Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Configuration.AuthenticationOptions
Assembly: Duende.IdentityServer
Inheritance: object → AuthenticationOptions
Configures login, logout, and cookie behavior for interactive users.
Properties
public
string
CookieAuthenticationScheme
Gets or sets the cookie authentication scheme used for interactive users. When not set, the scheme is
inferred from the host's default authentication scheme.
Remarks This setting is typically needed when <c>AddPolicyScheme</c> is used as the default
authentication scheme in the host application, so that IdentityServer can resolve the
correct underlying cookie scheme.
public
System.TimeSpan
CookieLifetime
Gets or sets the lifetime of the authentication cookie. Only effective when the IdentityServer-provided
cookie handler is used.
Remarks Defaults to 10 hours ( <see cref="F:Duende.IdentityServer.Constants.DefaultCookieTimeSpan" /> ).
public
bool
CookieSlidingExpiration
Gets or sets a value indicating whether the authentication cookie uses sliding expiration. Only effective when
the IdentityServer-provided cookie handler is used.
Remarks Defaults to <c>false</c> . When <c>true</c> , the cookie expiration is reset on each
authenticated request, keeping active users logged in.
CookieSameSiteMode
Gets or sets the <c>SameSite</c> mode applied to internal authentication and temporary cookies.
Remarks Defaults to <see cref="F:Microsoft.AspNetCore.Http.SameSiteMode.None" /> , which is required for cross-site scenarios
such as iframes used by the check-session endpoint.
public
bool
RequireAuthenticatedUserForSignOutMessage
Gets or sets a value indicating whether the user must be authenticated before IdentityServer will accept sign-out
parameters on the end-session endpoint.
Remarks Defaults to <c>false</c> . When <c>true</c> , unauthenticated requests to the end-session
endpoint will not process logout parameters such as <c>id_token_hint</c> .
public
string
CheckSessionCookieName
Gets or sets the name of the cookie used by the check-session endpoint to track the user's session state.
Remarks Defaults to <see cref="F:Duende.IdentityServer.IdentityServerConstants.DefaultCheckSessionCookieName" />
( <c>"idsrv.session"</c> ).
public
string
CheckSessionCookieDomain
Gets or sets the domain of the cookie used by the check-session endpoint.
Remarks Defaults to <c>null</c> , which means the cookie is scoped to the current host.
CheckSessionCookieSameSiteMode
Gets or sets the <c>SameSite</c> mode of the cookie used by the check-session endpoint.
Remarks Defaults to <see cref="F:Microsoft.AspNetCore.Http.SameSiteMode.None" /> to support cross-origin iframe-based
session monitoring.
public
bool
RequireCspFrameSrcForSignout
Gets or sets a value indicating whether Content Security Policy headers on the end-session endpoint are enabled.
Remarks Defaults to <c>true</c> . When enabled, the end-session endpoint emits CSP headers
including <c>default-src 'none'</c> , a <c>style-src</c> with the expected style hash,
and additional fetch directives. Despite the property name referencing <c>frame-src</c> ,
the full set of CSP fetch directives is applied.
public
bool
CoordinateClientLifetimesWithUserSession
Gets or sets a value indicating whether all clients' token lifetimes are tied to the user's session lifetime at IdentityServer.
Remarks Defaults to <c>false</c> . When enabled, logging out revokes all revocable tokens
(e.g., refresh tokens) for the user. When server-side sessions are also used, expired
sessions trigger token revocation and back-channel logout. Individual clients can override
this behavior via their own <c>CoordinateLifetimeWithUserSession</c> setting.
Methods
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object