Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
Duende.IdentityServer
OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
| Author | Duende Software |
| Version | 8.0.0 |
| Tags | OAuth 2.0 OpenID Connect Security Identity IdentityServer ASP.NET Core |
Public Types
Duende.IdentityServer
class IdentityServerConstants
class IdentityServerTools
Class for useful helpers for interacting with IdentityServer
class IdentityServerUser
Model properties of an IdentityServer user
interface IIdentityServerTools
Useful helpers for interacting with IdentityServer.
class ServiceProviderKeys
Keys used to resolve keyed services from dependency injection.
class Telemetry
Telemetry helpers
class Tracing
Constants for tracing
Duende.IdentityServer.Configuration
class AuthenticationOptions
Configures login, logout, and cookie behavior for interactive users.
class CachingOptions
Cache duration settings for client, resource, CORS, and identity provider store lookups.
These settings only apply when the respective caching has been enabled during service registration.
class CibaOptions
Settings for Client-Initiated Backchannel Authentication (CIBA), which allows clients to
initiate authentication out-of-band without a browser redirect.
class CorsOptions
CORS policy settings for IdentityServer's protocol endpoints. The underlying CORS
implementation is provided by ASP.NET Core and is automatically registered in the
dependency injection system.
class CryptoHelper
Crypto helper
class CspOptions
Settings for Content Security Policy (CSP) headers emitted by IdentityServer on its
interactive pages.
class DeviceFlowOptions
Settings for the OAuth 2.0 Device Authorization Grant (device flow), which allows
input-constrained devices to obtain tokens via a secondary device.
class DiagnosticOptions
Options that control the way that diagnostic data is logged.
class DiscoveryOptions
Settings for the OpenID Connect discovery document endpoint, including flags to control
which sections are included and support for custom entries.
class DPoPOptions
Settings for Demonstration of Proof-of-Possession (DPoP), which enables sender-constrained
access tokens that are cryptographically bound to a client's key pair.
class DynamicProviderOptions
Settings for the dynamic external identity provider feature, which allows identity providers
to be configured at runtime without restarting the application.
class EndpointsOptions
Controls which protocol endpoints are enabled or disabled in IdentityServer.
class EventsOptions
Controls which categories of diagnostic events are raised to the registered
<c>IEventSink</c> .
class IdentityServerBuilder
IdentityServer helper class for DI configuration
class IdentityServerOptions
The central configuration container for Duende IdentityServer. All fundamental settings are
grouped into sub-option objects accessible as properties of this class.
class InputLengthRestrictions
Maximum allowed lengths for protocol request parameters. Requests that exceed these limits
are rejected with a validation error.
class KeyManagementOptions
Settings for automatic signing key management, including key rotation, propagation, and
storage behavior.
class LoggingOptions
Settings for filtering sensitive parameter values from logs and suppressing noisy unhandled
exceptions.
class MutualTlsOptions
Settings for Mutual TLS (mTLS) support, which enables certificate-bound tokens and
X.509 client certificate authentication.
enum NameType
Describes the string so we know what to search for in certificate store
Cookie configuration for the user session plumbing
Settings for Pushed Authorization Requests (PAR), which allow clients to push authorization
parameters to IdentityServer before initiating the authorization flow.
class SamlEndpointOptions
Options for SAML endpoint paths and bindings.
class SamlMetadataOptions
Options for SAML metadata generation.
class SamlOptions
Options for SAML 2.0 Identity Provider functionality.
class ServerSideSessionOptions
Settings for server-side session storage, including periodic cleanup of expired sessions
and back-channel logout integration.
class SigningAlgorithmOptions
Configures a signing algorithm used by automatic key management.
class UserInteractionOptions
Settings for user-facing UI pages, including URLs, query parameter names, and other
behavior related to interactive authorization flows.
class ValidationOptions
Settings that control redirect URI validation behavior for the authorize and end-session
endpoints.
Duende.IdentityServer.Endpoints.Results
class AuthorizeHttpWriter
Writes http responses for <see cref="T:Duende.IdentityServer.Endpoints.Results.AuthorizeResult" /> s.
