

Gets the audiences list stored in the claims identity.

The claims identity. The audiences list or an empty set if the claims cannot be found.

Gets the audiences list stored in the claims principal.

The claims principal. The audiences list or an empty set if the claims cannot be found.

Gets the presenters list stored in the claims identity.

The claims identity. The presenters list or an empty set if the claims cannot be found.

Gets the presenters list stored in the claims principal.

The claims principal. The presenters list or an empty set if the claims cannot be found.

Gets the resources list stored in the claims identity.

The claims identity. The resources list or an empty set if the claims cannot be found.

Gets the resources list stored in the claims principal.

The claims principal. The resources list or an empty set if the claims cannot be found.

Gets the scopes list stored in the claims identity.

The claims identity. The scopes list or an empty set if the claim cannot be found.

Gets the scopes list stored in the claims principal.

The claims principal. The scopes list or an empty set if the claim cannot be found.

Gets the access token lifetime associated with the claims identity.

The claims identity. The access token lifetime or if the claim cannot be found.

Gets the access token lifetime associated with the claims principal.

The claims principal. The access token lifetime or if the claim cannot be found.

Gets the authorization code lifetime associated with the claims identity.

The claims identity. The authorization code lifetime or if the claim cannot be found.

Gets the authorization code lifetime associated with the claims principal.

The claims principal. The authorization code lifetime or if the claim cannot be found.

Gets the device code lifetime associated with the claims identity.

The claims identity. The device code lifetime or if the claim cannot be found.

Gets the device code lifetime associated with the claims principal.

The claims principal. The device code lifetime or if the claim cannot be found.

Gets the identity token lifetime associated with the claims identity.

The claims identity. The identity token lifetime or if the claim cannot be found.

Gets the identity token lifetime associated with the claims principal.

The claims principal. The identity token lifetime or if the claim cannot be found.

Gets the request token lifetime associated with the claims identity.

The claims identity. The request token lifetime or if the claim cannot be found.

Gets the request token lifetime associated with the claims principal.

The claims principal. The request token lifetime or if the claim cannot be found.

Gets the refresh token lifetime associated with the claims identity.

The claims identity. The refresh token lifetime or if the claim cannot be found.

Gets the refresh token lifetime associated with the claims principal.

The claims principal. The refresh token lifetime or if the claim cannot be found.

Gets the state token lifetime associated with the claims identity.

The claims identity. The state token lifetime or if the claim cannot be found.

Gets the state token lifetime associated with the claims principal.

The claims principal. The state token lifetime or if the claim cannot be found.

Gets the user code lifetime associated with the claims identity.

The claims identity. The user code lifetime or if the claim cannot be found.

Gets the user code lifetime associated with the claims principal.

The claims principal. The user code lifetime or if the claim cannot be found.

Gets the internal authorization identifier associated with the claims identity.

The claims identity. The unique identifier or if the claim cannot be found.

Gets the internal authorization identifier associated with the claims principal.

The claims principal. The unique identifier or if the claim cannot be found.

Gets the internal token identifier associated with the claims identity.

The claims identity. The unique identifier or if the claim cannot be found.

Gets the internal token identifier associated with the claims principal.

The claims principal. The unique identifier or if the claim cannot be found.

Gets the token type associated with the claims identity.

The claims identity. The token type or if the claim cannot be found.

Gets the token type associated with the claims principal.

The claims principal. The token type or if the claim cannot be found.

Determines whether the claims identity contains the given audience.

The claims identity. The audience. if the identity contains the given audience.

Determines whether the claims principal contains the given audience.

The claims principal. The audience. if the principal contains the given audience.

Determines whether the claims identity contains the given presenter.

The claims identity. The presenter. if the identity contains the given presenter.

Determines whether the claims principal contains the given presenter.

The claims principal. The presenter. if the principal contains the given presenter.

Determines whether the claims identity contains the given resource.

The claims identity. The resource. if the identity contains the given resource.

Determines whether the claims principal contains the given resource.

The claims principal. The resource. if the principal contains the given resource.

Determines whether the claims identity contains the given scope.

The claims identity. The scope. if the identity contains the given scope.

Determines whether the claims principal contains the given scope.

The claims principal. The scope. if the principal contains the given scope.

Determines whether the token type associated with the claims identity matches the specified type.

The claims identity. The token type. if the token type matches the specified type.

Determines whether the token type associated with the claims principal matches the specified type.

The claims principal. The token type. if the token type matches the specified type.

Sets the creation date in the claims identity.

The claims identity. The creation date The claims identity.

Sets the creation date in the claims principal.

The claims principal. The creation date The claims principal.

Sets the expiration date in the claims identity.

The claims identity. The expiration date The claims identity.

Sets the expiration date in the claims principal.

The claims principal. The expiration date The claims principal.

Sets the audiences list in the claims identity. Note: this method automatically excludes duplicate audiences.

The claims identity. The audiences to store. The claims identity.

Sets the audiences list in the claims principal. Note: this method automatically excludes duplicate audiences.

The claims principal. The audiences to store. The claims principal.

Sets the audiences list in the claims identity. Note: this method automatically excludes duplicate audiences.

The claims identity. The audiences to store. The claims identity.

Sets the audiences list in the claims principal. Note: this method automatically excludes duplicate audiences.

The claims principal. The audiences to store. The claims principal.

Sets the audiences list in the claims identity. Note: this method automatically excludes duplicate audiences.

The claims identity. The audiences to store. The claims identity.

Sets the audiences list in the claims principal. Note: this method automatically excludes duplicate audiences.

The claims principal. The audiences to store. The claims principal.

Sets the presenters list in the claims identity. Note: this method automatically excludes duplicate presenters.

The claims identity. The presenters to store. The claims identity.

Sets the presenters list in the claims principal. Note: this method automatically excludes duplicate presenters.

The claims principal. The presenters to store. The claims principal.

Sets the presenters list in the claims identity. Note: this method automatically excludes duplicate presenters.

The claims identity. The presenters to store. The claims identity.

Sets the presenters list in the claims principal. Note: this method automatically excludes duplicate presenters.

The claims principal. The presenters to store. The claims principal.

Sets the presenters list in the claims identity. Note: this method automatically excludes duplicate presenters.

The claims identity. The presenters to store. The claims identity.

Sets the presenters list in the claims principal. Note: this method automatically excludes duplicate presenters.

The claims principal. The presenters to store. The claims principal.

Sets the resources list in the claims identity. Note: this method automatically excludes duplicate resources.

The claims identity. The resources to store. The claims identity.

Sets the resources list in the claims principal. Note: this method automatically excludes duplicate resources.

The claims principal. The resources to store. The claims principal.

Sets the resources list in the claims identity. Note: this method automatically excludes duplicate resources.

The claims identity. The resources to store. The claims identity.

Sets the resources list in the claims principal. Note: this method automatically excludes duplicate resources.

The claims principal. The resources to store. The claims principal.

Sets the resources list in the claims identity. Note: this method automatically excludes duplicate resources.

The claims identity. The resources to store. The claims identity.

Sets the resources list in the claims principal. Note: this method automatically excludes duplicate resources.

The claims principal. The resources to store. The claims principal.

Sets the scopes list in the claims identity. Note: this method automatically excludes duplicate scopes.

The claims identity. The scopes to store. The claims identity.

Sets the scopes list in the claims principal. Note: this method automatically excludes duplicate scopes.

The claims principal. The scopes to store. The claims principal.

Sets the scopes list in the claims identity. Note: this method automatically excludes duplicate scopes.

The claims identity. The scopes to store. The claims identity.

Sets the scopes list in the claims principal. Note: this method automatically excludes duplicate scopes.

The claims principal. The scopes to store. The claims principal.

Sets the scopes list in the claims identity. Note: this method automatically excludes duplicate scopes.

The claims identity. The scopes to store. The claims identity.

Sets the scopes list in the claims principal. Note: this method automatically excludes duplicate scopes.

The claims principal. The scopes to store. The claims principal.

Sets the access token lifetime associated with the claims identity.

The claims identity. The access token lifetime to store. The claims identity.

Sets the access token lifetime associated with the claims principal.

The claims principal. The access token lifetime to store. The claims principal.

Sets the authorization code lifetime associated with the claims identity.

The claims identity. The authorization code lifetime to store. The claims identity.

Sets the authorization code lifetime associated with the claims principal.

The claims principal. The authorization code lifetime to store. The claims principal.

Sets the device code lifetime associated with the claims identity.

The claims identity. The device code lifetime to store. The claims identity.

Sets the device code lifetime associated with the claims principal.

The claims principal. The device code lifetime to store. The claims principal.

Sets the identity token lifetime associated with the claims identity.

The claims identity. The identity token lifetime to store. The claims identity.

Sets the identity token lifetime associated with the claims principal.

The claims principal. The identity token lifetime to store. The claims principal.

Sets the refresh token lifetime associated with the claims identity.

The claims identity. The refresh token lifetime to store. The claims identity.

Sets the refresh token lifetime associated with the claims principal.

The claims principal. The refresh token lifetime to store. The claims principal.

Sets the state token lifetime associated with the claims identity.

The claims identity. The state token lifetime to store. The claims identity.

Sets the state token lifetime associated with the claims principal.

The claims principal. The state token lifetime to store. The claims principal.

Sets the user code lifetime associated with the claims identity.

The claims identity. The user code lifetime to store. The claims identity.

Sets the user code lifetime associated with the claims principal.

The claims principal. The user code lifetime to store. The claims principal.

Sets the internal authorization identifier associated with the claims identity.

The claims identity. The unique identifier to store. The claims identity.

Sets the internal authorization identifier associated with the claims principal.

The claims principal. The unique identifier to store. The claims principal.

Sets the internal token identifier associated with the claims identity.

The claims identity. The unique identifier to store. The claims identity.

Sets the internal token identifier associated with the claims principal.

The claims principal. The unique identifier to store. The claims principal.

Sets the token type associated with the claims identity.

The claims identity. The token type to store. The claims identity.

Sets the token type associated with the claims principal.

The claims principal. The token type to store. The claims principal.

Represents an abstract OpenIddict message.

Security notice: developers instantiating this type are responsible for ensuring that the imported parameters are safe and won't cause the resulting message to grow abnormally, which may result in an excessive memory consumption and a potential denial of service.

Initializes a new OpenIddict message.

Initializes a new OpenIddict message.

The message parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict message.

The message parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict message.

The message parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict message.

The message parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict message.

The message parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict message.

The message parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict message.

The message parameters. Parameters with a null or empty key are always ignored.

Gets or sets a parameter.

The parameter name. The parameter value.

Gets the number of parameters contained in the current message.

Gets the dictionary containing the parameters.

Adds a parameter. Note: an exception is thrown if a parameter with the same name was already added.

The parameter name. The parameter value. The current instance, which allows chaining calls.

Gets the value corresponding to a given parameter.

The parameter name. The parameter value, or if it cannot be found.

Gets all the parameters associated with this instance.

The parameters associated with this instance.

Determines whether the current message contains the specified parameter.

The parameter name. if the parameter is present, otherwise.

Removes a parameter.

The parameter name. The current instance, which allows chaining calls.

Adds, replaces or removes a parameter. Note: this method automatically removes empty parameters.

The parameter name. The parameter value. The current instance, which allows chaining calls.

Tries to get the value corresponding to a given parameter.

The parameter name. The parameter value. if the parameter could be found, otherwise.

Returns a representation of the current instance that can be used in logs. Note: sensitive parameters like client secrets are automatically removed for security reasons.

The indented JSON representation corresponding to this message.

Writes the message to the specified JSON writer.

The UTF-8 JSON writer.

Represents an OpenIddict parameter value, that can be either a primitive value, an array of strings or a complex JSON representation containing child nodes.

Initializes a new parameter using the specified value.

The parameter value.

Initializes a new parameter using the specified value.

The parameter value.

Initializes a new parameter using the specified value.

The parameter value.

Initializes a new parameter using the specified value.

The parameter value.

Initializes a new parameter using the specified value.

The parameter value.

Initializes a new parameter using the specified value.

The parameter value.

Initializes a new parameter using the specified value.

The parameter value.

Initializes a new parameter using the specified value.

The parameter value.

Gets the child item corresponding to the specified index.

The index of the child item. An instance containing the item value.

Gets the child item corresponding to the specified name.

The name of the child item. An instance containing the item value.

Gets the number of named or unnamed child items contained in the current parameter or 0 if the parameter doesn't represent an array of strings, a JSON array or a JSON object.

Gets the associated value, that can be either a primitive CLR type (e.g bool, string, long), an array of strings or a complex JSON object.

Determines whether the current instance is equal to the specified .

The other object to which to compare this instance. if the two instances have both the same representation (e.g ) and value, otherwise.

Determines whether the current instance is equal to the specified .

The other object to which to compare this instance. if the two instances have both the same representation (e.g ) and value, otherwise.

Returns the hash code of the current instance.

The hash code for the current instance.

Gets the child item corresponding to the specified name.

The name of the child item. An instance containing the item value.

Gets the child item corresponding to the specified index.

The index of the child item. An instance containing the item value.

Gets the named child items associated with the current parameter, if it represents a JSON object. Note: if the JSON object contains multiple parameters with the same name, only the last occurrence is returned.

A dictionary of all the parameters associated with the current instance.

Gets the unnamed child items associated with the current parameter, if it represents an array of strings or a JSON array.

An enumeration of all the unnamed parameters associated with the current instance.

Returns the representation of the current instance.

The representation associated with the parameter value.

Tries to get the child item corresponding to the specified name.

The name of the child item. An instance containing the item value. if the parameter could be found, otherwise.

Tries to get the child item corresponding to the specified index.

The index of the child item. An instance containing the item value. if the parameter could be found, otherwise.

Writes the parameter value to the specified JSON writer.

The UTF-8 JSON writer.

Determines whether two instances are equal.

The first instance. The second instance. if the two instances are equal, otherwise.

Determines whether two instances are not equal.

The first instance. The second instance. if the two instances are not equal, otherwise.

Converts an instance to a boolean.

The parameter to convert. The converted value.

Converts an instance to a nullable boolean.

The parameter to convert. The converted value.

Converts an instance to a .

The parameter to convert. The converted value.

Converts an instance to a .

The parameter to convert. The converted value.

Converts an instance to a .

The parameter to convert. The converted value.

Converts an instance to a .

The parameter to convert. The converted value.

Converts an instance to a .

The parameter to convert. The converted value.

Converts an instance to a long integer.

The parameter to convert. The converted value.

Converts an instance to a nullable long integer.

The parameter to convert. The converted value.

Converts an instance to a string.

The parameter to convert. The converted value.

Converts an instance to an array of strings.

The parameter to convert. The converted value.

Converts a boolean to an instance.

The value to convert An instance.

Converts a nullable boolean to an instance.

The value to convert An instance.

Converts a to an instance.

The value to convert An instance.

Converts a to an instance.

The value to convert An instance.

Converts a long integer to an instance.

The value to convert An instance.

