Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Configuration.DPoPOptions
Assembly: Duende.IdentityServer
Inheritance: object → DPoPOptions
Settings for Demonstration of Proof-of-Possession (DPoP), which enables sender-constrained access tokens that are cryptographically bound to a client's key pair.
Properties
public
System.TimeSpan
ProofTokenValidityDuration
Gets or sets how long a DPoP proof token is considered valid after it is issued.
Remarks Defaults to 1 minute. DPoP proof tokens are short-lived by design to prevent replay
attacks. This window must be wide enough to account for clock differences between the
client and server; see also <see cref="P:Duende.IdentityServer.Configuration.DPoPOptions.ServerClockSkew" /> .
public
System.TimeSpan
ServerClockSkew
Gets or sets the clock skew tolerance applied when validating the expiration of DPoP proof tokens that
use a server-generated nonce.
Remarks Defaults to zero. Increase this value if clients and the server have measurable clock
drift and server-generated nonces are in use.
public
System.Collections.Generic.ICollection<string>
SupportedDPoPSigningAlgorithms
<para>
Gets or sets the allowed signature algorithms for DPoP proof tokens. The "alg" headers of proofs
are validated against this collection, and the dpop_signing_alg_values_supported discovery property is populated
with these values.
</para> <para>
Defaults to [RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512], which allows the RSA, Probabilistic
RSA, or ECDSA signing algorithms with 256, 384, or 512-bit SHA hashing.
</para> <para>
If set to an empty collection, no algorithms will be accepted and all DPoP proofs will be rejected.
The dpop_signing_alg_values_supported discovery property will not be set. Explicitly listing the
expected values is recommended.
</para>
Methods
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object