OpenIdConnectProtocolValidator Class

Definition

OpenIdConnectProtocolValidator is used to ensure that an OpenIdConnectMessage obtained using OpenID Connect is compliant with https://openid.net/specs/openid-connect-core-1_0.html.

public class OpenIdConnectProtocolValidator
type OpenIdConnectProtocolValidator = class
Public Class OpenIdConnectProtocolValidator
Inheritance
OpenIdConnectProtocolValidator

Constructors

OpenIdConnectProtocolValidator()

Creates a new instance of OpenIdConnectProtocolValidator,

Fields

DefaultNonceLifetime

Default for the how long the nonce is valid.

Properties

CryptoProviderFactory

Gets or sets the CryptoProviderFactory that will be used for crypto operations.

HashAlgorithmMap

Gets the algorithm mapping between OpenIdConnect and .Net for Hash algorithms. a IDictionary<TKey,TValue> that contains mappings from the JWT namespace https://datatracker.ietf.org/doc/html/rfc7518 to .NET.

IdTokenValidator

Gets or sets the delegate for validating 'id_token'.

NonceLifetime

Gets or set the TimeSpan defining how long a nonce is valid.

RequireAcr

Gets or sets a value indicating if an 'acr' claim is required.

RequireAmr

Gets or sets a value indicating if an 'amr' claim is required.

RequireAuthTime

Gets or sets a value indicating if an 'auth_time' claim is required.

RequireAzp

Gets or sets a value indicating if an 'azp' claim is required.

RequireNonce

Get or sets if a nonce is required.

RequireState

Gets or sets a value indicating if a 'state' is required.

RequireStateValidation

Gets or sets a value indicating if validation of 'state' is turned on or off.

RequireSub

Gets or sets a value indicating if a 'sub' claim is required.

RequireSubByDefault

Gets or sets a value for default RequreSub.

RequireTimeStampInNonce

Gets or set logic to control if a nonce is prefixed with a timestamp.

Methods

GenerateNonce()

Generates a value suitable to use as a nonce.

GetHashAlgorithm(String)

Returns a HashAlgorithm corresponding to string 'algorithm' after translation using HashAlgorithmMap.

ValidateAtHash(OpenIdConnectProtocolValidationContext)

Validates the 'token' according to https://openid.net/specs/openid-connect-core-1_0.html.

ValidateAuthenticationResponse(OpenIdConnectProtocolValidationContext)

Validates that an OpenID Connect response from 'authorization_endpoint" is valid as per https://openid.net/specs/openid-connect-core-1_0.html.

ValidateCHash(OpenIdConnectProtocolValidationContext)

Validates the 'code' according to https://openid.net/specs/openid-connect-core-1_0.html.

ValidateIdToken(OpenIdConnectProtocolValidationContext)

Validates the claims in the 'id_token' as per https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation.

ValidateNonce(OpenIdConnectProtocolValidationContext)

Validates that the JwtSecurityToken contains the nonce.

ValidateState(OpenIdConnectProtocolValidationContext)

Validates that the 'state' in message is valid.

ValidateTokenResponse(OpenIdConnectProtocolValidationContext)

Validates that an OpenID Connect response from "token_endpoint" is valid as per https://openid.net/specs/openid-connect-core-1_0.html.

ValidateUserInfoResponse(OpenIdConnectProtocolValidationContext)

Validates that an OpenIdConnect response from "useinfo_endpoint" is valid as per https://openid.net/specs/openid-connect-core-1_0.html.

Applies to