Converts a nullable long integer to an instance.

The value to convert An instance.

Converts a string to an instance.

The value to convert An instance.

Converts an array of strings to an instance.

The value to convert An instance.

Determines whether a parameter is null or empty.

The parameter. if the parameter is null or empty, otherwise.

Represents a generic OpenIddict request.

Security notice: developers instantiating this type are responsible for ensuring that the imported parameters are safe and won't cause the resulting message to grow abnormally, which may result in an excessive memory consumption and a potential denial of service.

Initializes a new OpenIddict request.

Initializes a new OpenIddict request.

The request parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict request.

The request parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict request.

The request parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict request.

The request parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict request.

The request parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict request.

The request parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict request.

The request parameters. Parameters with a null or empty key are always ignored.

Gets or sets the "access_token" parameter.

Gets or sets the "acr_values" parameter.

Gets or sets the "assertion" parameter.

Gets or sets the "audience" parameters.

Gets or sets the "claims" parameter.

Gets or sets the "claims_locales" parameter.

Gets or sets the "client_assertion" parameter.

Gets or sets the "client_assertion_type" parameter.

Gets or sets the "client_id" parameter.

Gets or sets the "client_secret" parameter.

Gets or sets the "code" parameter.

Gets or sets the "code_challenge" parameter.

Gets or sets the "code_challenge_method" parameter.

Gets or sets the "code_verifier" parameter.

Gets or sets the "device_code" parameter.

Gets or sets the "display" parameter.

Gets or sets the "grant_type" parameter.

Gets or sets the "identity_provider" parameter.

Gets or sets the "id_token" parameter.

Gets or sets the "id_token_hint" parameter.

Gets or sets the "login_hint" parameter.

Gets or sets the "max_age" parameter.

Gets or sets the "nonce" parameter.

Gets or sets the "password" parameter.

Gets or sets the "post_logout_redirect_uri" parameter.

Gets or sets the "prompt" parameter.

Gets or sets the "redirect_uri" parameter.

Gets or sets the "refresh_token" parameter.

Gets or sets the "request" parameter.

Gets or sets the "request_id" parameter.

Gets or sets the "request_uri" parameter.

Gets or sets the "resource" parameters.

Gets or sets the "response_mode" parameter.

Gets or sets the "response_type" parameter.

Gets or sets the "scope" parameter.

Gets or sets the "state" parameter.

Gets or sets the "token" parameter.

Gets or sets the "token_type_hint" parameter.

Gets or sets the "registration" parameter.

Gets or sets the "ui_locales" parameter.

Gets or sets the "user_code" parameter.

Gets or sets the "username" parameter.

Represents a generic OpenIddict response.

Security notice: developers instantiating this type are responsible for ensuring that the imported parameters are safe and won't cause the resulting message to grow abnormally, which may result in an excessive memory consumption and a potential denial of service.

Initializes a new OpenIddict response.

Initializes a new OpenIddict response.

The response parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict response.

The response parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict response.

The response parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict response.

The response parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict response.

The response parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict response.

The response parameters. Parameters with a null or empty key are always ignored.

Initializes a new OpenIddict response.

The response parameters. Parameters with a null or empty key are always ignored.

Gets or sets the "access_token" parameter.

Gets or sets the "code" parameter.

Gets or sets the "device_code" parameter.

Gets or sets the "error" parameter.

Gets or sets the "error_description" parameter.

Gets or sets the "error_uri" parameter.

Gets or sets the "expires_in" parameter.

Gets or sets the "id_token" parameter.

Gets or sets the "iss" parameter.

Gets or sets the "refresh_token" parameter.

Gets or sets the "request_uri" parameter.

Gets or sets the "scope" parameter.

Gets or sets the "state" parameter.

Gets or sets the "token_type" parameter.

Gets or sets the "user_code" parameter.

Gets or sets the "verification_uri" parameter.

Gets or sets the "verification_uri_complete" parameter.

Exposes a method allowing to resolve an application store.

Returns an application store compatible with the specified application type or throws an if no store can be built using the specified type.

The type of the Application entity. An .

Exposes a method allowing to resolve an authorization store.

Returns an authorization store compatible with the specified authorization type or throws an if no store can be built using the specified type.

The type of the Authorization entity. An .

Exposes a method allowing to resolve a scope store.

Returns a scope store compatible with the specified scope type or throws an if no store can be built using the specified type.

The type of the Scope entity. An .

Exposes a method allowing to resolve a token store.

Returns a token store compatible with the specified token type or throws an if no store can be built using the specified type.

The type of the Token entity. An .

Provides methods allowing to manage the applications stored in a database.

The type of the Application entity.

Determines the number of applications that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of applications in the database.

Determines the number of applications that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of applications that match the specified query.

Creates a new application.

The application to create. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes an existing application.

The application to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves an application using its unique identifier.

The unique identifier associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client application corresponding to the identifier.

Retrieves an application using its client identifier.

The client identifier associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client application corresponding to the identifier.

Retrieves all the applications associated with the specified post_logout_redirect_uri.

The post_logout_redirect_uri associated with the applications. The that can be used to abort the operation. The client applications corresponding to the specified post_logout_redirect_uri.

Retrieves all the applications associated with the specified redirect_uri.

The redirect_uri associated with the applications. The that can be used to abort the operation. The client applications corresponding to the specified redirect_uri.

Retrieves the application type associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the application type of the application (by default, "web").

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the client identifier associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client identifier associated with the application.

Retrieves the client secret associated with an application. Note: depending on the manager used to create the application, the client secret may be hashed for security reasons.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client secret associated with the application.

Retrieves the client type associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the client type of the application (by default, "public").

Retrieves the consent type associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the consent type of the application (by default, "explicit").

Retrieves the display name associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the display name associated with the application.

Retrieves the localized display names associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the localized display names associated with the application.

Retrieves the unique identifier associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the application.

Retrieves the JSON Web Key Set associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the JSON Web Key Set associated with the application.

Retrieves the permissions associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the permissions associated with the application.

Retrieves the post-logout redirect URIs associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the post_logout_redirect_uri associated with the application.

Retrieves the additional properties associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the application.

Retrieves the redirect URIs associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the redirect_uri associated with the application.

Retrieves the requirements associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the requirements associated with the application.

Retrieves the settings associated with an application.

The application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the settings associated with the application.

Instantiates a new application.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the instantiated application, that can be persisted in the database.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Sets the application type associated with an application.

The application. The application type associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the client identifier associated with an application.

The application. The client identifier associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the client secret associated with an application. Note: depending on the manager used to create the application, the client secret may be hashed for security reasons.

The application. The client secret associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the client type associated with an application.

The application. The client type associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the consent type associated with an application.

The application. The consent type associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the display name associated with an application.

The application. The display name associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the localized display names associated with an application.

The application. The localized display names associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the JSON Web Key Set associated with an application.

The application. The JSON Web Key Set associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the permissions associated with an application.

The application. The permissions associated with the application The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the post-logout redirect URIs associated with an application.

The application. The post-logout redirect URIs associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the additional properties associated with an application.

The application. The additional properties associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the redirect URIs associated with an application.

The application. The redirect URIs associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the requirements associated with an application.

The application. The requirements associated with the application The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the settings associated with an application.

The application. The settings associated with the application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing application.

The application to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Provides methods allowing to manage the authorizations stored in a database.

The type of the Authorization entity.

Determines the number of authorizations that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of authorizations in the database.

Determines the number of authorizations that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of authorizations that match the specified query.

Creates a new authorization.

The authorization to create. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes an existing authorization.

The authorization to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves the authorizations matching the specified parameters.

The subject associated with the authorization, or not to filter out specific subjects. The client associated with the authorization, or not to filter out specific clients. The authorization status, or not to filter out specific authorization statuses. The authorization type, or not to filter out specific authorization types. The minimal scopes associated with the authorization, or not to filter out scopes. The that can be used to abort the operation. The authorizations corresponding to the criteria.

Retrieves the list of authorizations corresponding to the specified application identifier.

The application identifier associated with the authorizations. The that can be used to abort the operation. The authorizations corresponding to the specified application.

Retrieves an authorization using its unique identifier.

The unique identifier associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization corresponding to the identifier.

Retrieves all the authorizations corresponding to the specified subject.

The subject associated with the authorization. The that can be used to abort the operation. The authorizations corresponding to the specified subject.

Retrieves the optional application identifier associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the application identifier associated with the authorization.

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the creation date associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the creation date associated with the specified authorization.

Retrieves the unique identifier associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the authorization.

Retrieves the additional properties associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the authorization.

Retrieves the scopes associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scopes associated with the specified authorization.

Retrieves the status associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the status associated with the specified authorization.

Retrieves the subject associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the subject associated with the specified authorization.

Retrieves the type associated with an authorization.

The authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the type associated with the specified authorization.

Instantiates a new authorization.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the instantiated authorization, that can be persisted in the database.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Removes the authorizations that are marked as invalid and don't have any token attached. Only authorizations created before the specified are removed.

Since authorizations with tokens still attached are not deleted, tokens should always be pruned first. The date before which authorizations are not pruned. The that can be used to abort the operation. The number of authorizations that were removed.

Revokes all the authorizations matching the specified parameters.

The subject associated with the authorization, or not to filter out specific subjects. The client associated with the authorization, or not to filter out specific clients. The authorization status, or not to filter out specific authorization statuses. The authorization type, or not to filter out specific authorization types. The that can be used to abort the operation. The number of authorizations corresponding to the criteria that were marked as revoked.

Revokes all the authorizations associated with the specified application identifier.

The application identifier associated with the authorizations. The that can be used to abort the operation. The number of authorizations associated with the specified application that were marked as revoked.

Revokes all the authorizations associated with the specified subject.

The subject associated with the authorizations. The that can be used to abort the operation. The number of authorizations associated with the specified subject that were marked as revoked.

Sets the application identifier associated with an authorization.

The authorization. The unique identifier associated with the client application. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the creation date associated with an authorization.

The authorization. The expiration date. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the additional properties associated with an authorization.

The authorization. The additional properties associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the scopes associated with an authorization.

The authorization. The scopes associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the status associated with an authorization.

The authorization. The status associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the subject associated with an authorization.

The authorization. The subject associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the type associated with an authorization.

The authorization. The type associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing authorization.

The authorization to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Provides methods allowing to manage the scopes stored in a database.

The type of the Scope entity.

Determines the number of scopes that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of scopes in the database.

Determines the number of scopes that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of scopes that match the specified query.

Creates a new scope.

The scope to create. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes an existing scope.

The scope to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves a scope using its unique identifier.

The unique identifier associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scope corresponding to the identifier.

Retrieves a scope using its name.

The name associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the scope corresponding to the specified name.

Retrieves a list of scopes using their name.

The names associated with the scopes. The that can be used to abort the operation. The scopes corresponding to the specified names.

Retrieves all the scopes that contain the specified resource.

The resource associated with the scopes. The that can be used to abort the operation. The scopes associated with the specified resource.

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the description associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the description associated with the specified scope.

Retrieves the localized descriptions associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the localized descriptions associated with the specified scope.

Retrieves the display name associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the display name associated with the scope.

Retrieves the localized display names associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the localized display names associated with the scope.

Retrieves the unique identifier associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the scope.

Retrieves the name associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the name associated with the specified scope.

Retrieves the additional properties associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the scope.

Retrieves the resources associated with a scope.

The scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the resources associated with the scope.

Instantiates a new scope.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the instantiated scope, that can be persisted in the database.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Sets the description associated with a scope.

The scope. The description associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the localized descriptions associated with a scope.

The scope. The localized descriptions associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the display name associated with a scope.

The scope. The display name associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the localized display names associated with a scope.

The scope. The localized display names associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the name associated with a scope.

The scope. The name associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the additional properties associated with a scope.

The scope. The additional properties associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the resources associated with a scope.

The scope. The resources associated with the scope. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing scope.

The scope to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Provides methods allowing to manage the tokens stored in a database.

The type of the Token entity.

Determines the number of tokens that exist in the database.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of applications in the database.

Determines the number of tokens that match the specified query.

The result type. The query to execute. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the number of tokens that match the specified query.

Creates a new token.

The token to create. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Removes a token.

The token to delete. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Retrieves the tokens matching the specified parameters.

The subject associated with the token, or not to filter out specific subjects. The client associated with the token, or not to filter out specific clients. The token status, or not to filter out specific token statuses. The token type, or not to filter out specific token types. The that can be used to abort the operation. The tokens corresponding to the criteria.

Retrieves the list of tokens corresponding to the specified application identifier.

The application identifier associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified application.

Retrieves the list of tokens corresponding to the specified authorization identifier.

The authorization identifier associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified authorization.

Retrieves a token using its unique identifier.

The unique identifier associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the token corresponding to the unique identifier.

Retrieves the list of tokens corresponding to the specified reference identifier. Note: the reference identifier may be hashed or encrypted for security reasons.

The reference identifier associated with the tokens. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the tokens corresponding to the specified reference identifier.

Retrieves the list of tokens corresponding to the specified subject.

The subject associated with the tokens. The that can be used to abort the operation. The tokens corresponding to the specified subject.

Retrieves the optional application identifier associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the application identifier associated with the token.

Executes the specified query and returns the first element.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the first element returned when executing the query.

Retrieves the optional authorization identifier associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the authorization identifier associated with the token.

Retrieves the creation date associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the creation date associated with the specified token.

Retrieves the expiration date associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the expiration date associated with the specified token.

Retrieves the unique identifier associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the unique identifier associated with the token.

Retrieves the payload associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the payload associated with the specified token.

Retrieves the additional properties associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns all the additional properties associated with the token.

Retrieves the redemption date associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the redemption date associated with the specified token.

Retrieves the reference identifier associated with a token. Note: depending on the manager used to create the token, the reference identifier may be hashed for security reasons.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the reference identifier associated with the specified token.

Retrieves the status associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the status associated with the specified token.

Retrieves the subject associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the subject associated with the specified token.

Retrieves the token type associated with a token.

The token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the token type associated with the specified token.

Instantiates a new token.

The that can be used to abort the operation. A that can be used to monitor the asynchronous operation, whose result returns the instantiated token, that can be persisted in the database.

Executes the specified query and returns all the corresponding elements.

The number of results to return. The number of results to skip. The that can be used to abort the operation. All the elements returned when executing the specified query.

Executes the specified query and returns all the corresponding elements.

The state type. The result type. The query to execute. The optional state. The that can be used to abort the operation. All the elements returned when executing the specified query.

Removes the tokens that are marked as invalid or whose attached authorization is no longer valid. Only tokens created before the specified are removed.

The date before which tokens are not pruned. The that can be used to abort the operation. The number of tokens that were removed.

Revokes all the tokens matching the specified parameters.