Writes the HTTP response for authorize interaction page results (login, consent,
create-account, and custom redirect pages). This class can be subclassed to
customize redirect URL construction, add cookies or headers, or change the
response behavior. Register a subclass using
<c>AddHttpWriter<AuthorizeInteractionPageResult, TWriter>()</c> .
Result for an interactive page
class AuthorizeResult
Models the result from the authorize endpoint
Models the result of backchannel authentication
class BadRequestResult
The result of a bad request
class CheckSessionResult
The resukt of the check session endpoint
class ConsentPageResult
Result for consent page
class CreateAccountPageResult
Result for create account page
class CustomRedirectResult
Result for a custom redirect
The result of device authorization
class DiscoveryDocumentResult
Result for a discovery document
class EndpointResult<T>
Provides the base implementation of <see cref="T:Duende.IdentityServer.Hosting.IEndpointResult" /> that
invokes the corresponding <see cref="T:Duende.IdentityServer.Hosting.IHttpResponseWriter`1" /> to write the
result as an http response.
class EndSessionCallbackResult
Models the result of end session callback
class EndSessionResult
Result for endsession
class IntrospectionResult
Result for introspection
class JsonWebKeysResult
Result for the jwks document
class LoginPageResult
Result for login page
Models result of a protected resource
Represents an error result from the pushed authorization endpoint that can be written to the http response.
Represents a successful result from the pushed authorization endpoint that can be written to the http response.
class StatusCodeResult
Result for a raw HTTP status code
class TokenErrorResult
Models a token error result
class TokenResult
Models a token result
Result for revocation error
class UserInfoResult
The result of userinfo
Duende.IdentityServer.Events
Event for failed API authentication
Event for successful API authentication
Event for failed backchannel authentication result
Event for successful backchannel authentication result
Event for failed client authentication
Event for successful client authentication
class ConsentDeniedEvent
Event for denied consent.
class ConsentGrantedEvent
Event for granted consent.
class DefaultEventService
The default event service
Event for device authorization failure
Event for device authorization failure
class Event
Models base class for events raised from IdentityServer.
class EventCategories
Categories for events
class EventIds
enum EventTypes
Indicates if the event is a success or fail event.
class GrantsRevokedEvent
Event for revoked grants.
Event for unhandled exceptions
Event for unhandled exceptions
Event for invalid SAML service provider configuration
Event for SAML AuthnRequest validation failure.
Event for SAML LogoutRequest validation failure.
class SamlSloFailureEvent
Event for failed SAML Single Logout.
class SamlSloSuccessEvent
Event for successful SAML Single Logout.
class SamlSsoFailureEvent
Event for failed SAML SSO.
class SamlSsoSuccessEvent
Event for successful SAML SSO assertion issuance.
Event for failed token introspection
Event for successful token introspection
class TokenIssuedFailureEvent
Event for failed token issuance
class TokenIssuedSuccessEvent
Event for successful token issuance
class TokenRevokedSuccessEvent
Event for successful token revocation
class UnhandledExceptionEvent
Event for unhandled exceptions
class UserLoginFailureEvent
Event for failed user authentication
class UserLoginSuccessEvent
Event for successful user authentication
class UserLogoutSuccessEvent
Event for successful user logout
Duende.IdentityServer.Extensions
Extensions for AuthenticationProperties
Extension methods for AuthenticationTicket
class HttpContextExtensions
class HttpRequestExtensions
class HttpResponseExtensions
class KeyManagementExtensions
Extensions for Key Management
class PrincipalExtensions
Extension methods for <see cref="T:System.Security.Principal.IPrincipal" /> and <see cref="T:System.Security.Principal.IIdentity" /> .
class ServerUrlExtensions
Extension methods for IServerUrls
class TokenExtensions
Extensions for Token
Extensions methods for X509Certificate2
Duende.IdentityServer.Hosting
class BaseUrlMiddleware
class CorsMiddlewareExtensions
class Endpoint
class IdentityServerMiddleware
IdentityServer middleware
interface IEndpointHandler
Endpoint handler
interface IEndpointResult
An <see cref="T:Duende.IdentityServer.Hosting.IEndpointResult" /> is the object model that describes the
results that will returned by one of the protocol endpoints provided by
IdentityServer, and can be executed to produce an HTTP response.
interface IEndpointRouter
The endpoint router is responsible for mapping incoming http requests onto
<see cref="T:Duende.IdentityServer.Hosting.IEndpointHandler" /> s, for the protocol endpoints that
IdentityServer supports.
interface IHttpResponseWriter<T>
Contract for a service that writes appropriate http responses for <see cref="T:Duende.IdentityServer.Hosting.IEndpointResult" /> objects.
