Microsoft.IdentityModel.Tokens Namespace
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Classes
| AppCompatSwitches |
Identifiers used for switching between different app compat behaviors within the Microsoft.IdentityModel libraries. |
| AsymmetricSecurityKey |
Base class for a SecurityKey that contains Asymmetric key material. |
| AsymmetricSignatureProvider |
Provides signature and verification operations for Asymmetric Algorithms using a SecurityKey. |
| AuthenticatedEncryptionProvider |
Provides authenticated encryption and decryption services. |
| AuthenticatedEncryptionResult |
Contains the results of Encrypt(Byte[], Byte[]) operation. |
| Base64UrlEncoder |
Encodes and Decodes strings as base64url encoding. |
| BaseConfiguration |
Represents a generic metadata configuration which is applicable for both XML and JSON based configurations. |
| BaseConfigurationManager |
Represents a generic configuration manager. |
| CallContext |
An opaque context used to store work when working with authentication artifacts. |
| CaseSensitiveClaimsIdentity |
A derived ClaimsIdentity where claim retrieval is case-sensitive. The current ClaimsIdentity retrieves claims in a case-insensitive manner which is different than querying the underlying SecurityToken. The CaseSensitiveClaimsIdentity provides consistent retrieval logic between the SecurityToken and ClaimsIdentity. |
| CompressionAlgorithms |
Constants for compression algorithms. |
| CompressionProviderFactory |
Compression provider factory for compression and decompression. |
| CryptoProviderCache |
Abstract definition of a cache for cryptographic providers. |
| CryptoProviderCacheOptions |
Specifies the CryptoProviderCacheOptions which can be used to configure the internal cryptoprovider cache. We are using our own simple LRU caching implementation across all targets. See Microsoft.IdentityModel.Tokens.EventBasedLRUCache`2 for more details. |
| CryptoProviderFactory |
Creates cryptographic operators by specifying a SecurityKey's and algorithms. |
| DateTimeUtil |
Utility class for performing operations involving DateTime and TimeSpan. |
| DeflateCompressionProvider |
A compression provider that supports compression and decompression using the Deflate algorithm. |
| EcdhKeyExchangeProvider |
Provides a Security Key that can be used as Content Encryption Key (CEK) for use with a JWE |
| ECDsaSecurityKey |
Represents a ECDsa security key. |
| EncryptingCredentials |
A class for properties that are used for token encryption. |
| EpochTime |
Returns the absolute DateTime or the Seconds since Unix Epoch, where Epoch is UTC 1970-01-01T0:0:0Z. |
| InMemoryCryptoProviderCache |
Defines a cache for crypto providers. Current support is limited to SignatureProvider only. |
| JsonWebAlgorithmsKeyTypes |
Constants for JsonWebAlgorithms "kty" Key Type (sec 6.1) https://datatracker.ietf.org/doc/html/rfc7518#section-6.1 |
| JsonWebKey |
Represents a JSON Web Key as defined in https://datatracker.ietf.org/doc/html/rfc7517. |
| JsonWebKeyConverter |
Converts a SecurityKey into a JsonWebKey Supports: converting to a JsonWebKey from one of: RsaSecurityKey, X509SecurityKey, and SymmetricSecurityKey. |
| JsonWebKeyECTypes |
Constants for JsonWebKey Elliptical Curve Types https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.1 |
| JsonWebKeyParameterNames |
JsonWebKey parameter names see: https://datatracker.ietf.org/doc/html/rfc7517 |
| JsonWebKeySet |
Contains a collection of JsonWebKey that can be populated from a json string. |
| JsonWebKeySetParameterNames |
Names for Json Web Key Set Values |
| JsonWebKeyUseNames |
Constants for JsonWebKeyUse (sec 4.2) https://datatracker.ietf.org/doc/html/rfc7517#section-4.2 |
| KeyWrapProvider |
Provides Wrap and Unwrap key services. |
| RsaKeyWrapProvider |
Provides RSA Wrap key and Unwrap key services. |
| RsaSecurityKey |
Represents a Rsa security key. |
| SecurityAlgorithms |
Constants for Security Algorithm. |
| SecurityKey |
Base class for Security Key. |
| SecurityKeyIdentifierClause |
Contains information about the keys inside the tokens. |
| SecurityToken |
Base class for security token. |
| SecurityTokenArgumentException |
Throw this exception when a received SecurityToken has invalid arguments. |
| SecurityTokenCompressionFailedException |
Thrown when JWE compression fails. |
| SecurityTokenDecompressionFailedException |
Thrown when JWE decompression fails. |
| SecurityTokenDecryptionFailedException |
Represents a security token exception when decryption failed. |
| SecurityTokenDescriptor |
Contains some information which used to create a security token. |
| SecurityTokenEncryptionFailedException |
Represents a security token exception when encryption failed. |
| SecurityTokenEncryptionKeyNotFoundException |
This exception is thrown when a security token contained a key identifier but the key was not found by the runtime when decrypting a token. |
| SecurityTokenException |
Represents a security token exception. |
| SecurityTokenExpiredException |
Throw this exception when a received Security Token has expiration time in the past. |
| SecurityTokenHandler |
Defines the interface for a Security Token Handler. |
| SecurityTokenInvalidAlgorithmException |
This exception is thrown when a cryptographic algorithm is invalid. |
| SecurityTokenInvalidAudienceException |