The subject associated with the token, or not to filter out specific subjects. The client associated with the token, or not to filter out specific clients. The token status, or not to filter out specific token statuses. The token type, or not to filter out specific token types. The that can be used to abort the operation. The number of tokens corresponding to the criteria that were marked as revoked.

Revokes all the tokens associated with the specified application identifier.

The application identifier associated with the tokens. The that can be used to abort the operation. The number of tokens associated with the specified application that were marked as revoked.

Revokes all the tokens associated with the specified authorization identifier.

The authorization identifier associated with the tokens. The that can be used to abort the operation. The number of tokens associated with the specified authorization that were marked as revoked.

Revokes all the tokens associated with the specified subject.

The subject associated with the tokens. The that can be used to abort the operation. The number of tokens associated with the specified subject that were marked as revoked.

Sets the application identifier associated with a token.

The token. The unique identifier associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the authorization identifier associated with a token.

The token. The unique identifier associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the creation date associated with a token.

The token. The creation date. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the expiration date associated with a token.

The token. The expiration date. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the payload associated with a token.

The token. The payload associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the additional properties associated with a token.

The token. The additional properties associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the redemption date associated with a token.

The token. The redemption date. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the reference identifier associated with a token. Note: depending on the manager used to create the token, the reference identifier may be hashed for security reasons.

The token. The reference identifier associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the status associated with a token.

The token. The status associated with the authorization. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the subject associated with a token.

The token. The subject associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Sets the token type associated with a token.

The token. The token type associated with the token. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

Updates an existing token.

The token to update. The that can be used to abort the operation. A that can be used to monitor the asynchronous operation.

An identity cannot be extracted from this request. This generally indicates that the OpenIddict server stack was asked to authenticate a request for an endpoint it doesn't manage. To validate tokens received by custom API endpoints, the OpenIddict validati ...

The token type is not supported.

The deserialized principal doesn't contain the mandatory 'oi_tkn_typ' claim. When implementing custom token deserialization, a 'oi_tkn_typ' claim containing the type of the token being processed must be added to the security principal.

The type of token associated with the deserialized principal ({0}) doesn't match one of the expected token types ({1}).

The type of token associated with the deserialized principal ({0}) doesn't match one of the expected token types ({1}).

A challenge response cannot be returned from this endpoint.

The authentication context cannot be found.

The device code identifier cannot be extracted from the principal.

The token identifier cannot be extracted from the principal.

A sign-in response cannot be returned from this endpoint.

The specified principal is null or doesn't contain a claims-based identity. Make sure that 'ClaimsPrincipal.Identity' is not null.

The specified principal contains an authenticated identity, which is not valid when the sign-in operation is triggered from the device authorization or pushed authorization endpoints. Make sure that 'ClaimsPrincipal.Identity.AuthenticationType' is null and ...

The specified principal contains a subject claim, which is not valid when the sign-in operation is triggered from the device authorization or pushed authorization endpoints.

The specified principal doesn't contain a valid/authenticated identity. Make sure that 'ClaimsPrincipal.Identity.AuthenticationType' is not null and that 'ClaimsPrincipal.Identity.IsAuthenticated' returns 'true'.

The specified principal was rejected because the mandatory subject claim was missing.

The core services must be registered when enabling the OpenIddict server feature. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'. Alternatively, you c ...

The application entry cannot be found in the database.

An unknown error occurred while creating an authorization entry.

An unknown error occurred while creating a token entry.

A token entry cannot be created from a null principal or from a principal containing a null or invalid identity.

The token entry cannot be found in the database.

A token cannot be created from a null principal.

The issuer must be a non-null, non-empty absolute URI.

A sign-out response cannot be returned from this endpoint.

The token type cannot be resolved.

The payload associated with a reference token cannot be retrieved. This may indicate that the token entry was corrupted.

The authorization request was not correctly extracted. To extract authorization requests, create a class implementing 'IOpenIddictServerHandler<ExtractAuthorizationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler ...

The request cannot be validated because no redirect_uri was specified.

The authorization request was not handled. To handle authorization requests in a controller, create a custom action with the same route as the authorization endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'service ...

The authorization response was not correctly applied. To apply authorization responses, create a class implementing 'IOpenIddictServerHandler<ApplyAuthorizationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()' ...

The device authorization request was not correctly extracted. To extract device authorization requests, create a class implementing 'IOpenIddictServerHandler<ExtractDeviceAuthorizationRequestContext>' and register it using 'services.AddOpenIddict().AddServ ...

The client application details cannot be found in the database.

The device authorization response was not correctly applied. To apply device authorization responses, create a class implementing 'IOpenIddictServerHandler<ApplyDeviceAuthorizationResponseContext>' and register it using 'services.AddOpenIddict().AddServer( ...

The end-user verification request was not correctly extracted. To extract end-user verification requests, create a class implementing 'IOpenIddictServerHandler<ExtractEndUserVerificationRequestContext>' and register it using 'services.AddOpenIddict().AddSe ...

The end-user verification request was not handled. To handle end-user verification requests in a controller, create a custom action with the same route as the end-user verification endpoint and enable the pass-through mode in the server ASP.NET Core or OWI ...

The end-user verification response was not correctly applied. To apply end-user verification responses, create a class implementing 'IOpenIddictServerHandler<ApplyEndUserVerificationResponseContext>' and register it using 'services.AddOpenIddict().AddServe ...

The configuration request was not correctly extracted. To extract configuration requests, create a class implementing 'IOpenIddictServerHandler<ExtractConfigurationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler ...

The JSON Web Key Set request was not correctly extracted. To extract configuration requests, create a class implementing 'IOpenIddictServerHandler<ExtractJsonWebKeySetRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHand ...

The JSON Web Key Set response was not correctly applied. To apply JSON Web Key Set responses, create a class implementing 'IOpenIddictServerHandler<ApplyJsonWebKeySetResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHand ...

The token request was not correctly extracted. To extract token requests, create a class implementing 'IOpenIddictServerHandler<ExtractTokenRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The token request was not handled. To handle token requests in a controller, create a custom action with the same route as the token endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddSer ...

The token response was not correctly applied. To apply token responses, create a class implementing 'IOpenIddictServerHandler<ApplyTokenResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The presenters list cannot be extracted from the authorization code.

The presenters list cannot be extracted from the device code.

The specified code challenge method is not supported.

The introspection request was not correctly extracted. To extract introspection requests, create a class implementing 'IOpenIddictServerHandler<ExtractIntrospectionRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler ...

The introspection response was not correctly applied. To apply introspection responses, create a class implementing 'IOpenIddictServerHandler<ApplyIntrospectionResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()' ...

The revocation request was not correctly extracted. To extract revocation requests, create a class implementing 'IOpenIddictServerHandler<ExtractRevocationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The revocation response was not correctly applied. To apply revocation responses, create a class implementing 'IOpenIddictServerHandler<ApplyRevocationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The end session request was not correctly extracted. To extract end session requests, create a class implementing 'IOpenIddictServerHandler<ExtractEndSessionRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The end session request was not handled. To handle end session requests in a controller, create a custom controller action with the same route as the end session endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'se ...

The end session response was not correctly applied. To apply end session responses, create a class implementing 'IOpenIddictServerHandler<ApplyEndSessionResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The userinfo request was not correctly extracted. To extract userinfo requests, create a class implementing 'IOpenIddictServerHandler<ExtractUserInfoRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The userinfo response was not correctly applied. To apply userinfo responses, create a class implementing 'IOpenIddictServerHandler<ApplyUserInfoResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The asymmetric encryption key doesn't contain the required private key.

An encryption algorithm cannot be automatically inferred from the encrypting key. Consider using 'options.AddEncryptionCredentials(EncryptingCredentials)' instead.

The algorithm cannot be null or empty.

The specified algorithm is not supported.

An unspecified error occurred while trying to change the key size of a System.Security.Cryptography.RSA instance of type '{0}'.

An unspecified error occurred while trying to change the key size of a System.Security.Cryptography.RSA instance of type '{0}'.

The specified certificate is not a key encryption certificate.

The specified certificate doesn't contain the required private key.

The resource cannot be null or empty.

The certificate was not found in the specified assembly.

The thumbprint cannot be null or empty.

The certificate corresponding to the specified thumbprint was not found.

The asymmetric signing key doesn't contain the required private key.

A signature algorithm cannot be automatically inferred from the signing key. Consider using 'options.AddSigningCredentials(SigningCredentials)' instead.

ECDSA signing keys are not supported on this platform.

The specified certificate is not a signing certificate.

The grant type cannot be null or empty.

Endpoint URIs must be valid URIs.

The security token handler cannot be null.

At least one OAuth 2.0/OpenID Connect flow must be enabled.

The authorization endpoint must be enabled to use the authorization code and implicit flows.

The device authorization endpoint must be enabled to use the device authorization flow.

The token endpoint must be enabled to use the authorization code, client credentials, device, password and refresh token flows.

The end-user verification endpoint must be enabled to use the device authorization flow.

Endpoint URIs cannot start with '{0}'.

Endpoint URIs cannot start with '{0}'.

Dependency injection support must be enabled in Quartz.NET when using the OpenIddict integration. To enable DI support, call 'services.AddQuartz(options => options.UseMicrosoftDependencyInjectionJobFactory())' or 'services.AddQuartz(options => options.UseM ...

Reference tokens cannot be used when disabling token storage.

The device grant must be allowed when enabling the device authorization endpoint.

At least one encryption key must be registered in the OpenIddict server options. Consider registering a certificate using 'services.AddOpenIddict().AddServer().AddEncryptionCertificate()' or 'services.AddOpenIddict().AddServer().AddDevelopmentEncryptionCer ...

At least one asymmetric signing key must be registered in the OpenIddict server options. Consider registering a certificate using 'services.AddOpenIddict().AddServer().AddSigningCertificate()' or 'services.AddOpenIddict().AddServer().AddDevelopmentSigningC ...

When using X.509 encryption credentials, at least one of the registered certificates must be valid. To use key rollover, register both the new certificate and the old one in the credentials collection.

When using X.509 signing credentials, at least one of the registered certificates must be valid. To use key rollover, register both the new certificate and the old one in the credentials collection.

No custom authorization request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateAuthorizationRequestContext>' must be implemented to validate authorization requests (e.g to ensure the client_id and ...

No custom device authorization request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateDeviceAuthorizationRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be imple ...

No custom introspection request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateIntrospectionRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to val ...

No custom end session request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateEndSessionRequestContext>' must be implemented to validate end session requests (e.g to ensure the post_logout_redirect_ ...

No custom revocation request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateRevocationRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to validate ...

No custom token request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateTokenRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to validate token requ ...

No custom end-user verification request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateEndUserVerificationRequestContext>' must be implemented to validate verification requests (e.g to ensure the u ...

No custom token validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateTokenContext>' must be implemented to handle device and user codes (e.g by retrieving them from a database).

No custom token generation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<GenerateTokenContext>' must be implemented to handle device and user codes (e.g by storing them in a database).

The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddServer().AddEventHandler()'.

The event handler filter of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container.

The event handler filter of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container.

The redirect_uri cannot be null or empty.

The authorization request cannot be validated because a different redirect_uri was specified by the client application.

The post_logout_redirect_uri cannot be null or empty.

The end session request cannot be validated because a different post_logout_redirect_uri was specified by the client application.

The specified service type is not valid.

No service descriptor was set.

The property name cannot be null or empty.

The realm cannot be null or empty.

The OpenIddict ASP.NET Core server handler cannot be registered as an authentication scheme. This may indicate that an instance of another handler was registered with the same scheme.

The OpenIddict ASP.NET Core server handler cannot be used as the default scheme handler. Make sure that neither DefaultAuthenticateScheme, DefaultChallengeScheme, DefaultForbidScheme, DefaultSignInScheme, DefaultSignOutScheme nor DefaultScheme point to an ...

The error pass-through mode cannot be used when the status code pages integration is enabled.

The OpenID Connect response was not correctly processed. This may indicate that the event handler responsible for processing OpenID Connect responses was not registered or was explicitly removed from the handlers list.

An error occurred while retrieving the OpenIddict server context. On ASP.NET Core, this may indicate that the authentication middleware was not registered early enough in the request pipeline. Make sure that 'app.UseAuthentication()' is registered before ' ...

An error occurred while authenticating the current request.

The ASP.NET Core HTTP request cannot be resolved.

Only strings, booleans, integers, arrays of strings and instances of type 'OpenIddictParameter' or 'JsonElement' can be returned as custom parameters. On .NET 6.0 and higher, instances of type 'JsonNode' (i.e 'JsonArray', 'JsonObject' and 'JsonValue') are ...

A distributed cache instance must be registered when enabling request caching. To register the default in-memory distributed cache implementation, reference the 'Microsoft.Extensions.Caching.Memory' package and call 'services.AddDistributedMemoryCache()' f ...

The authorization request payload is malformed.

The end session request payload is malformed.

The OpenIddict OWIN server handler cannot be used as an active authentication handler. Make sure that 'OpenIddictServerOwinOptions.AuthenticationMode' is not set to 'Active'.

The OWIN request cannot be resolved.

No service provider was found in the OWIN context. For the OpenIddict server services to work correctly, a per-request 'IServiceProvider' must be attached to the OWIN environment with the dictionary key 'System.IServiceProvider'. Note: when using a depende ...

The OpenIddict server services cannot be resolved from the DI container. To register the server services, use 'services.AddOpenIddict().AddServer()'.

Audiences cannot be null or empty.

The client identifier cannot be null or empty.

The client secret cannot be null or empty.

The issuer cannot be null or empty.

The base URI or request URI cannot be retrieved from the request context or are not valid absolute URIs.

An OAuth 2.0/OpenID Connect server configuration or an issuer URI must be registered. To use a local OpenIddict server, reference the 'OpenIddict.Validation.ServerIntegration' package and call 'services.AddOpenIddict().AddValidation().UseLocalServer()' to ...

An introspection client must be registered when using introspection. Reference the 'OpenIddict.Validation.SystemNetHttp' package and call 'services.AddOpenIddict().AddValidation().UseSystemNetHttp()' to register the default System.Net.Http-based integratio ...

The issuer or the configuration endpoint URI must be set when using introspection.

The client identifier cannot be null or empty when using introspection.

The client secret cannot be null or empty when using introspection. Alternatively, one or multiple signing credentials can be registered and used to produce client assertions if the authorization server supports this client authentication method.

Authorization entry validation cannot be enabled when using introspection.

Token entry validation cannot be enabled when using introspection.

A discovery client must be registered when using server discovery. Reference the 'OpenIddict.Validation.SystemNetHttp' package and call 'services.AddOpenIddict().AddValidation().UseSystemNetHttp()' to register the default System.Net.Http-based integration.

The issuer must be a valid absolute URI.

The issuer cannot contain a fragment or a query string.

The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddValidation().AddEventHandler()'.

The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddValidation().AddEventHandler()'.

The core services must be registered when enabling token entry validation. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.

