Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Configuration.PushedAuthorizationOptions
Assembly: Duende.IdentityServer
Inheritance: object → PushedAuthorizationOptions
Settings for Pushed Authorization Requests (PAR), which allow clients to push authorization parameters to IdentityServer before initiating the authorization flow.
Properties
public
bool
Required
Gets or sets a value indicating whether all clients are required to use Pushed Authorization Requests globally. When enabled, the
authorize endpoint will reject requests that were not previously pushed via the PAR
endpoint.
Remarks Defaults to <c>false</c> . Individual clients can also require PAR via their own
<c>RequirePushedAuthorization</c> configuration flag; PAR is required for a client if
either this global flag or the per-client flag is set.
public
int
Lifetime
Gets or sets the lifetime of pushed authorization requests, in seconds.
Remarks Defaults to 600 seconds (10 minutes). The lifetime begins when the PAR endpoint receives
the request and must cover the entire interactive login flow, including user interaction
such as entering credentials and granting consent. Setting this too low will cause login
failures for interactive users. Security profiles such as FAPI 2.0 recommend a maximum
of 10 minutes to limit the window for pre-generated request attacks. A per-client
configuration setting takes precedence over this global value.
public
bool
AllowUnregisteredPushedRedirectUris
Gets or sets a value indicating whether clients may use redirect URIs in pushed authorization requests that were not
previously registered.
Remarks Defaults to <c>false</c> . Enable with caution; allowing unregistered redirect URIs
reduces the protection that pre-registration provides against open redirect attacks.
Methods
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object