Middleware for re-writing the MTLS enabled endpoints to the standard protocol endpoints
Duende.IdentityServer.Hosting.DynamicProviders
class CachingIdentityProviderStore<T>
Caching decorator for IIdentityProviderStore
class ConfigureAuthenticationContext<TAuthenticationOptions, TIdentityProvider>
Context for configuring an authentication handler from a dynamic identity provider.
class ConfigureAuthenticationOptions<TAuthenticationOptions, TIdentityProvider>
Helper class for configuring authentication options from a dynamic identity provider
Models a dynamic authentication scheme and it's corresponding IdentityProvider data.
Cache for DynamicAuthenticationScheme.
Tracks previously observed <see cref="T:Duende.IdentityServer.Models.IdentityProvider" /> instances per scheme and
evicts the corresponding ASP.NET Core <see cref="T:Microsoft.Extensions.Options.IOptionsMonitorCache`1" />
entry when a provider's configuration has changed. This allows the authentication
handler options to stay in sync with the identity provider store without requiring
an HTTP context for service resolution.
class NonCachingIdentityProviderStore<T>
Decorator for IIdentityProviderStore that will purge the IOptionsMonitor so that the options are not cached.
Public options type for SAML dynamic provider configuration. Enables customers
to use <c>ConfigureAuthenticationOptions<SamlAuthenticationOptions, SamlProvider></c>
to customize SAML provider behavior per-scheme, matching the OIDC pattern with
<c>ConfigureAuthenticationOptions<OpenIdConnectOptions, OidcProvider></c> .
class ValidatingIdentityProviderStore<T>
Validating decorator for IIdentityProviderStore
Duende.IdentityServer.Hosting.LocalApiAuthentication
Context class for local API claims transformation
Events for local API authentication
Authentication handler for validating access token from the local IdentityServer
Options for local API authentication
enum LocalApiTokenMode
Models the type of tokens accepted for local API authentication
Duende.IdentityServer.Infrastructure
State formatter using IDistributedCache
class RemovePropertyModifier<T>
Duende.IdentityServer.Internal
class DefaultConcurrencyLock<T>
Default implementation.
interface IConcurrencyLock<T>
Interface to model locking.
class NopConcurrencyLock<T>
Nop implementation.
Duende.IdentityServer.Licensing
class LicenseInformation
Exposes license metadata for display in UI templates and diagnostics.
class LicenseUsageSummary
Usage summary for the current IdentityServer instance intended for auditing purposes.
Duende.IdentityServer.Licensing.V2.Diagnostics
class DiagnosticContext
Duende.IdentityServer.Models
class AuthorizationRequest
Represents contextual information about a authorization request.
Models the information to initiate a user login request due to a CIBA request.
class ClientExtensions
Extension methods for client.
class ConsentRequest
Models the parameters to identify a request for consent.
class ConsentResponse
Models the user's response to the consent screen.
Represents contextual information about a device flow authorization request.
Request object for device flow interaction
class ErrorMessage
Models the data for the error page.
class Grant
Models a grant the user has given.
class GrantTypes
class HashExtensions
Extension methods for hashing strings
interface IAuthenticationContext
Protocol-agnostic context for an authentication request, providing
the common information needed by login/consent UI pages.
class IdentityResources
Convenience class that defines standard identity resources.
class IsActiveContext
Context describing the is-active check
class JsonWebKey
class LogoutMessage
Models the validated singout context.
Provides the context necessary to construct a logout notification.
Models the reason the user's session was ended.
class LogoutRequest
Models the request from a client to sign the user out.
class Message<TModel>
Base class for data that needs to be written out as cookies.
class ParsedSecret
Represents a secret extracted from the HttpContext
Class describing the profile data request
Extensions for ProfileDataRequestContext
Models the data to create a refresh token from a validated request.