An unknown error occurred while retrieving the server configuration.

An unknown error occurred while introspecting the access token.

The core services must be registered when enabling authorization entry validation. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.

The URI cannot be null or empty.

The URI must be a valid absolute URI.

The server configuration couldn't be retrieved.

The JSON Web Key Set URI couldn't be resolved from the provider metadata.

The server JSON Web Key set couldn't be retrieved.

An error occurred while preparing the configuration request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the configuration request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the configuration request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the configuration request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the configuration response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the configuration response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the configuration response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the configuration response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the JSON Web Key Set request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the JSON Web Key Set request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the JSON Web Key Set request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the JSON Web Key Set request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the JSON Web Key Set response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the JSON Web Key Set response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the JSON Web Key Set response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the JSON Web Key Set response. Error: {0} Error description: {1} Error URI: {2}

The token cannot be null or empty.

An unknown error occurred while introspecting the token.

An error occurred while preparing the introspection request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the introspection request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the introspection request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the introspection request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the introspection response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the introspection response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the introspection response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the introspection response. Error: {0} Error description: {1} Error URI: {2}

The access token cannot be null or empty.

An error occurred while validating the access token. Error: {0} Error description: {1} Error URI: {2}

An error occurred while validating the access token. Error: {0} Error description: {1} Error URI: {2}

The OpenIddict ASP.NET Core validation handler cannot be registered as an authentication scheme. This may indicate that an instance of another handler was registered with the same scheme.

The OpenIddict ASP.NET Core validation handler cannot be used as the default sign-in/sign-out handler. Make sure that neither DefaultSignInScheme nor DefaultSignOutScheme point to an instance of the OpenIddict ASP.NET Core validation handler.

An error occurred while retrieving the OpenIddict validation context. On ASP.NET Core, this may indicate that the authentication middleware was not registered early enough in the request pipeline. Make sure that 'app.UseAuthentication()' is registered befo ...

Generic token validation is not supported by the validation handler.

No service provider was found in the OWIN context. For the OpenIddict validation services to work correctly, a per-request 'IServiceProvider' must be attached to the OWIN environment with the dictionary key 'System.IServiceProvider'. Note: when using a dep ...

The OpenIddict validation services cannot be resolved from the DI container. To register the validation services, use 'services.AddOpenIddict().AddValidation()'.

The local server integration can only be used with direct validation.

Authorization entry validation cannot be enabled when authorization storage is disabled in the OpenIddict server options.

Token entry validation cannot be enabled when token storage is disabled in the OpenIddict server options.

The System.Net.Http request cannot be resolved.

An unknown error occurred while creating a System.Net.Http client.

An unknown error occurred while sending a System.Net.Http request.

The specified type is not supported.

The value cannot be null or empty.

The prompt cannot be null or empty.

The response type cannot be null or empty.

The scope cannot be null or empty.

The destination cannot be null or empty.

Destinations cannot be null or empty.

Conflicting destinations for the claim '{0}' were specified.

Conflicting destinations for the claim '{0}' were specified.

The claim type cannot be null or empty.

The claim value is not a supported JSON node.

The audience cannot be null or empty.

The presenter cannot be null or empty.

The token type cannot be null or empty.

The specified JSON element is not an object.

The parameter name cannot be null or empty.

A parameter with the same name already exists.

The item name cannot be null or empty.

The item index cannot be negative.

The specified '{0}' setting is not valid.

The specified '{0}' setting is not valid.

The identifier cannot be null or empty.

The application identifier cannot be extracted.

An error occurred while creating an expiration signal.

The subject cannot be null or empty.

The status cannot be null or empty.

The type cannot be null or empty.

The authorization identifier cannot be extracted.

The scope name cannot be null or empty.

Scope names cannot be null or empty.

The scope identifier cannot be extracted.

The token identifier cannot be extracted.

The client secret hash cannot be set on the application entity.

One or more validation error(s) occurred while trying to create a new application:

An error occurred while trying to create a new application.

The client type cannot be null or empty.

The consent type cannot be null or empty.

The permission name cannot be null or empty.

The requirement name cannot be null or empty.

Callback URIs cannot be null or empty.

Callback URIs must be valid absolute URIs.

One or more validation error(s) occurred while trying to update an existing application:

The secret cannot be null or empty.

The specified hash algorithm is not valid.

The comparand cannot be null or empty.

One or more validation error(s) occurred while trying to create a new authorization:

An error occurred while trying to create a new authorization.

One or more validation error(s) occurred while trying to update an existing authorization:

One or more validation error(s) occurred while trying to create a new scope:

An error occurred while trying to create a new scope.

One or more validation error(s) occurred while trying to update an existing scope:

One or more validation error(s) occurred while trying to create a new token:

An error occurred while trying to create a new token.

One or more validation error(s) occurred while trying to update an existing token:

No application store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. To ...

No authorization store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. T ...

No scope store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. To regist ...

No token store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. To regist ...

The specified type is invalid.

The cache size cannot be less than 10.

The specified application type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkApplication' entity or a custom entity that inherits from the gen ...

No Entity Framework 6.x context was specified in the OpenIddict options. To configure the OpenIddict Entity Framework 6.x stores to use a specific 'DbContext', use 'options.UseEntityFramework().UseDbContext<TContext>()'.

The specified authorization type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkAuthorization' entity or a custom entity that inherits from the ...

The specified scope type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkScope' entity or a custom entity that inherits from the generic 'OpenId ...

The specified token type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkToken' entity or a custom entity that inherits from the generic 'OpenId ...

The application was concurrently updated and cannot be persisted in its current state. Reload the application from the database and retry the operation.

An error occurred while trying to create a new application instance. Make sure that the application entity is not abstract and has a public parameterless constructor or create a custom application store that overrides 'InstantiateAsync()' to use a custom f ...

The authorization was concurrently updated and cannot be persisted in its current state. Reload the authorization from the database and retry the operation.

An error occurred while trying to create a new authorization instance. Make sure that the authorization entity is not abstract and has a public parameterless constructor or create a custom authorization store that overrides 'InstantiateAsync()' to use a cu ...

An error occurred while pruning authorizations.

The application associated with the authorization cannot be found.

The scope was concurrently updated and cannot be persisted in its current state. Reload the scope from the database and retry the operation.

An error occurred while trying to create a new scope instance. Make sure that the scope entity is not abstract and has a public parameterless constructor or create a custom scope store that overrides 'InstantiateAsync()' to use a custom factory.

The token was concurrently updated and cannot be persisted in its current state. Reload the token from the database and retry the operation.

An error occurred while trying to create a new token instance. Make sure that the token entity is not abstract and has a public parameterless constructor or create a custom token store that overrides 'InstantiateAsync()' to use a custom factory.

An error occurred while pruning tokens.

The application associated with the token cannot be found.

The authorization associated with the token cannot be found.

The specified application type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreApplication' entity or a custom entity that inherits from t ...

No Entity Framework Core context was specified in the OpenIddict options. To configure the OpenIddict Entity Framework Core stores to use a specific 'DbContext', use 'options.UseEntityFrameworkCore().UseDbContext<TContext>()'.

The specified authorization type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreAuthorization' entity or a custom entity that inherits fr ...

The specified scope type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreScope' entity or a custom entity that inherits from the generic ' ...

The specified token type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreToken' entity or a custom entity that inherits from the generic ' ...

The specified application type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbApplication' entity or a custom entity that inherits from the 'OpenIddictMongoDbApplication' entity ...

The specified authorization type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbAuthorization' entity or a custom entity that inherits from the 'OpenIddictMongoDbAuthorization' ...

The specified scope type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbScope' entity or a custom entity that inherits from the 'OpenIddictMongoDbScope' entity.

The specified token type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbToken' entity or a custom entity that inherits from the 'OpenIddictMongoDbToken' entity.

The collection name cannot be null or empty.

No suitable MongoDB database service can be found. To configure the OpenIddict MongoDB stores to use a specific database, use 'services.AddOpenIddict().AddCore().UseMongoDb().UseDatabase()' or register an 'IMongoDatabase' in the dependency injection contai ...

The second parameter must be a generic type definition.

X.509 certificate generation is not supported on this platform.

The token details cannot be found in the database.

No suitable signing credentials could be found.

The signing credentials algorithm is not valid.

The code challenge method cannot be retrieved from the authorization code.

The token usage of the JWT token is not supported.

The type of the JWT token cannot be resolved or inferred.

The type of the JWT token doesn't match the expected type.

The configuration response was not correctly applied. To apply configuration responses, create a class implementing 'IOpenIddictServerHandler<ApplyConfigurationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()' ...

No default application entity type was configured in the OpenIddict core options, which generally indicates that no application store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFramewor ...

No default authorization entity type was configured in the OpenIddict core options, which generally indicates that no authorization store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFram ...

No default scope entity type was configured in the OpenIddict core options, which generally indicates that no scope store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' packa ...

No default token entity type was configured in the OpenIddict core options, which generally indicates that no token store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' packa ...

The Entity Framework 6.x stores cannot be used with generic types. Consider creating non-generic classes derived from the default entities for the application, authorization, scope and token entities.

The core services must be registered when enabling the OpenIddict Quartz.NET integration. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.

The maximum refire count cannot be negative.

The duration cannot be less than 10 minutes.

The authorization code grant must be enabled when adding a response type containing '{0}'.

The authorization code grant must be enabled when adding a response type containing '{0}'.

The implicit grant must be enabled when adding a response type containing '{0}'.

The implicit grant must be enabled when adding a response type containing '{0}'.

Provided symmetric key was incorrect size. Expected {0} bits, received {1}.

Provided symmetric key was incorrect size. Expected {0} bits, received {1}.

The context type associated with the specified descriptor doesn't match the context type of this builder.

Endpoint URIs must be unique across endpoints.

The specified principal doesn't contain a valid claims-based identity.

The payload of this authentication ticket was serialized using an unsupported formatter version.

The OpenIddict ASP.NET Core client handler cannot be registered as an authentication scheme. This may indicate that an instance of another handler was registered with the same scheme.

The OpenIddict ASP.NET Core client handler cannot be used as the default authentication/sign-in/sign-out handler. Make sure that neither DefaultAuthenticateScheme, DefaultSignInScheme, DefaultSignOutScheme nor DefaultScheme point to an instance of the Open ...

An identity cannot be extracted from this request. This generally indicates that the OpenIddict client stack was asked to validate a token for an invalid endpoint. To validate tokens received by custom API endpoints, the OpenIddict validation handler (e.g ...

The authorization server information cannot be extracted from the state principal.

The client registration corresponding to the specified issuer cannot be found in the client options.

The signing algorithm cannot be resolved from the specified frontchannel identity token.

The negotiated grant type cannot be resolved from the authentication context.

The signing algorithm cannot be resolved from the specified backchannel identity token.

The specified grant type is not supported.

No supported response type could be found in the server configuration, which typically indicates that the configuration is incomplete or that only non-interactive grants are supported by the authorization server.

A common grant type/response type combination supported by both the client and the server couldn't be negotiated automatically. Ensure at least one common flow is enabled in the client options. If the error persists, consider specifying a list of allowed g ...

A common response mode supported by both the client and the server couldn't be negotiated automatically. Ensure at least one common flow is enabled in the client options. If the error persists, consider specifying a list of allowed response modes in the cl ...

A redirection URI must be specified in the client registration or web provider options when using an interactive flow.

The '{0}' cannot be resolved from the authorization server configuration or doesn't represent a valid absolute URI, which may indicate this endpoint is not supported or is not enabled in the server configuration.

The '{0}' cannot be resolved from the authorization server configuration or doesn't represent a valid absolute URI, which may indicate this endpoint is not supported or is not enabled in the server configuration.

The redirection request was not correctly extracted. To extract authorization requests, create a class implementing 'IOpenIddictClientHandler<ExtractRedirectionRequestContext>' and register it using 'services.AddOpenIddict().AddClient().AddEventHandler()'.

The redirection response was not correctly applied. To apply redirection responses, create a class implementing 'IOpenIddictClientHandler<ApplyRedirectionResponseContext>' and register it using 'services.AddOpenIddict().AddClient().AddEventHandler()'.

No client registration was found in the client options. To add a registration, use 'services.AddOpenIddict().AddClient().AddRegistration()'.

No client registration information was specified. When multiple clients are registered, an issuer, a provider name or a client registration identifier must be specified in the challenge properties.

The specified issuer is not a valid or absolute URI.

The issuer extracted from the server configuration metadata doesn't match the expected value.

The specified list of valid token types is not valid.

A grant type must be specified when triggering authentication demands from endpoints that are not managed by the OpenIddict client stack. This error may also indicate that the redirection endpoint was not correctly enabled in the OpenIddict client options.

The specified grant type ({0}) cannot be used with this method.

The specified grant type ({0}) cannot be used with this method.

A refresh token must be specified when using the refresh token grant.

The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddClient().AddEventHandler()'.

The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddClient().AddEventHandler()'.

A discovery client must be registered when using server discovery. Reference the 'OpenIddict.Client.SystemNetHttp' package and call 'services.AddOpenIddict().AddClient().UseSystemNetHttp()' to register the default System.Net.Http-based integration.

The OpenIddict OWIN client handler cannot be used as an active authentication handler. Make sure that 'OpenIddictClientOwinOptions.AuthenticationMode' is not set to 'Active'.

An error occurred while retrieving the OpenIddict client context. On ASP.NET Core, this may indicate that the authentication middleware was not registered early enough in the request pipeline. Make sure that 'app.UseAuthentication()' is registered before ' ...

No service provider was found in the OWIN context. For the OpenIddict client services to work correctly, a per-request 'IServiceProvider' must be attached to the OWIN environment with the dictionary key 'System.IServiceProvider'. Note: when using a depende ...

The OpenIddict client services cannot be resolved from the DI container. To register the client services, use 'services.AddOpenIddict().AddClient()'.

The core services must be registered when enabling the OpenIddict client feature. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'. Alternatively, you c ...

An error occurred while refreshing tokens. Error: {0} Error description: {1} Error URI: {2}

An error occurred while refreshing tokens. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the token request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the token request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the token request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the token request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the token response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the token response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the token response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the token response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the userinfo request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the userinfo request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the userinfo request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the userinfo request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the userinfo response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the userinfo response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the userinfo response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the userinfo response. Error: {0} Error description: {1} Error URI: {2}

The provider name cannot be null or empty.

The type of the settings instance attached to the '{0}' provider doesn't match the expected type.

The type of the settings instance attached to the '{0}' provider doesn't match the expected type.

The mandatory '{0}' setting required by the {1} provider integration must be set.

The mandatory '{0}' setting required by the {1} provider integration must be set.

The '{0}' provider settings cannot be resolved from the client registration. Make sure the provider was correctly registered using 'services.AddOpenIddict().AddClient().UseWebProviders().Add{0}()'.

The '{0}' provider settings cannot be resolved from the client registration. Make sure the provider was correctly registered using 'services.AddOpenIddict().AddClient().UseWebProviders().Add{0}()'.

