Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

class Duende.​IdentityServer.​Configuration.​IdentityServerOptions

Assembly: Duende.IdentityServer

Inheritance: object → IdentityServerOptions

The IdentityServerOptions class is the top level container for all configuration settings of IdentityServer.

Properties

public string
IssuerUri
Gets or sets the unique name of this server instance, e.g. https://myissuer.com. If not set, the issuer name is inferred from the request
public bool
LowerCaseIssuerUri
Set to false to preserve the original casing of the IssuerUri. Defaults to true.
public string
AccessTokenJwtType
Gets or sets the value for the JWT typ header for access tokens.
public string
LogoutTokenJwtType
Gets or sets the value for the JWT typ header for logout tokens.
public bool
EmitStaticAudienceClaim
Emits an aud claim with the format issuer/resources. That's needed for some older access token validation plumbing. Defaults to false.
public bool
EmitScopesAsSpaceDelimitedStringInJwt
Specifies whether scopes in JWTs are emitted as array or string
public bool
EmitIssuerIdentificationResponseParameter
Specifies whether authorize responses contain the iss parameter (https://www.rfc-editor.org/rfc/rfc9207.html)
public bool
EmitStateHash
Specifies whether the s_hash claim gets emitted in identity tokens. Defaults to false.
public bool
StrictJarValidation
Specifies whether the JWT typ and content-type for JWT secured authorization requests is checked according to IETF spec. This might break older OIDC conformant request objects.
public bool
ValidateTenantOnAuthorization
Specifies if a user's tenant claim is compared to the tenant acr_values parameter value to determine if the login page is displayed. Defaults to false.
Endpoints
Gets or sets the endpoint configuration.
Discovery
Gets or sets the discovery endpoint configuration.
Authentication
Gets or sets the authentication options.
public EventsOptions
Events
Gets or sets the events options.
InputLengthRestrictions
Gets or sets the max input length restrictions.
UserInteraction
Gets or sets the options for the user interaction.
Caching
Gets or sets the caching options.
public CorsOptions
Cors
Gets or sets the cors options.
public CspOptions
Csp
Gets or sets the Content Security Policy options.
Validation
Gets or sets the validation options.
DeviceFlow
Gets or sets the device flow options.
public CibaOptions
Ciba
Gets or sets the CIBA options.
Logging
Gets or sets the logging options
MutualTls
Gets or sets the mutual TLS options.
KeyManagement
Gets or sets the signing key management options.
PersistentGrants
Options for persisted grants.
public DPoPOptions
DPoP
Options for DPoP.
public string
LicenseKey
Gets or sets the license key.
DynamicProviders
Options for dynamic external providers.
ServerSideSessions
Options for server-side sessions.
PushedAuthorization
Options for Pushed Authorization Requests (PAR).
JwtValidationClockSkew
The allowed clock skew for JWT lifetime validation. This setting controls the clock skew of lifetime validation for all JWTs except DPoP proofs, including <list type="bullet"> <item>JWT access tokens passed to the user info, introspection, and local api endpoints</item> <item>Authentication JWTs used in private_key_jwt authentication</item> <item> JWT secured authorization requests (JAR request objects)</item> <item> Custom usage of the <see cref="T:Duende.IdentityServer.Validation.TokenValidator" />, such as in a token exchange implementation.</item> </list> Defaults to five minutes.
SupportedRequestObjectSigningAlgorithms
<para> Specifies the allowed signature algorithms for JWT secured authorization requests (JAR). The "alg" header of JAR request objects is validated against this collection, and the request_object_signing_alg_values_supported discovery property is populated with these values. </para> <para> Defaults to [RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512], which allows the RSA, Probabilistic RSA, or ECDSA signing algorithms with 256, 384, or 512-bit SHA hashing. </para> <para> If set to an empty collection, all algorithms are allowed, but the request_object_signing_alg_values_supported will not be set. Explicitly listing the expected values is recommended. </para>
SupportedClientAssertionSigningAlgorithms
<para> Specifies the allowed signature algorithms for client authentication using client assertions (the private_key_jwt parameter). The "alg" header of client assertions is validated against this collection, and the token_endpoint_auth_signing_alg_values_supported discovery property is populated with these values. </para> <para> Defaults to [RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512], which allows the RSA, Probabilistic RSA, or ECDSA signing algorithms with 256, 384, or 512-bit SHA hashing. </para> <para> If set to an empty collection, all algorithms are allowed, but the token_endpoint_auth_signing_alg_values_supported will not be set. Explicitly listing the expected values is recommended. </para>
Preview
Gets or sets the options for enabling and configuring preview features in the server. Preview features provide access to experimental or in-progress functionality that may undergo further changes before being finalized.
Diagnostics
Options that control the diagnostic data that is logged by IdentityServer.

Methods

public bool
Equals​(object obj)
Inherited from object
protected void
Finalize​()
Inherited from object
public int
GetHashCode​()
Inherited from object
GetType​()
Inherited from object
protected object
MemberwiseClone​()
Inherited from object
public string
ToString​()
Inherited from object