Models the data to update a refresh token.
class ResourceExtensions
Extensions for Resource
class SecurityKeyInfo
Information about a security key
class TokenCreationRequest
Models the data to create a token from a validated request.
enum TokenRequestErrors
Token request errors
class UserSession
Results from querying user sessions from session management service.
Duende.IdentityServer.ResponseHandling
Default logic for determining if user must login or consent when making requests to the authorization endpoint.
class AuthorizeResponse
The authorize response generator
Models a backchannel authentication response
The backchannel authentication response generator
The device authorization response generator
Default implementation of the discovery endpoint response generator
interface IAuthorizeInteractionResponseGenerator
Determines whether the user must log in, consent, create an account, or be redirected to a
custom page before the authorization endpoint can issue a response. This interface is invoked
during every authorization request, after the request has been validated but before the
authorization code or tokens are issued.
interface IAuthorizeResponseGenerator
Generates the authorization endpoint response after all interaction requirements have been
satisfied. Depending on the requested response type, this produces an authorization code,
tokens, or both, and packages them into an <see cref="T:Duende.IdentityServer.ResponseHandling.AuthorizeResponse" /> that is then
serialized and returned to the client's redirect URI.
Generates the response returned from the backchannel authentication endpoint as part of the
Client-Initiated Backchannel Authentication (CIBA) flow. The response contains the
<c>auth_req_id</c> that the client uses to poll the token endpoint, along with the expiration
and polling interval. This interface is invoked after the backchannel authentication request
has been validated and the authentication request has been stored.
interface IDeviceAuthorizationResponseGenerator
Generates the response returned from the device authorization endpoint (RFC 8628). The
response contains the device code, user code, verification URI, and polling interval that
the device uses to poll the token endpoint while the user completes authorization on a
separate device. This interface is invoked after the device authorization request has been
validated.
interface IDiscoveryResponseGenerator
Generates the responses for the OpenID Connect discovery endpoint
( <c>/.well-known/openid-configuration</c> ) and the JSON Web Key Set endpoint
( <c>/.well-known/openid-configuration/jwks</c> ). The discovery document advertises the
server's capabilities, supported grant types, endpoints, and signing algorithms. The JWK
document exposes the public keys used to verify tokens issued by this server.
interface IIntrospectionResponseGenerator
Generates the response returned from the token introspection endpoint (RFC 7662). The
response describes whether a presented token is active and, if so, includes the token's
claims and metadata such as scope, subject, client ID, and expiration. This interface is
invoked after the introspection request has been validated and the caller's identity has
been confirmed.
class InteractionResponse
Indicates interaction outcome for user on authorization endpoint.
Models the types of interaction results from the IAuthorizeInteractionResponseGenerator
The introspection response generator
interface IPushedAuthorizationResponseGenerator
Generates response models for the pushed authorization endpoint (RFC 9126). The response
contains a <c>request_uri</c> that the client can use in a subsequent authorization request
to reference the pushed authorization parameters, along with the expiration of that URI.
This service encapsulates the behavior needed to create a response model from a validated
pushed authorization request.
interface ITokenResponseGenerator
Generates the response returned from the token endpoint for a successfully validated token
request. The response is an object model describing the tokens and metadata that will be
serialized into the HTTP response body. This interface is invoked after the token request has
been validated and covers all supported grant types: authorization code, client credentials,
resource owner password, refresh token, device code, CIBA, and extension grants.
interface ITokenRevocationResponseGenerator
Generates the response for the token revocation endpoint (RFC 7009) and performs the actual
revocation of the presented token. When a valid access token or refresh token is submitted,
this generator revokes it (and, for refresh tokens, any associated access tokens) and
produces the appropriate HTTP response. This interface is invoked after the revocation
request has been validated.
interface IUserInfoResponseGenerator
Generates the response returned from the UserInfo endpoint. The response is a dictionary of
claims about the authenticated user, filtered to the scopes and claims that were granted in
the access token presented with the request. This interface is invoked after the UserInfo
request has been validated and the access token has been introspected.
Represents failure from the pushed authorization endpoint.
