JwtBearerOptions Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Options class provides information needed to control Bearer Authentication handler behavior
public ref class JwtBearerOptions : Microsoft::AspNetCore::Authentication::AuthenticationSchemeOptionspublic class JwtBearerOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptionstype JwtBearerOptions = class
inherit AuthenticationSchemeOptionsPublic Class JwtBearerOptions
Inherits AuthenticationSchemeOptions- Inheritance
Constructors
| JwtBearerOptions() |
Initializes a new instance of JwtBearerOptions. |
Properties
| Audience |
Gets or sets a single valid audience value for any received OpenIdConnect token. This value is passed into TokenValidationParameters.ValidAudience if that property is empty. |
| Authority |
Gets or sets the Authority to use when making OpenIdConnect calls. |
| AutomaticRefreshInterval |
Gets or sets how often an automatic metadata refresh should occur. |
| Backchannel |
The Backchannel used to retrieve metadata. |
| BackchannelHttpHandler |
The HttpMessageHandler used to retrieve metadata. This cannot be set at the same time as BackchannelCertificateValidator unless the value is a WebRequestHandler. |
| BackchannelTimeout |
Gets or sets the timeout when using the backchannel to make an http call. |
| Challenge |
Gets or sets the challenge to put in the "WWW-Authenticate" header. |
| ClaimsIssuer |
Gets or sets the issuer that should be used for any claims that are created (Inherited from AuthenticationSchemeOptions) |
| Configuration |
Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties will not be used. This information should not be updated during request processing. |
| ConfigurationManager |
Responsible for retrieving, caching, and refreshing the configuration from metadata. If not provided, then one will be created using the MetadataAddress and Backchannel properties. |
| Events |
The object provided by the application to process events raised by the bearer authentication handler. The application may implement the interface fully, or it may create an instance of JwtBearerEvents and assign delegates only to the events it wants to process. |
| EventsType |
If set, will be used as the service type to get the Events instance instead of the property. (Inherited from AuthenticationSchemeOptions) |
| ForwardAuthenticate |
If set, this specifies the target scheme that this scheme should forward AuthenticateAsync calls to. For example Context.AuthenticateAsync("ThisScheme") => Context.AuthenticateAsync("ForwardAuthenticateValue"); Set the target to the current scheme to disable forwarding and allow normal processing. (Inherited from AuthenticationSchemeOptions) |
| ForwardChallenge |
If set, this specifies the target scheme that this scheme should forward ChallengeAsync calls to. For example Context.ChallengeAsync("ThisScheme") => Context.ChallengeAsync("ForwardChallengeValue"); Set the target to the current scheme to disable forwarding and allow normal processing. (Inherited from AuthenticationSchemeOptions) |
| ForwardDefault |
If set, this specifies a default scheme that authentication handlers should forward all authentication operations to by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result will be used as the target scheme to forward to. (Inherited from AuthenticationSchemeOptions) |
| ForwardDefaultSelector |
Used to select a default scheme for the current request that authentication handlers should forward all authentication operations to by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result will be used as the target scheme to forward to. (Inherited from AuthenticationSchemeOptions) |
| ForwardForbid |
If set, this specifies the target scheme that this scheme should forward ForbidAsync calls to. For example Context.ForbidAsync("ThisScheme") => Context.ForbidAsync("ForwardForbidValue"); Set the target to the current scheme to disable forwarding and allow normal processing. (Inherited from AuthenticationSchemeOptions) |
| ForwardSignIn |
If set, this specifies the target scheme that this scheme should forward SignInAsync calls to. For example Context.SignInAsync("ThisScheme") => Context.SignInAsync("ForwardSignInValue"); Set the target to the current scheme to disable forwarding and allow normal processing. (Inherited from AuthenticationSchemeOptions) |
| ForwardSignOut |
If set, this specifies the target scheme that this scheme should forward SignOutAsync calls to. For example Context.SignOutAsync("ThisScheme") => Context.SignOutAsync("ForwardSignOutValue"); Set the target to the current scheme to disable forwarding and allow normal processing. (Inherited from AuthenticationSchemeOptions) |
| IncludeErrorDetails |
Defines whether the token validation errors should be returned to the caller. Enabled by default, this option can be disabled to prevent the JWT handler from returning an error and an error_description in the WWW-Authenticate header. |
| MapInboundClaims |
Gets or sets the MapInboundClaims property on the default instance of JwtSecurityTokenHandler in SecurityTokenValidators, or JsonWebTokenHandler in TokenHandlers, which is used when determining whether or not to map claim types that are extracted when validating a JwtSecurityToken or a JsonWebToken. If this is set to true, the Claim Type is set to the JSON claim 'name' after translating using this mapping. Otherwise, no mapping occurs. The default value is true. |
| MetadataAddress |
Gets or sets the discovery endpoint for obtaining metadata |
| RefreshInterval |
Gets or sets the minimum time between retrievals, in the event that a retrieval failed, or that a refresh was explicitly requested. |
| RefreshOnIssuerKeyNotFound |
Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic recovery in the event of a signature key rollover. This is enabled by default. |
| RequireHttpsMetadata |
Gets or sets if HTTPS is required for the metadata address or authority. The default is true. This should be disabled only in development environments. |
| SaveToken |
Defines whether the bearer token should be stored in the AuthenticationProperties after a successful authorization. |
| SecurityTokenValidators |
Obsolete.
Gets the ordered list of ISecurityTokenValidator used to validate access tokens. |
| TimeProvider |
Used for testing. (Inherited from AuthenticationSchemeOptions) |
| TokenHandlers |
Gets the ordered list of TokenHandler used to validate access tokens. |
| TokenValidationParameters |
Gets or sets the parameters used to validate identity tokens. |
| UseSecurityTokenValidators |
Gets or sets whether TokenHandlers or SecurityTokenValidators will be used to validate the inbound token. |
Methods
| Validate() |
Check that the options are valid. Should throw an exception if things are not ok. (Inherited from AuthenticationSchemeOptions) |
| Validate(String) |
Checks that the options are valid for a specific scheme (Inherited from AuthenticationSchemeOptions) |
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for