The '{0}' node cannot be extracted from the response or is not of the expected type.

The '{0}' node cannot be extracted from the response or is not of the expected type.

The username cannot be null or empty.

The password cannot be null or empty.

A username must be specified when using the resource owner password credentials grant.

A password must be specified when using the resource owner password credentials grant.

The request forgery protection claim cannot be resolved from the state token.

The endpoint type associated with the state token cannot be resolved.

No client registration information was specified in the sign-out properties. When multiple clients are registered, an issuer, a provider name or a client registration identifier must be specified in the sign-out properties.

The same issuer cannot be used in multiple client registrations.

The request forgery protection claim cannot be resolved from the context.

The request forgery protection claim cannot be resolved from the sign-out context.

The product name cannot be null or empty.

The PEM-encoded key cannot be empty.

The same registration identifier cannot be used in multiple client registrations. When multiple client registrations use the same issuer or the same provider name, an explicit identifier must be attached to each client registration. To attach a registratio ...

The specified client registration identifier doesn't match the identifier of the resolved client registration.

The specified provider name doesn't match the provider name associated with the resolved client registration.

The '{0}' setting required by the {1} provider integration must be a valid absolute URI.

The '{0}' setting required by the {1} provider integration must be a valid absolute URI.

The '{0}' instance returned by CryptoConfig.CreateFromName() is not suitable for the requested operation. When registering a custom implementation of a cryptographic algorithm, make sure it inherits from the correct base type and uses the correct name (e.g ...

The '{0}' instance returned by CryptoConfig.CreateFromName() is not suitable for the requested operation. When registering a custom implementation of a cryptographic algorithm, make sure it inherits from the correct base type and uses the correct name (e.g ...

The nonce cannot be resolved from the context.

The nonce cannot be resolved from the sign-out context.

The nonce cannot be resolved from the state token.

No issuer was specified in the authentication context.

The redirection endpoint must be enabled to use the authorization code and implicit flows.

At least one encryption key must be registered in the OpenIddict client options when using interactive login or logout flows. Consider registering a certificate using 'services.AddOpenIddict().AddClient().AddEncryptionCertificate()' or 'services.AddOpenIdd ...

At least one signing key must be registered in the OpenIddict client options when enabling using interactive login or logout flows. Consider registering a certificate using 'services.AddOpenIddict().AddClient().AddSigningCertificate()' or 'services.AddOpen ...

The specified grant type ({0}) has not been enabled in the OpenIddict client options.

The specified grant type ({0}) has not been enabled in the OpenIddict client options.

The client registration doesn't list any supported grant type, which typically indicates an invalid configuration. Ensure the 'OpenIddictClientRegistration.GrantTypes' collection contain at least one of the grant types enabled in the client options or leav ...

The client registration doesn't list any supported response type, which typically indicates an invalid configuration. Ensure the 'OpenIddictClientRegistration.ResponseTypes' collection contain at least one of the response types enabled in the client option ...

No response mode enabled in the client options could be found in the list of response modes allowed by the client registration, which typically indicates an invalid configuration. Ensure the 'OpenIddictClientRegistration.ResponseModes' collection contain a ...

The specified grant type ({0}) is not listed as a supported grant type in the server configuration. If the error persists, ensure the supported grant types listed in the authorization server configuration are appropriate.

The specified grant type ({0}) is not listed as a supported grant type in the server configuration. If the error persists, ensure the supported grant types listed in the authorization server configuration are appropriate.

Challenge operations cannot be triggered from non-HTTPS endpoints when the transport security requirement is enforced. While not recommended (as HTTPS is required for SameSite=None cookies to work correctly in most browsers), the transport security require ...

Sign-out operations cannot be triggered from non-HTTPS endpoints when the transport security requirement is enforced. While not recommended (as HTTPS is required for SameSite=None cookies to work correctly in most browsers), the transport security requirem ...

The '{0}' parameter cannot be null or empty.

The '{0}' parameter cannot be null or empty.

The device authorization flow cannot be enabled when token storage is disabled (unless the degraded mode is used).

The redirection request was not handled. To handle redirection requests in a controller, create a custom action with the same route as the redirection endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddO ...

The post-logout redirection request was not correctly extracted. To extract post-logout redirection requests, create a class implementing 'IOpenIddictClientHandler<ExtractPostLogoutRedirectionRequestContext>' and register it using 'services.AddOpenIddict() ...

The post-logout redirection request was not handled. To handle post-logout redirection requests in a controller, create a custom action with the same route as the post-logout redirection endpoint and enable the pass-through mode in the server ASP.NET Core ...

The post-logout redirection response was not correctly applied. To apply post-logout redirection responses, create a class implementing 'IOpenIddictClientHandler<ApplyPostLogoutRedirectionResponseContext>' and register it using 'services.AddOpenIddict().Ad ...

The System.Net.Http client cannot be resolved.

Only instances of type '{0}' can be used as primary HTTP handlers for the HTTP clients managed by OpenIddict.

Only instances of type '{0}' can be used as primary HTTP handlers for the HTTP clients managed by OpenIddict.

An error occurred while authenticating the user. Error: {0} Error description: {1} Error URI: {2}

An error occurred while authenticating the user. Error: {0} Error description: {1} Error URI: {2}

The protocol activation cannot be resolved or contains invalid data.

The identifier of the application instance that initiated the authentication process cannot be resolved from the state token.

Marshalling of authentication demands is not supported on ASP.NET Core and OWIN. To retrieve the authentication result, use 'IAuthenticationService.AuthenticateAsync()' or 'AuthenticationManager.AuthenticateAsync()'.

An error occurred while adding the challenge operation to the list of tracked demands, which may indicate a nonce collision. Make sure nonces are unique, contain enough entropy and are generated using a crypto-secure random number generator.

The specified nonce is already used to track another authentication operation.

An error occurred while marking the authentication operation as completed, which may indicate a nonce collision. Make sure nonces are unique, contain enough entropy and are generated using a crypto-secure random number generator.

An error occurred while removing the authentication operation from the list of tracked demands, which may indicate a nonce collision. Make sure nonces are unique, contain enough entropy and are generated using a crypto-secure random number generator.

An error occurred while marking the authentication operation as failed, which may indicate a nonce collision. Make sure nonces are unique, contain enough entropy and are generated using a crypto-secure random number generator.

An error occurred while waiting for the authentication operation to complete, which may indicate a nonce collision. Make sure nonces are unique, contain enough entropy and are generated using a crypto-secure random number generator.

An error occurred while trying to create an embedded web server on port {0}.

An error occurred while trying to create an embedded web server on port {0}.

The default system browser couldn't be started. If the application executes inside a sandbox, make sure it is allowed to launch URIs or spawn new processes.

An application discriminator must be manually set in the OpenIddict client system integration options when no application name is provided by the .NET generic host. To set the application discriminator, call 'services.AddOpenIddict().AddClient().UseSystemI ...

The type extracted from the inter-process notification ({0}) is unknown or invalid, which may indicate that different versions of the OpenIddict client are used for the same application.

The type extracted from the inter-process notification ({0}) is unknown or invalid, which may indicate that different versions of the OpenIddict client are used for the same application.

The payload extracted from the inter-process notification is malformed, incomplete or was created by a different version of the OpenIddict client library.

The OpenIddict client system integration is not supported on this platform (only Android 21+, iOS 12.0+, Linux, Mac Catalyst 13.1+, macOS 10.15+ and Windows 7 are supported).

The HTTP listener context cannot be resolved or contains invalid data.

An error occurred while instantiating the embedded web server, which may indicate a permission issue.

The web authentication broker is only supported on UWP and requires running Windows 10 version 1709 (Fall Creators) or higher.

The platform callback cannot be resolved or contains invalid data.

The issuer attached to the static configuration must be the same as the one configured in the validation options.

The issuer attached to the static configuration must be the same as the one configured in the client registration.

A device code must be specified when using the device authorization code grant.

The client registration corresponding to the specified provider name cannot be found in the client options.

An error occurred while preparing the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the device authorization response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the device authorization response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the device authorization response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the device authorization response. Error: {0} Error description: {1} Error URI: {2}

The grant type '{0}' is not supported by the ASP.NET Core and OWIN integrations.

The grant type '{0}' is not supported by the ASP.NET Core and OWIN integrations.

This API is no longer supported and will be removed in a future version.

The specified issuer is used in multiple client registrations. To select a specific client registration, specify its identifier.

The issuer must be provided for custom client registrations and must be a valid absolute URI. If the client registration is expected to use a provider integration provided by the OpenIddict.Client.WebIntegration package, make sure the 'OpenIddictClientRegi ...

The provider settings attached to the client registration are missing or of an incorrect type. When manually adding client registrations that depend on a web provider integration provided by OpenIddict.Client.WebIntegration, make sure the 'OpenIddictClient ...

The specified provider type is not valid or is not supported by this version of the OpenIddict.Client.WebIntegration package.

The specified issuer doesn't match the issuer associated with the resolved client registration.

The specified provider name is used in multiple client registrations. To select a specific client registration, specify its identifier.

The client registration corresponding to the specified identifier cannot be found in the client options.

The issuer couldn't be resolved from the provider configuration or is not a valid absolute URI. Make sure the OpenIddict.Client.WebIntegration package is referenced and 'options.UseWebProviders()' is correctly called.

The Shopify integration requires setting the shop name to be able to determine the location of the OAuth 2.0 endpoints. To dynamically set the shop name when triggering a challenge, add a ".shopify_shop_name" authentication property containing the shop nam ...

The specified string is not a valid hexadecimal string.

The '{0}' authentication scheme already exists and cannot be registered as a forwarded authentication scheme by the OpenIddict client. Consider removing the conflicting authentication handler or use a different provider name. Alternatively, automatic authe ...

The '{0}' authentication scheme already exists and cannot be registered as a forwarded authentication scheme by the OpenIddict client. Consider removing the conflicting authentication handler or use a different provider name. Alternatively, automatic authe ...

Multiple client registrations sharing the same provider name exist, which prevents registering an automatic forwarded authentication scheme with the name '{0}'. Consider using a unique provider name per client registration or disable automatic authenticati ...

Multiple client registrations sharing the same provider name exist, which prevents registering an automatic forwarded authentication scheme with the name '{0}'. Consider using a unique provider name per client registration or disable automatic authenticati ...

Multiple client registrations sharing the same provider name exist, which prevents registering an automatic forwarded authentication type with the name '{0}'. Consider using a unique provider name per client registration or disable automatic authentication ...

Multiple client registrations sharing the same provider name exist, which prevents registering an automatic forwarded authentication type with the name '{0}'. Consider using a unique provider name per client registration or disable automatic authentication ...

The authentication properties must not contain an '.issuer', '.provider_name' or '.registration_id' property when using a forwarded authentication scheme/type.

A client identifier must be specified in the client registration or web provider options when using 'response_type=none', the authorization code/hybrid/implicit flows or the device authorization flow.

At least one client authentication method must be configured when enabling the device authorization, introspection, revocation or token endpoints.

The '{0}' client assertion type must be configured when enabling the '{1}' client authentication method.

The '{0}' client assertion type must be configured when enabling the '{1}' client authentication method.

At least one subject type must be supported.

A configuration manager must be attached to the client registration to be able to resolve the server configuration.

Multiple claims of the same type are present in the identity or principal.

The '{0}' claim present in the specified principal is malformed or isn't of the expected type.

The '{0}' claim present in the specified principal is malformed or isn't of the expected type.

The specified principal contains an authenticated identity, which is not valid for this operation. Make sure that 'ClaimsPrincipal.Identity.AuthenticationType' is null and that 'ClaimsPrincipal.Identity.IsAuthenticated' returns 'false'.

The specified principal contains a subject claim, which is not valid for this operation.

The Amazon integration requires sending the user code to the token endpoint when using the device authorization code grant. For that, attach a ".user_code" authentication property containing the user code returned by the device authorization endpoint.

An error occurred while introspecting a token. Error: {0} Error description: {1} Error URI: {2}

An error occurred while introspecting a token. Error: {0} Error description: {1} Error URI: {2}

An error occurred while revoking a token. Error: {0} Error description: {1} Error URI: {2}

An error occurred while revoking a token. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the revocation request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the revocation request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the revocation request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the revocation request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the revocation response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the revocation response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the revocation response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the revocation response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while signing the user out.

An error occurred while authenticating the client application. Error: {0} Error description: {1} Error URI: {2}

An error occurred while authenticating the client application. Error: {0} Error description: {1} Error URI: {2}

The specified charset contains a duplicate character.

The specified charset contains a character that cannot be represented as a single text element.

The specified charset contains non-ASCII characters. Characters outside the Basic Latin Unicode block are only supported on .NET 5.0 and higher.

The specified characters count is too low. Use a value equal to or higher than {0}.

The specified characters count is too low. Use a value equal to or higher than {0}.

The specified charset doesn't include enough characters. Ensure at least {0} characters are included in the charset.

The specified charset doesn't include enough characters. Ensure at least {0} characters are included in the charset.

The specified format string cannot contain a '{0}' character when it is included as an allowed character in the charset.

The specified format string cannot contain a '{0}' character when it is included as an allowed character in the charset.

The client registration corresponding to the specified nonce could not be resolved, which may indicate an invalid authentication demand or an invalid configuration. When using interactive user authentication flows in desktop or mobile applications, make su ...

The base URI could not be resolved from the context, which may indicate an invalid authentication demand or an invalid configuration. When using interactive user authentication flows in desktop or mobile applications, make sure the system integration is re ...

An explicit response type must be attached when specifying a specific grant type.

An explicit grant type must be attached when specifying a specific response type (except when using the special response_type=none value).

AS web authentication sessions are only supported on iOS 12.0+/macOS 10.15+/Mac Catalyst 12.0+ and require using an OS-specific target framework moniker on macOS (e.g 'net8.0-macos15.0').

The current UI window cannot be resolved.

An unknown error occurred while trying to start an AS web authentication session.

The portable version of the OpenIddict.Client.SystemIntegration package cannot be used on Android, iOS and Mac Catalyst. Make sure your application is referencing the correct version by using the appropriate OS-specific TFM (e.g on iOS, 'net8.0-ios18.0').

An HTTP redirect_uri or post_logout_redirect_uri cannot be used when using AS web authentication sessions. Make sure you're using a custom protocol scheme for all the callback URIs attached to the client registration. Alternatively, you can register an ass ...

The Zoho integration requires sending the region of the server when using the client credentials or refresh token grants. For that, attach a ".location" authentication property containing the region to use.

Custom tabs intents are only supported on Android.

The specified intent doesn't contain a valid data URI.

The format of the specified certificate is not supported.

Registration identifiers cannot contain U+001E or U+001F characters.

The specified client authentication method/token binding methods combination is not valid.

The '{0}' parameter cannot contain null or empty values.

The '{0}' parameter cannot contain null or empty values.

A token must be specified when using introspection.

A token must be specified when using revocation.