Base class for responses from the pushed authorization endpoint.
Represents success from the pushed authorization endpoint.
class TokenErrorResponse
Models a token error response
class TokenResponse
Models a token response
class TokenResponseGenerator
The default token response generator
class TokenRevocationResponse
Models a token revocation response
Default revocation response generator
The userinfo response generator
Duende.IdentityServer.Saml
class Assertion
A Saml assertion
class AttributeStatement
AttributeStatement, Core 2.7.3
class AudienceRestriction
Audience Restrictions, Core 2.5.1.4
class AuthnContext
AuthnContext, Core 2.7.2.2
class AuthnStatement
AuthnStatement, Core 2.7.2
class Conditions
Conditions, core 2.5.1
class IdpInitiatedSsoResult
The result of an IdP-initiated SSO operation. Either a success containing an
<see cref="T:Microsoft.AspNetCore.Http.IResult" /> that writes the SAML response via the appropriate
binding, or an error with a descriptive message the host can display in its portal UI.
interface IIdpInitiatedSsoService
Service for generating IdP-initiated SSO responses. The host calls this from
a portal page (or similar UI) where the user is already authenticated.
The service validates the target SP, generates a signed SAML response, and
returns an <see cref="T:Duende.IdentityServer.Saml.IdpInitiatedSsoResult" /> that either contains an
<see cref="T:Microsoft.AspNetCore.Http.IResult" /> the host returns from its endpoint, or an error the
host can display in its portal UI.
interface ISamlLogoutNotificationService
Service for building SAML front-channel logout notifications.
class NameId
The Saml NameIDType
class Saml2Entity
A Saml2 entity, i.e. an Identity Provider or a Service Provider
class SamlAttribute
Saml Attribute, Core 2.7.3.1
class SamlAutoPostResult
An <see cref="T:Microsoft.AspNetCore.Http.IResult" /> that writes a SAML response to the browser via the
appropriate front-channel binding (e.g., HTTP-POST auto-submit form).
Internally delegates to the IdentityServer <see cref="T:Duende.IdentityServer.Saml.Endpoints.Results.Saml2FrontChannelResult" />
pipeline, which resolves the correct binding and response writer from DI.
class SamlConstants
Result of generating SAML front-channel logout notifications.
class Subject
A Saml2 Subject, see core 2.4.1.
class SubjectConfirmation
SubjectConfirmation, Core 2.4.1.1
class SubjectConfirmationData
SubjectConfirmationData, Core 2.4.1.2
enum TrustLevel
What is the trust level of a piece of data? The levels reflect
how trustworthy the data is based on if it is signed and how
the signature can be validated.
Duende.IdentityServer.Saml.Bindings
class FrontChannelBinding
A SAML2 Binding that operates on the front channel, i.e. browser.
class HttpPostBinding
Saml Http POST Binding
class HttpRedirectBinding
Saml2 Http Redirect Binding
interface IFrontChannelBinding
A SAML2 Binding that operates on the front channel, i.e. browser.
interface IHttpRedirectBinding
Redirect binding implementation
class InboundSaml2Message
An inbound Saml2 message received via a binding.
class OutboundSaml2Message
An outbound Saml2 message to be sent via a binding.
class Saml2Message
Represents a Saml2 message as seen by the binding.
Duende.IdentityServer.Saml.Common
struct DateTimeUtc
DateTime that only allows DateTimeKind UTC.
class Extensions
Extensions
Duende.IdentityServer.Saml.Configuration
enum SamlBindingType
SAML 2.0 binding types for authentication requests.
Default constants for the standalone SAML 2.0 Service Provider handler.
Configuration options for a standalone SAML 2.0 Service Provider authentication
scheme, registered via the AddSamlServiceProvider extension methods on
AuthenticationBuilder.