This exception is thrown when 'audience' of a token was not valid. |
| SecurityTokenInvalidCloudInstanceException |
This exception is thrown when the cloud instance of the signing key was not matched with the cloud instance from configuration. |
| SecurityTokenInvalidIssuerException |
This exception is thrown when 'issuer' of a token was not valid. |
| SecurityTokenInvalidLifetimeException |
This exception is thrown when 'lifetime' of a token was not valid. |
| SecurityTokenInvalidSignatureException |
This exception is thrown when 'signature' of a token was not valid. |
| SecurityTokenInvalidSigningKeyException |
Throw this exception when a received Security Token has an invalid issuer signing key. |
| SecurityTokenInvalidTypeException |
This exception is thrown when the token type ('typ' header claim) of a JWT token is invalid. |
| SecurityTokenKeyWrapException |
Represents a key wrap exception when encryption failed. |
| SecurityTokenMalformedException |
Represents a SecurityToken exception when the token is malformed. |
| SecurityTokenNoExpirationException |
This exception is thrown when a security is missing an ExpirationTime. |
| SecurityTokenNotYetValidException |
Throw this exception when a received Security token has an effective time in the future. |
| SecurityTokenReplayAddFailedException |
This exception is thrown when an add to the TokenReplayCache fails. |
| SecurityTokenReplayDetectedException |
Throw this exception when a received Security Token has been replayed. |
| SecurityTokenSignatureKeyNotFoundException |
This exception is thrown when a security token contained a key identifier but the key was not found by the runtime. |
| SecurityTokenUnableToValidateException |
This exception is thrown when a security token contained a key identifier but the key was not found by the runtime and when validation errors exist over the security token. This exception is not intended to be used as a signal to refresh keys. |
| SecurityTokenValidationException |
Represents a security token validation exception. |
| SignatureProvider |
Provides signature services, signing and verifying. |
| SigningCredentials |
Defines the SecurityKey, algorithm and digest for digital signatures. |
| SymmetricKeyWrapProvider |
Provides Wrap and Unwrap key services. |
| SymmetricSecurityKey |
Represents a symmetric security key. |
| SymmetricSignatureProvider |
Provides signing and verifying operations using a SymmetricSecurityKey and specifying an algorithm. |
| TokenContext |
An opaque context used to store work when working with authentication artifacts. |
| TokenHandler |
Defines properties shared across all security token handlers. |
| TokenValidationParameters |
Contains a set of parameters that are used by a SecurityTokenHandler when validating a SecurityToken. |
| TokenValidationResult |
Contains artifacts obtained when a SecurityToken is validated. A SecurityTokenHandler returns an instance that captures the results of validating a token. |
| UniqueId |
Generates unique IDs. |
| Utility |
Contains some utility methods. |
| Validators |
Partial class for Audience Validation. |
| X509EncryptingCredentials |
An X509EncryptingCredentials designed to construct EncryptingCredentials based on a x509 certificate. |
| X509SecurityKey |
An AsymmetricSecurityKey that is backed by a X509Certificate2 |
| X509SigningCredentials |
Defines the X509Certificate2, algorithm and digest for digital signatures. |
Interfaces
| ICompressionProvider |
Provides methods for compressing and decompressing data. |
| ICryptoProvider |
Provides extensibility for cryptographic operators. If custom operators are needed, CustomCryptoProvider can be set to return these operators. This property will be checked before each creation. |
| ISecurityTokenValidator |
ISecurityTokenValidator |
| ITokenReplayCache |
Interface that defines a simple cache for tacking replaying of security tokens. |
Enums
| PrivateKeyStatus |
Enum for the existence of private key |
| ValidationFailure |
The reason for being unable to validate |
Delegates
| AlgorithmValidator |
Validates the cryptographic algorithm used. |
| AudienceValidator |
Validates the audiences found in the security token. |
| IssuerSigningKeyResolver |
Resolves the signing key used for validating a token's signature. |
| IssuerSigningKeyResolverUsingConfiguration |
Resolves the signing key using additional configuration. |
| IssuerSigningKeyValidator |
Validates the signing key used for the security token. |
| IssuerSigningKeyValidatorUsingConfiguration |
Validates the signing key using additional configuration. |
| IssuerValidator |
Validates the issuer of the security token. |
| IssuerValidatorUsingConfiguration |
Validates the issuer using additional configuration. |
| LifetimeValidator |
Validates the lifetime of the security token. |
| SignatureValidator |
Validates the signature of the security token. |
| SignatureValidatorUsingConfiguration |
Validates the signature using additional configuration. |
| TokenDecryptionKeyResolver |
Resolves the decryption key for the security token. |
| TokenReader |
Reads the security token. |
| TokenReplayValidator |
Validates the replay of the security token. |
| TransformBeforeSignatureValidation |
Transforms the security token before signature validation. |
| TypeValidator |
Validates the type of the security token. |