The authorization server requires using pushed authorization requests. Consider setting 'OpenIddictClientRegistration.DisablePushedAuthorizationRequests' to false to allow the OpenIddict client to use pushed authorization requests.

An error occurred while preparing the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while preparing the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while sending the device authorization request. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the device authorization response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while extracting the device authorization response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the device authorization response. Error: {0} Error description: {1} Error URI: {2}

An error occurred while handling the device authorization response. Error: {0} Error description: {1} Error URI: {2}

Authorization request caching and end session request caching cannot be used when disabling token storage.

No custom pushed authorization request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidatePushedAuthorizationRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be imple ...

The VK ID integration requires sending the device identifier to the token and revocation endpoints. For that, attach a ".device_id" authentication property containing the device identifier returned by the authorization endpoint.

The pushed authorization request was not correctly extracted. To extract pushed authorization requests, create a class implementing 'IOpenIddictServerHandler<ExtractPushedAuthorizationRequestContext>' and register it using 'services.AddOpenIddict().AddServ ...

The pushed authorization response was not correctly applied. To apply pushed authorization responses, create a class implementing 'IOpenIddictServerHandler<ApplyPushedAuthorizationResponseContext>' and register it using 'services.AddOpenIddict().AddServer( ...

The security token is missing.

The specified authorization code is invalid.

The specified device code is invalid.

The specified refresh token is invalid.

The specified token is invalid.

The specified token is not an authorization code.

The specified token is not an device code.

The specified token is not a refresh token.

The specified token is not an access token.

The specified identity token is invalid.

The specified authorization code has already been redeemed.

The specified device code has already been redeemed.

The specified refresh token has already been redeemed.

The specified token has already been redeemed.

The authorization has not been granted yet by the end user.

The authorization was denied by the end user.

The specified authorization code is no longer valid.

The specified device code is no longer valid.

The specified refresh token is no longer valid.

The specified token is no longer valid.

The authorization associated with the authorization code is no longer valid.

The authorization associated with the device code is no longer valid.

The authorization associated with the refresh token is no longer valid.

The authorization associated with the token is no longer valid.

The token request was rejected by the authentication server.

The user information access demand was rejected by the authentication server.

The specified user code is no longer valid.

The client application is not allowed to use the device authorization flow.

The '{0}' parameter is not supported.

The '{0}' parameter is not supported.

The mandatory '{0}' parameter is missing.

The mandatory '{0}' parameter is missing.

The '{0}' parameter must be a valid absolute URI.

The '{0}' parameter must be a valid absolute URI.

The '{0}' parameter must not include a fragment.

The '{0}' parameter must not include a fragment.

The specified '{0}' is not supported.

The specified '{0}' is not supported.

The specified '{0}'/'{1}' combination is invalid.

The specified '{0}'/'{1}' combination is invalid.

The mandatory '{0}' scope is missing.

The mandatory '{0}' scope is missing.

The '{0}' scope is not allowed.

The '{0}' scope is not allowed.

The client identifier cannot be null or empty.

The '{0}' parameter cannot be used without '{1}'.

The '{0}' parameter cannot be used without '{1}'.

The status cannot be null or empty.

Scopes cannot be null or empty.

The '{0}' and '{1}' parameters can only be used with a response type containing '{2}'.

The '{0}' and '{1}' parameters can only be used with a response type containing '{2}'.

The specified '{0}' is not allowed when using PKCE.

The specified '{0}' is not allowed when using PKCE.

Scopes cannot contain spaces.

The specified '{0}' is not valid for this client application.

The specified '{0}' is not valid for this client application.

The scope name cannot be null or empty.

The scope name cannot contain spaces.

This client application is not allowed to use the authorization endpoint.

The client application is not allowed to use the authorization code flow.

The client application is not allowed to use the implicit flow.

The client application is not allowed to use the hybrid flow.

The client type cannot be null or empty.

This client application is not allowed to use the specified scope.

The specified '{0}' is invalid.

The specified '{0}' is invalid.

The '{0}' parameter is not valid for this client application.

The '{0}' parameter is not valid for this client application.

The '{0}' parameter required for this client application is missing.

The '{0}' parameter required for this client application is missing.

The specified client credentials are invalid.

This client application is not allowed to use the device authorization endpoint.

The '{0}' or '{1}' parameter must be specified when using the client credentials grant.

The '{0}' or '{1}' parameter must be specified when using the client credentials grant.

The '{0}' parameter is required when using the device code grant.

The '{0}' parameter is required when using the device code grant.

The mandatory '{0}' and/or '{1}' parameters are missing.

The mandatory '{0}' and/or '{1}' parameters are missing.

A scope with the same name already exists.

Callback URIs cannot be null or empty.

Callback URIs must be valid absolute URIs.

This client application is not allowed to use the token endpoint.

This client application is not allowed to use the specified grant type.

The client application is not allowed to use the '{0}' scope.

The client application is not allowed to use the '{0}' scope.

The specified authorization code cannot be used without sending a client identifier.

The specified device code cannot be used without sending a client identifier.

The specified refresh token cannot be used without sending a client identifier.

The specified authorization code cannot be used by this client application.

The specified device code cannot be used by this client application.

The specified refresh token cannot be used by this client application.

The specified '{0}' parameter doesn't match the client redirection URI the authorization code was initially sent to.

The specified '{0}' parameter doesn't match the client redirection URI the authorization code was initially sent to.

The '{0}' parameter cannot be used when no '{1}' was specified in the authorization request.

The '{0}' parameter cannot be used when no '{1}' was specified in the authorization request.

The '{0}' parameter is not valid in this context.

The '{0}' parameter is not valid in this context.

This client application is not allowed to use the introspection endpoint.

The specified token cannot be introspected.

The client application is not allowed to introspect the specified token.

This client application is not allowed to use the revocation endpoint.

This token cannot be revoked.

The client application is not allowed to revoke the specified token.

The mandatory '{0}' header is missing.

The mandatory '{0}' header is missing.

The specified '{0}' header is invalid.

The specified '{0}' header is invalid.

This server only accepts HTTPS requests.

The specified HTTP method is not valid.

A token with the same reference identifier already exists.

The token type cannot be null or empty.

Multiple client credentials cannot be specified.

The issuer associated to the specified token is not valid.

The specified token is not of the expected type.

The signing key associated to the specified token was not found.

The signature associated to the specified token is not valid.

This resource server is currently unavailable.

The specified token doesn't contain any audience.

The specified token cannot be used with this resource server.

The user represented by the token is not allowed to perform the requested action.

No issuer could be found in the server configuration.

A server configuration containing an invalid issuer was returned.

The issuer returned in the server configuration doesn't match the value set in the validation options.

No JSON Web Key Set endpoint could be found in the server configuration.

A server configuration containing an invalid '{0}' URI was returned.

A server configuration containing an invalid '{0}' URI was returned.

The JSON Web Key Set document didn't contain a valid '{0}' node with at least one key.

The JSON Web Key Set document didn't contain a valid '{0}' node with at least one key.

A JSON Web Key Set response containing an unsupported key was returned.

A JSON Web Key Set response containing an invalid key was returned.

The mandatory '{0}' parameter couldn't be found in the introspection response.

The mandatory '{0}' parameter couldn't be found in the introspection response.

The token was rejected by the remote authentication server.

The '{0}' parameter is malformed or isn't of the expected type.

The '{0}' parameter is malformed or isn't of the expected type.

An introspection response containing a malformed issuer was returned.

The issuer returned in the introspection response is not valid.

The type of the introspected token doesn't match the expected type.

An application with the same client identifier already exists.

Only confidential or public applications are supported by the default application manager.

The client secret cannot be null or empty for a confidential application. Alternatively, a RSA or ECDSA key (with the key use "sig") can be added to the JSON Web Key Set attached to the application if the client authenticates using client assertions.

A client secret cannot be associated with a public application.

Callback URIs cannot contain a fragment.

The authorization type cannot be null or empty.

The specified authorization type is not supported by the default token manager.

The token usage returned by the authorization server is not supported.

The specified '{0}' parameter doesn't match the authorization server the authorization request was initially sent to.

The specified '{0}' parameter doesn't match the authorization server the authorization request was initially sent to.

The '{0}' parameter cannot be used when '{1}' is not supported by the authorization server.

The '{0}' parameter cannot be used when '{1}' is not supported by the authorization server.

The '{0}' claim extracted from the specified frontchannel identity token is malformed or isn't of the expected type.

The '{0}' claim extracted from the specified frontchannel identity token is malformed or isn't of the expected type.

The mandatory '{0}' claim cannot be found in the specified frontchannel identity token.

The mandatory '{0}' claim cannot be found in the specified frontchannel identity token.

The specified frontchannel identity token cannot be used with this client application.

The '{0}' claim returned in the specified frontchannel identity token doesn't match the expected value.

The '{0}' claim returned in the specified frontchannel identity token doesn't match the expected value.

The '{0}' claim extracted from the specified backchannel identity token is malformed or isn't of the expected type.

The '{0}' claim extracted from the specified backchannel identity token is malformed or isn't of the expected type.

The mandatory '{0}' claim cannot be found in the specified backchannel identity token.

The mandatory '{0}' claim cannot be found in the specified backchannel identity token.

The specified backchannel identity token cannot be used with this client application.

The '{0}' claim returned in the specified backchannel identity token doesn't match the expected value.

The '{0}' claim returned in the specified backchannel identity token doesn't match the expected value.

No correlation cookie associated with the specified state can be found. Please try logging in again. If the error persists, please contact the website owner.

The specified state token is not valid in this context.

The '{0}' claim extracted from the specified userinfo response/token is malformed or isn't of the expected type.

The '{0}' claim extracted from the specified userinfo response/token is malformed or isn't of the expected type.

The mandatory '{0}' claim cannot be found in the specified userinfo response/token.

The mandatory '{0}' claim cannot be found in the specified userinfo response/token.

The '{0}' claim returned in the specified userinfo response/token doesn't match the expected value.

The '{0}' claim returned in the specified userinfo response/token doesn't match the expected value.

Callback URIs cannot contain an "{0}" parameter.

Callback URIs cannot contain an "{0}" parameter.

The '{0}' parameter must not include a '{1}' component.

The '{0}' parameter must not include a '{1}' component.

An error occurred while communicating with the remote HTTP server.

An invalid JSON response was returned by the remote HTTP server.

The current URI doesn't match the URI of the redirection endpoint selected during the initial authorization request.

The specified state token has already been redeemed.

This client application is not allowed to use the end session endpoint.

The client application is not allowed to use the specified identity token hint.

The specified '{0}' parameter is not suitable for the requested operation.

The specified '{0}' parameter is not suitable for the requested operation.

An unsupported content encoding was returned by the remote server.

The configuration request was rejected by the remote server.

The JSON Web Key Set request was rejected by the remote server.

The introspection request was rejected by the remote server.

The token request was rejected by the remote server.

The userinfo request was rejected by the remote server.

The authentication demand was denied by the user or by the identity provider.

The authentication demand was rejected due to a missing or invalid parameter.

The authentication demand was rejected due to an invalid scope.

The authentication demand was rejected due to a remote server error.

The authentication demand was rejected due to a transient error.

The authentication demand was rejected due to the use of an incorrect or unauthorized grant type.

The authentication demand was rejected due to an unsupported response type.

The authentication demand was rejected because the user didn't select a user account.

The authentication demand was rejected because user consent was required to proceed the request.

The authentication demand was rejected because user interaction was required to proceed the request.

The authentication demand was rejected because user (re-)authentication was required to proceed the request.

The authentication demand was rejected by the identity provider.

A generic {StatusCode} error was returned by the remote authorization server.

A generic {StatusCode} error was returned by the remote authorization server.

An unsupported response was returned by the remote authorization server.

The correlation cookie is invalid or malformed.

The request forgery protection is missing or doesn't contain the expected value.

The issuer returned in the server configuration doesn't match the value set in the client registration options.

The received authorization response is not valid for this instance of the application.

The device authorization request was rejected by the remote server.

The mandatory '{0}' parameter couldn't be found in the device authorization response.

The mandatory '{0}' parameter couldn't be found in the device authorization response.

The '{0}' parameter returned in the device authorization response is not valid absolute URI.

The '{0}' parameter returned in the device authorization response is not valid absolute URI.

The remote authorization server is currently unavailable or returned an invalid configuration.

The '{0}' claim extracted from the specified client assertion is malformed or isn't of the expected type.

The '{0}' claim extracted from the specified client assertion is malformed or isn't of the expected type.

The mandatory '{0}' claim cannot be found in the specified client assertion.

The mandatory '{0}' claim cannot be found in the specified client assertion.

The '{0}' claim returned in the specified client assertion doesn't match the expected value.

The '{0}' claim returned in the specified client assertion doesn't match the expected value.

The '{0}' client authentication method is not supported.

The '{0}' client authentication method is not supported.

The revocation request was rejected by the remote server.

The introspection response indicates the token is no longer valid.

The '{0}' parameter must be attached as a regular OAuth 2.0 parameter when using a request object or pushed authorization requests.

The '{0}' parameter must be attached as a regular OAuth 2.0 parameter when using a request object or pushed authorization requests.

The '{0}' parameter doesn't match the value specified in the request object or pushed authorization request.

The '{0}' parameter doesn't match the value specified in the request object or pushed authorization request.

The pushed authorization request was rejected by the remote server.

The mandatory '{0}' parameter couldn't be found in the pushed authorization response.

The mandatory '{0}' parameter couldn't be found in the pushed authorization response.

The '{0}' parameter returned in the pushed authorization response is not valid absolute URI.

The '{0}' parameter returned in the pushed authorization response is not valid absolute URI.

A '{0}' obtained from the pushed authorization request endpoint is required for this client application.

A '{0}' obtained from the pushed authorization request endpoint is required for this client application.

This client application is not allowed to use the pushed authorization request endpoint.

The specified Alibaba Cloud/Aliyun region is not valid. Supported values are: 'China' (or 'CN'), 'Global' (or 'GLB').

The specified Battle.net region is not valid. Supported values are: 'Asia-Pacific' (or 'APAC'), 'China' (or 'CN'), 'European Union' (or 'EU'), 'United States' (or 'US').

The specified Amazon Cognito region is not valid. Supported values are: 'US East (Ohio)' (or 'us-east-2'), 'US East (N. Virginia)' (or 'us-east-1'), 'US West (N. California)' (or 'us-west-1'), 'US West (Oregon)' (or 'us-west-2'), 'Africa (Cape Town)' (or ' ...

The specified Lark/Feishu region is not valid. Supported values are: 'China' (or 'CN'), 'Global' (or 'GLB').

The specified Zoho region is not valid. Supported values are: 'Australia' (or 'AU'), 'Canada' (or 'CA'), 'European Union' (or 'EU'), 'India' (or 'IN'), 'Japan' (or 'JP'), 'Saudi Arabia' (or 'SA'), 'United Kingdom' (or 'UK'), 'United States' (or 'US').

