Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Configuration.PushedAuthorizationOptions
Assembly: Duende.IdentityServer
Inheritance: object → PushedAuthorizationOptions
The Pushed Authorization Options.
Properties
public
bool
Required
Specifies whether pushed authorization requests are globally required.
Defaults to false.
Remarks There is also a per-client configuration flag in the Client
configuration. Pushed authorization is required for a client if either
this global configuration flag is enabled or if the flag is set for that
client.
public
int
Lifetime
Lifetime of pushed authorization requests in seconds.
The pushed authorization request's lifetime begins when the request to
the PAR endpoint is received, and is validated until the authorize
endpoint returns a response to the client application. Note that user
interaction, such as entering credentials or granting consent, may need
to occur before the authorize endpoint can do so. Setting the lifetime
too low will likely cause login failures for interactive users, if
pushed authorization requests expire before those users complete
authentication. Some security profiles, such as the FAPI 2.0 Security
Profile recommend an expiration within 10 minutes to prevent attackers
from pre-generating requests. To balance these constraints, the Lifetime
defaults to 10 minutes.
Remarks There is also a per-client configuration setting that takes
precedence over this global configuration.
public
bool
AllowUnregisteredPushedRedirectUris
Specifies whether clients may use redirect uris that were not previously
registered. Defaults to false.
Methods
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object