The specified Genesys Cloud region is not valid. Supported values are: 'Asia Pacific (Mumbai)' (or 'ap-south-1'), 'Asia Pacific (Osaka)' (or 'ap-northeast-3'), 'Asia Pacific (Seoul)' (or 'ap-northeast-2'), 'Asia Pacific (Sydney)' (or 'ap-southeast-2'), 'As ...

The specified Stripe Connect account type is not valid. Supported values are 'Standard' and 'Express'.

The '{0}' parameter shouldn't be null or empty at this point.

The '{0}' parameter shouldn't be null or empty at this point.

The separators collection shouldn't be null or empty.

The value string shouldn't be null or empty.

RSA.ExportParameters() shouldn't return invalid values.

ECDsa.ExportParameters() shouldn't return invalid values.

ECDsa.ExportParameters() shouldn't return an unnamed curve.

The principal and its attached identity shouldn't be null at this point.

The response shouldn't be null at this point.

The request shouldn't be null at this point.

The token type shouldn't be null or empty.

The token shouldn't be null or empty at this point.

EC-based keys shouldn't have a null OID.

EC-based keys should have a non-null OID raw value or friendly name.

The issuer should be a valid absolute URI at this point.

The username shouldn't be null or empty at this point.

The password shouldn't be null or empty at this point.

The number of written bytes ({0}) doesn't match the expected value ({1}).

The number of written bytes ({0}) doesn't match the expected value ({1}).

The token identifier shouldn't be null or empty at this point.

The authorization identifier shouldn't be null or empty at this point.

The nonce shouldn't be null or empty at this point.

An error occurred while validating the token '{Token}'.

An error occurred while validating the token '{Token}'.

The token '{Token}' was successfully validated and the following claims could be extracted: {Claims}.

The token '{Token}' was successfully validated and the following claims could be extracted: {Claims}.

The token '{Identifier}' has already been redeemed.

The token '{Identifier}' has already been redeemed.

The token '{Identifier}' is not active yet.

The token '{Identifier}' is not active yet.

The token '{Identifier}' was marked as rejected.

The token '{Identifier}' was marked as rejected.

The token '{Identifier}' was no longer valid.

The token '{Identifier}' was no longer valid.

The authorization '{Identifier}' was no longer valid.

The authorization '{Identifier}' was no longer valid.

An ad hoc authorization was automatically created and associated with an unknown application: {Identifier}.

An ad hoc authorization was automatically created and associated with an unknown application: {Identifier}.

An ad hoc authorization was automatically created and associated with the '{ClientId}' application: {Identifier}.

An ad hoc authorization was automatically created and associated with the '{ClientId}' application: {Identifier}.

'{Claim}' was excluded from the access token claims.

'{Claim}' was excluded from the access token claims.

The access token scopes will be limited to the scopes requested by the client application: {Scopes}.

The access token scopes will be limited to the scopes requested by the client application: {Scopes}.

'{Claim}' was excluded from the identity token claims.

'{Claim}' was excluded from the identity token claims.

The token entry for '{Type}' token '{Identifier}' was successfully created.

The token entry for '{Type}' token '{Identifier}' was successfully created.

A new '{Type}' JSON Web Token was successfully created: {Payload}. The principal used to create the token contained the following claims: {Claims}.

A new '{Type}' JSON Web Token was successfully created: {Payload}. The principal used to create the token contained the following claims: {Claims}.

The token payload ({Payload}) was successfully attached to the token entry '{Identifier}' of type '{Type}'.

The token payload ({Payload}) was successfully attached to the token entry '{Identifier}' of type '{Type}'.

The reference identifier ({ReferenceId}) was successfully attached to the token entry '{Identifier}' of type '{Type}'.

The reference identifier ({ReferenceId}) was successfully attached to the token entry '{Identifier}' of type '{Type}'.

A new '{Type}' ASP.NET Core Data Protection token was successfully created: {Payload}. The principal used to create the token contained the following claims: {Claims}.

A new '{Type}' ASP.NET Core Data Protection token was successfully created: {Payload}. The principal used to create the token contained the following claims: {Claims}.

The token entry for device code '{Identifier}' was successfully updated with the new payload.

The token entry for device code '{Identifier}' was successfully updated with the new payload.

The authorization request was successfully extracted: {Request}.

The authorization request was successfully extracted: {Request}.

The authorization request was successfully validated.

The authorization request was rejected because it contained an unsupported parameter: {Parameter}.

The authorization request was rejected because it contained an unsupported parameter: {Parameter}.

The authorization request was rejected because the mandatory '{Parameter}' parameter was missing.

The authorization request was rejected because the mandatory '{Parameter}' parameter was missing.

The authorization request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {RedirectUri}.

The authorization request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {RedirectUri}.

The authorization request was rejected because the '{Parameter}' contained a URI fragment: {RedirectUri}.

The authorization request was rejected because the '{Parameter}' contained a URI fragment: {RedirectUri}.

The authorization request was rejected because the '{ResponseType}' response type is not supported.

The authorization request was rejected because the '{ResponseType}' response type is not supported.

The authorization request was rejected because the 'response_type'/'response_mode' combination was invalid: {ResponseType} ; {ResponseMode}.

The authorization request was rejected because the 'response_type'/'response_mode' combination was invalid: {ResponseType} ; {ResponseMode}.

The authorization request was rejected because the '{ResponseMode}' response mode is not supported.

The authorization request was rejected because the '{ResponseMode}' response mode is not supported.

The authorization request was rejected because the '{Scope}' scope was missing.

The authorization request was rejected because the '{Scope}' scope was missing.

The authorization request was rejected because an invalid prompt combination was specified.

The authorization request was rejected because the specified code challenge method was not supported.

The authorization request was rejected because the response type was not compatible with 'code_challenge'/'code_challenge_method'.

The authorization request was rejected because the specified response type was not compatible with PKCE.

The authorization request was rejected because the confidential application '{ClientId}' was not allowed to retrieve an access token from the authorization endpoint.

The authorization request was rejected because the confidential application '{ClientId}' was not allowed to retrieve an access token from the authorization endpoint.

The authorization request was rejected because the redirect_uri was invalid: '{RedirectUri}'.

The authorization request was rejected because the redirect_uri was invalid: '{RedirectUri}'.

The authentication request was rejected because invalid scopes were specified: {Scopes}.

The authentication request was rejected because invalid scopes were specified: {Scopes}.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization endpoint.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization endpoint.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization code flow.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization code flow.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the implicit flow.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the implicit flow.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the hybrid flow.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the hybrid flow.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the '{Scope}' scope.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the '{Scope}' scope.

The request URI matched a server endpoint: {Endpoint}.

The request URI matched a server endpoint: {Endpoint}.

The device authorization request was successfully extracted: {Request}.

The device authorization request was successfully extracted: {Request}.

The device authorization request was successfully validated.

The device authorization request was rejected because invalid scopes were specified: {Scopes}.

The device authorization request was rejected because invalid scopes were specified: {Scopes}.

The device authorization request was rejected because the application '{ClientId}' was not allowed to use the device authorization endpoint.

The device authorization request was rejected because the application '{ClientId}' was not allowed to use the device authorization endpoint.

The device authorization request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}.

The device authorization request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}.

The verification request was successfully extracted: {Request}.

The verification request was successfully extracted: {Request}.

The verification request was successfully validated.

The configuration request was successfully extracted: {Request}.

The configuration request was successfully extracted: {Request}.

The configuration request was successfully validated.

The JSON Web Key Set request was successfully extracted: {Request}.

The JSON Web Key Set request was successfully extracted: {Request}.

The JSON Web Key Set request was successfully validated.

A JSON Web Key was excluded from the key set because it didn't contain the mandatory '{Parameter}' parameter.

A JSON Web Key was excluded from the key set because it didn't contain the mandatory '{Parameter}' parameter.

An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA and ECDSA asymmetric security keys can be exposed via the JSON Web Key Set endpoint.

An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA and ECDSA asymmetric security keys can be exposed via the JSON Web Key Set endpoint.

An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA asymmetric security keys can be exposed via the JSON Web Key Set endpoint.

An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA asymmetric security keys can be exposed via the JSON Web Key Set endpoint.

A signing key of type '{Type}' was ignored because its RSA public parameters couldn't be extracted.

A signing key of type '{Type}' was ignored because its RSA public parameters couldn't be extracted.

A signing key of type '{Type}' was ignored because its EC public parameters couldn't be extracted.

A signing key of type '{Type}' was ignored because its EC public parameters couldn't be extracted.

The token request was successfully extracted: {Request}.

The token request was successfully extracted: {Request}.

The token request was successfully validated.

The token request was rejected because the mandatory '{Parameter}' parameter was missing.

The token request was rejected because the mandatory '{Parameter}' parameter was missing.

The token request was rejected because the '{GrantType}' grant type is not supported.

The token request was rejected because the '{GrantType}' grant type is not supported.

The token request was rejected because the resource owner credentials were missing.

The token request was rejected because invalid scopes were specified: {Scopes}.

The token request was rejected because invalid scopes were specified: {Scopes}.

The token request was rejected because the application '{ClientId}' was not allowed to use the token endpoint.

The token request was rejected because the application '{ClientId}' was not allowed to use the token endpoint.

The token request was rejected because the application '{ClientId}' was not allowed to use the specified grant type: {GrantType}.

The token request was rejected because the application '{ClientId}' was not allowed to use the specified grant type: {GrantType}.

The token request was rejected because the application '{ClientId}' was not allowed to request the '{Scope}' scope.

The token request was rejected because the application '{ClientId}' was not allowed to request the '{Scope}' scope.

The token request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}.

The token request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}.

The token request was rejected because the client identifier of the application was not available and could not be compared to the presenters list stored in the authorization code, the device code or the refresh token.

The token request was rejected because the authorization code, the device code or the refresh token was issued to a different client application.

The token request was rejected because the '{Parameter}' parameter didn't correspond to the expected value.

The token request was rejected because the '{Parameter}' parameter didn't correspond to the expected value.

The token request was rejected because a '{0}' parameter was presented with an authorization code to which no code challenge was attached when processing the initial authorization request.

The token request was rejected because a '{0}' parameter was presented with an authorization code to which no code challenge was attached when processing the initial authorization request.

The token request was rejected because the '{Parameter}' parameter was not allowed.

The token request was rejected because the '{Parameter}' parameter was not allowed.

The token request was rejected because the '{Parameter}' parameter was not valid.

The token request was rejected because the '{Parameter}' parameter was not valid.

The introspection request was successfully extracted: {Request}.

The introspection request was successfully extracted: {Request}.

The introspection request was successfully validated.

The introspection request was rejected because the mandatory '{Parameter}' parameter was missing.

The introspection request was rejected because the mandatory '{Parameter}' parameter was missing.

The introspection request was rejected because the application '{ClientId}' was not allowed to use the introspection endpoint.

The introspection request was rejected because the application '{ClientId}' was not allowed to use the introspection endpoint.

The introspection request was rejected because the received token was of an unsupported type.

Potentially sensitive application claims were excluded from the introspection response as the client '{ClientId}' was not explicitly listed as an audience.

Potentially sensitive application claims were excluded from the introspection response as the client '{ClientId}' was not explicitly listed as an audience.

The introspection request was rejected because the access token was issued to a different client or for another resource server.

Potentially sensitive application claims were excluded from the introspection response as the client '{ClientId}' is a public application.

Potentially sensitive application claims were excluded from the introspection response as the client '{ClientId}' is a public application.

The introspection request was rejected because the refresh token was issued to a different client.

The revocation request was successfully extracted: {Request}.

The revocation request was successfully extracted: {Request}.

The revocation request was successfully validated.

The revocation request was rejected because the mandatory '{Parameter}' parameter was missing.

The revocation request was rejected because the mandatory '{Parameter}' parameter was missing.

The revocation request was rejected because the application '{ClientId}' was not allowed to use the revocation endpoint.

The revocation request was rejected because the application '{ClientId}' was not allowed to use the revocation endpoint.

The revocation request was rejected because the received token was of an unsupported type.

The device authorization request was rejected because the application '{ClientId}' was not allowed to use the device authorization flow.

The device authorization request was rejected because the application '{ClientId}' was not allowed to use the device authorization flow.

The revocation request was rejected because the access token was issued to a different client or for another resource server.

The device authorization request was rejected because the application '{ClientId}' was not allowed to request the '{Scope}' scope.

The device authorization request was rejected because the application '{ClientId}' was not allowed to request the '{Scope}' scope.

The revocation request was rejected because the refresh token was issued to a different client.

The revocation request was rejected because the token had no internal identifier.

The token '{Identifier}' was not revoked because it couldn't be found.

The token '{Identifier}' was not revoked because it couldn't be found.

The end session request was successfully extracted: {Request}.

The end session request was successfully extracted: {Request}.

The end session request was successfully validated.

The end session request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {PostLogoutRedirectUri}.

The end session request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {PostLogoutRedirectUri}.

The end session request was rejected because the '{Parameter}' contained a URI fragment: {PostLogoutRedirectUri}.

The end session request was rejected because the '{Parameter}' contained a URI fragment: {PostLogoutRedirectUri}.

The end session request was rejected because the specified post_logout_redirect_uri was invalid: {PostLogoutRedirectUri}.

The end session request was rejected because the specified post_logout_redirect_uri was invalid: {PostLogoutRedirectUri}.

The userinfo request was successfully extracted: {Request}.

The userinfo request was successfully extracted: {Request}.

The userinfo request was successfully validated.

The userinfo request was rejected because the mandatory '{Parameter}' parameter was missing.

The userinfo request was rejected because the mandatory '{Parameter}' parameter was missing.

An exception was thrown by {HandlerName} while handling the {EventName} event.

An exception was thrown by {HandlerName} while handling the {EventName} event.

The event {EventName} was successfully processed by {HandlerName}.

The event {EventName} was successfully processed by {HandlerName}.

The event {EventName} was marked as handled by {HandlerName}.

The event {EventName} was marked as handled by {HandlerName}.

The event {EventName} was marked as skipped by {HandlerName}.

The event {EventName} was marked as skipped by {HandlerName}.

The event {EventName} was marked as rejected by {HandlerName}.

The event {EventName} was marked as rejected by {HandlerName}.

The request was rejected because an invalid HTTP method was specified: {Method}.

The request was rejected because an invalid HTTP method was specified: {Method}.

The request was rejected because the mandatory '{Header}' header was missing.

The request was rejected because the mandatory '{Header}' header was missing.

The request was rejected because an invalid '{Header}' header was specified: {Value}.

The request was rejected because an invalid '{Header}' header was specified: {Value}.

The request was rejected because multiple client credentials were specified.

The response was successfully returned as a challenge response: {Response}.

The response was successfully returned as a challenge response: {Response}.

The response was successfully returned as a JSON document: {Response}.

The response was successfully returned as a JSON document: {Response}.

The response was successfully returned as a plain-text document: {Response}.

The response was successfully returned as a plain-text document: {Response}.

The response was successfully returned as a 302 response.

The response was successfully returned as an empty 200 response.

The authorization request was rejected because an unknown or invalid '{Parameter}' was specified.

The authorization request was rejected because an unknown or invalid '{Parameter}' was specified.

The authorization response was successfully returned to '{RedirectUri}' using the form post response mode: {Response}.

The authorization response was successfully returned to '{RedirectUri}' using the form post response mode: {Response}.

The authorization response was successfully returned to '{RedirectUri}' using the query response mode: {Response}.

The authorization response was successfully returned to '{RedirectUri}' using the query response mode: {Response}.

The authorization response was successfully returned to '{RedirectUri}' using the fragment response mode: {Response}.

The authorization response was successfully returned to '{RedirectUri}' using the fragment response mode: {Response}.

The end session request was rejected because an unknown or invalid '{Parameter}' was specified.

The end session request was rejected because an unknown or invalid '{Parameter}' was specified.

The end session response was successfully returned to '{PostLogoutRedirectUri}': {Response}.

The end session response was successfully returned to '{PostLogoutRedirectUri}': {Response}.

The ASP.NET Core Data Protection token '{Token}' was successfully validated and the following claims could be extracted: {Claims}.

The ASP.NET Core Data Protection token '{Token}' was successfully validated and the following claims could be extracted: {Claims}.

An exception occured while deserializing the token '{Token}'.

An exception occured while deserializing the token '{Token}'.

The token '{Token}' was successfully introspected and the following claims could be extracted: {Claims}.

The token '{Token}' was successfully introspected and the following claims could be extracted: {Claims}.

An error occurred while introspecting the token.

The authentication demand was rejected because the token was expired.

The authentication demand was rejected because the token had no audience attached.

The authentication demand was rejected because the token had no valid audience.

Client authentication cannot be enforced for public applications.

Client authentication failed for {ClientId} because no client secret was associated with the application.

Client authentication failed for {ClientId} because no client secret was associated with the application.

Client authentication failed for {ClientId}.

Client authentication failed for {ClientId}.

Client validation failed because '{RedirectUri}' was not a valid redirect_uri for {Client}.

Client validation failed because '{RedirectUri}' was not a valid redirect_uri for {Client}.

An error occurred while trying to verify a client secret. This may indicate that the hashed entry is corrupted or malformed.

The authorization '{Identifier}' was successfully revoked.

The authorization '{Identifier}' was successfully revoked.

A concurrency exception occurred while trying to revoke the authorization '{Identifier}'.

A concurrency exception occurred while trying to revoke the authorization '{Identifier}'.

An exception occurred while trying to revoke the authorization '{Identifier}'.

An exception occurred while trying to revoke the authorization '{Identifier}'.

A signing key of type '{Type}' was ignored because its EC curve couldn't be inferred.

A signing key of type '{Type}' was ignored because its EC curve couldn't be inferred.

The token '{Identifier}' was successfully marked as redeemed.

The token '{Identifier}' was successfully marked as redeemed.

A concurrency exception occurred while trying to redeem the token '{Identifier}'.

A concurrency exception occurred while trying to redeem the token '{Identifier}'.

An exception occurred while trying to redeem the token '{Identifier}'.

An exception occurred while trying to redeem the token '{Identifier}'.

The token '{Identifier}' was successfully marked as rejected.

The token '{Identifier}' was successfully marked as rejected.

A concurrency exception occurred while trying to reject the token '{Identifier}'.

A concurrency exception occurred while trying to reject the token '{Identifier}'.

An exception occurred while trying to reject the token '{Identifier}'.

An exception occurred while trying to reject the token '{Identifier}'.

The token '{Identifier}' was successfully revoked.

The token '{Identifier}' was successfully revoked.

A concurrency exception occurred while trying to revoke the token '{Identifier}'.

A concurrency exception occurred while trying to revoke the token '{Identifier}'.

An exception occurred while trying to revoke the token '{Identifier}'.

An exception occurred while trying to revoke the token '{Identifier}'.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the '{ResponseType}' response type.

The authorization request was rejected because the application '{ClientId}' was not allowed to use the '{ResponseType}' response type.

The redirection request was successfully extracted: {Request}.

The redirection request was successfully extracted: {Request}.

The redirection request was successfully validated.

The authorization request was rejected because the '{Parameter}' contained a forbidden parameter: {Name}.

The authorization request was rejected because the '{Parameter}' contained a forbidden parameter: {Name}.

A network error occured while communicating with the remote HTTP server.

An invalid JSON payload was returned by the remote HTTP server: {Payload}.

An invalid JSON payload was returned by the remote HTTP server: {Payload}.

A generic {StatusCode} response was returned by the remote HTTP server: {Payload}.

A generic {StatusCode} response was returned by the remote HTTP server: {Payload}.

An unsupported {StatusCode} response was returned by the remote HTTP server: {ContentType} {Payload}.

An unsupported {StatusCode} response was returned by the remote HTTP server: {ContentType} {Payload}.

The configuration request was successfully sent to {Uri}: {Request}.

The configuration request was successfully sent to {Uri}: {Request}.

The configuration response returned by {Uri} was successfully extracted: {Response}.

The configuration response returned by {Uri} was successfully extracted: {Response}.

The JSON Web Key Set request was successfully sent to {Uri}: {Request}.

The JSON Web Key Set request was successfully sent to {Uri}: {Request}.

The JSON Web Key Set response returned by {Uri} was successfully extracted: {Response}.

The JSON Web Key Set response returned by {Uri} was successfully extracted: {Response}.

The introspection request was successfully sent to {Uri}: {Request}.

The introspection request was successfully sent to {Uri}: {Request}.

The introspection response returned by {Uri} was successfully extracted: {Response}.

The introspection response returned by {Uri} was successfully extracted: {Response}.

The token request was successfully sent to {Uri}: {Request}.

The token request was successfully sent to {Uri}: {Request}.

The token response returned by {Uri} was successfully extracted: {Response}.

The token response returned by {Uri} was successfully extracted: {Response}.

The userinfo request was successfully sent to {Uri}: {Request}.

The userinfo request was successfully sent to {Uri}: {Request}.

The userinfo response returned by {Uri} was successfully extracted: {Response}.

The userinfo response returned by {Uri} was successfully extracted: {Response}.

The authorization request was rejected because the identity token used as a hint was issued to a different client.

The end session request was rejected because the identity token used as a hint was issued to a different client.

The post-logout redirection request was successfully extracted: {Request}.

The post-logout redirection request was successfully extracted: {Request}.

The post-logout redirection request was successfully validated.

Client validation failed because '{PostLogoutRedirectUri}' was not a valid post_logout_redirect_uri for {Client}.

Client validation failed because '{PostLogoutRedirectUri}' was not a valid post_logout_redirect_uri for {Client}.

The configuration request was rejected by the remote authorization server: {Response}.

The configuration request was rejected by the remote authorization server: {Response}.

The JSON Web Key Set request was rejected by the remote authorization server: {Response}.

The JSON Web Key Set request was rejected by the remote authorization server: {Response}.

The introspection request was rejected by the remote authorization server: {Response}.

The introspection request was rejected by the remote authorization server: {Response}.

The token request was rejected by the remote authorization server: {Response}.

The token request was rejected by the remote authorization server: {Response}.

The userinfo request was rejected by the remote authorization server: {Response}.

The userinfo request was rejected by the remote authorization server: {Response}.

The authorization request was rejected by the remote authorization server: {Response}.

The authorization request was rejected by the remote authorization server: {Response}.

The request forgery protection is missing or doesn't contain the expected value, which may indicate a session fixation attack.

The nonce claim present in the frontchannel identity token doesn't contain the expected value, which may indicate a replay or token injection attack.

The nonce claim present in the backchannel identity doesn't contain the expected value, which may indicate a replay or token injection attack.

The authorization request was rejected because the '{ResponseType}' response type is not a valid combination.

The authorization request was rejected because the '{ResponseType}' response type is not a valid combination.

An error occurred while handling an inter-process message.

An error occurred while handling an HTTP listener request.

An error occurred while redirecting a protocol activation to the '{Identifier}' instance.

An error occurred while redirecting a protocol activation to the '{Identifier}' instance.

The device authorization request was rejected by the remote authorization server: {Response}.

The device authorization request was rejected by the remote authorization server: {Response}.

The device authorization request was successfully sent to {Uri}: {Request}.

The device authorization request was successfully sent to {Uri}: {Request}.

The device authorization response returned by {Uri} was successfully extracted: {Response}.

The device authorization response returned by {Uri} was successfully extracted: {Response}.

An error occurred while retrieving the configuration of the remote authorization server.

The authentication demand was rejected because the mandatory '{Parameter}' parameter was missing.

The authentication demand was rejected because the mandatory '{Parameter}' parameter was missing.

The authentication demand was rejected because the client application was not found: '{ClientId}'.

The authentication demand was rejected because the client application was not found: '{ClientId}'.

The authentication demand was rejected because the public client application '{ClientId}' was not allowed to use the client credentials grant.

The authentication demand was rejected because the public client application '{ClientId}' was not allowed to use the client credentials grant.

The authentication demand was rejected because the public application '{ClientId}' was not allowed to send a client secret.

The authentication demand was rejected because the public application '{ClientId}' was not allowed to send a client secret.

The authentication demand was rejected because the confidential application '{ClientId}' didn't specify a client secret or a client assertion.

The authentication demand was rejected because the confidential application '{ClientId}' didn't specify a client secret or a client assertion.

The authentication demand was rejected because the confidential application '{ClientId}' didn't specify valid client credentials.

The authentication demand was rejected because the confidential application '{ClientId}' didn't specify valid client credentials.

The authentication demand was rejected because the public application '{ClientId}' was not allowed to send a client assertion.

The authentication demand was rejected because the public application '{ClientId}' was not allowed to send a client assertion.

The request was rejected because the '{Method}' client authentication method that was used by the client application is not enabled in the server options.

The request was rejected because the '{Method}' client authentication method that was used by the client application is not enabled in the server options.

{Count} tokens associated with the authorization '{Identifier}' were revoked to prevent a potential token replay attack.

{Count} tokens associated with the authorization '{Identifier}' were revoked to prevent a potential token replay attack.

An error occurred while trying to revoke the tokens associated with the authorization '{Identifier}'.

An error occurred while trying to revoke the tokens associated with the authorization '{Identifier}'.

The revocation request was rejected by the remote authorization server: {Response}.

The revocation request was rejected by the remote authorization server: {Response}.

An error was returned by ASWebAuthenticationSession while trying to start a challenge operation.

An error was returned by ASWebAuthenticationSession while trying to start a sign-out operation.

The authorization request was rejected because an unsupported prompt parameter was specified.

The pushed authorization request was rejected by the remote authorization server: {Response}.

The pushed authorization request was rejected by the remote authorization server: {Response}.

The pushed authorization request was successfully sent to {Uri}: {Request}.

The pushed authorization request was successfully sent to {Uri}: {Request}.

The pushed authorization response returned by {Uri} was successfully extracted: {Response}.

The pushed authorization response returned by {Uri} was successfully extracted: {Response}.

The pushed authorization request was successfully extracted: {Request}.

The pushed authorization request was successfully extracted: {Request}.

The pushed authorization request was successfully validated.

The pushed authorization request was rejected because it contained an unsupported parameter: {Parameter}.

The pushed authorization request was rejected because it contained an unsupported parameter: {Parameter}.

The pushed authorization request was rejected because the mandatory '{Parameter}' parameter was missing.

The pushed authorization request was rejected because the mandatory '{Parameter}' parameter was missing.

The pushed authorization request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {RedirectUri}.

The pushed authorization request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {RedirectUri}.

The pushed authorization request was rejected because the '{Parameter}' contained a URI fragment: {RedirectUri}.

The pushed authorization request was rejected because the '{Parameter}' contained a URI fragment: {RedirectUri}.

The pushed authorization request was rejected because the '{ResponseType}' response type is not supported.

The pushed authorization request was rejected because the '{ResponseType}' response type is not supported.

The pushed authorization request was rejected because the 'response_type'/'response_mode' combination was invalid: {ResponseType} ; {ResponseMode}.

The pushed authorization request was rejected because the 'response_type'/'response_mode' combination was invalid: {ResponseType} ; {ResponseMode}.

The pushed authorization request was rejected because the '{ResponseMode}' response mode is not supported.

The pushed authorization request was rejected because the '{ResponseMode}' response mode is not supported.

The pushed authorization request was rejected because the '{Scope}' scope was missing.

The pushed authorization request was rejected because the '{Scope}' scope was missing.

The pushed authorization request was rejected because an invalid prompt combination was specified.

The pushed authorization request was rejected because the specified code challenge method was not supported.

The pushed authorization request was rejected because the response type was not compatible with 'code_challenge'/'code_challenge_method'.

The pushed authorization request was rejected because the specified response type was not compatible with PKCE.

The pushed authorization request was rejected because the confidential application '{ClientId}' was not allowed to retrieve an access token from the authorization endpoint.

The pushed authorization request was rejected because the confidential application '{ClientId}' was not allowed to retrieve an access token from the authorization endpoint.

The pushed authorization request was rejected because the redirect_uri was invalid: '{RedirectUri}'.

The pushed authorization request was rejected because the redirect_uri was invalid: '{RedirectUri}'.

The authentication request was rejected because invalid scopes were specified: {Scopes}.

The authentication request was rejected because invalid scopes were specified: {Scopes}.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the pushed authorization endpoint.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the pushed authorization endpoint.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization code flow.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization code flow.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the implicit flow.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the implicit flow.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the hybrid flow.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the hybrid flow.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the '{Scope}' scope.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the '{Scope}' scope.

The pushed authorization request was rejected because the '{Parameter}' contained a forbidden parameter: {Name}.

The pushed authorization request was rejected because the '{Parameter}' contained a forbidden parameter: {Name}.

The pushed authorization request was rejected because the '{ResponseType}' response type is not a valid combination.

The pushed authorization request was rejected because the '{ResponseType}' response type is not a valid combination.

The pushed authorization request was rejected because an unsupported prompt parameter was specified.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the '{ResponseType}' response type.

The pushed authorization request was rejected because the application '{ClientId}' was not allowed to use the '{ResponseType}' response type.

The pushed authorization request was rejected because the identity token used as a hint was issued to a different client.

https://documentation.openiddict.com/errors/{0}

https://documentation.openiddict.com/errors/{0}

Removes orphaned tokens and authorizations from the database.

Starts the scheduled task at regular intervals.

OpenIddict job

Built-in automatic trigger

OpenIddict/Quartz.NET integration

Provides a shared entry point allowing to configure the OpenIddict services.

Initializes a new instance of .

The services collection.

Gets the services collection.

Exposes extensions allowing to register the OpenIddict services.

Provides a common entry point for registering the OpenIddict services.

The services collection. This extension can be safely called multiple times. The instance.

Provides a common entry point for registering the OpenIddict services.

The services collection. The configuration delegate used to register new services. This extension can be safely called multiple times. The .