Duende.IdentityServer.Saml.Endpoints.Results
class Saml2FrontChannelResult
Result from a Saml2 endpoint that wraps a Saml2 message and should be handled by
a front channel binding.
class Saml2LoginPageResult
Result when Saml2 single sign on resulted in login being required.
class Saml2LoginRedirectResult
Endpoint result that issues a redirect to the login page.
class Saml2LogoutPageResult
Result when SAML Single Logout requires the user to be logged out via the IdentityServer logout page.
class Saml2MetadataResult
Result of Saml2 Metadata generation
Write a Saml2 Metadata document to the HttpContext
Duende.IdentityServer.Saml.Metadata
class Endpoint
Saml2 Endpoint Type.
class EntityDescriptor
A Saml2 Metadata <EntityDescriptor> element.
class IDPSSODescriptor
IDPSSODescriptor
class IndexedEndpoint
Metadata IndexedEndpoint
class KeyDescriptor
Metadata key descriptor
class MetadataBase
Abstract class for Metadata root node.
class RoleDescriptor
Base class for role descriptors, implements RoleDescriptorType
class SSODescriptor
Abstract SSODescriptor type.
Duende.IdentityServer.Saml.Models
class SamlAttribute
Represents a SAML 2.0 Attribute element
Represents contextual information about a SAML authentication request,
extracted from <see cref="T:Duende.IdentityServer.Saml.SamlAuthenticationState" /> for use by login UI pages.
Mirrors the OIDC <c>AuthorizationRequest</c> pattern.
class SamlError
class SamlSpSessionData
Represents SAML SP session data stored in the user's authentication session.
class SamlStatusCodes
Well-known SAML 2.0 status code URNs as defined in the SAML 2.0 Core specification.
class SamlVersions
Well-known SAML version strings.
Duende.IdentityServer.Saml.ResponseHandling
interface ISaml2MetadataResponseGenerator
Saml2 metadata response generator
interface ISaml2SloResponseGenerator
Response generator for SAML 2.0 Single Logout
interface ISaml2SsoInteractionResponseGenerator
Interaction response generator for Saml2 AuthnRequests
interface ISaml2SsoResponseGenerator
Response generator for Saml2 Single Sign On
class Saml2InteractionResponse
Represents the result of processing a SAML AuthnRequest interaction check.
Response generator for SAML 2.0 Single Logout.
Determines whether user interaction (login) is required for a SAML SSO request.
This generator is only invoked on the SSO endpoint path (initial AuthnRequest processing),
where <see cref="P:Duende.IdentityServer.Saml.Validation.ValidatedAuthnRequest.AuthnRequest" /> is always populated from the parsed XML.
It is never called on the callback path after login.
Response Generator for Saml2 Single Sign On.
Duende.IdentityServer.Saml.Samlp
class AuthnRequest
Authentication request
class IdpEntry
Specifies a single identity provider, Core 3.4.1.3.1
class IdpList
An advisory list of identity providers and associated information.
Element IdpList, Core 3.4.1.3
class LogoutRequest
A SAML2p LogoutRequest
class LogoutResponse
A SAML2p LogoutResponse
class NameIdPolicy
Element NameIDPolicy, Core 3.4.1.1
class RequestAbstractType
Abstract base class for requests
class RequestedAuthnContext
Specifies the authentication Context requirements of authentication statements.
Element RequestedAuthContext, Core 3.3.2.2.1
class Response
A Saml2p SamlResponse
class SamlStatus
Samlp Status element
class Scoping
Specifies the identity providers trusted by the requester.
Element Scoping, Core 3.4.1.2
class StatusCode
Samlp StatusCode element
class StatusResponseType
Saml2 p abstract StatusResponseType
Duende.IdentityServer.Saml.Serialization
interface ISamlXmlReader
Reader for Saml classes from Xml
interface ISamlXmlWriter
Write Saml entities to XML
class SamlXmlReader
Reader for data from an Xml Document.
class SamlXmlWriter
Xml writer for Saml classes
Resolves a <see cref="T:Duende.IdentityServer.Saml.Saml2Entity" /> from <see cref="T:Duende.IdentityServer.Stores.ISamlServiceProviderStore" /> for use
as the <see cref="P:Duende.IdentityServer.Saml.Serialization.ISamlXmlReader.EntityResolver" /> on the IdP side.
Duende.IdentityServer.Saml.Services
interface ISaml2FrontChannelLogoutRequestBuilder
Builds outbound SAML 2.0 LogoutRequest messages for front-channel logout notifications.
interface ISaml2IssuerNameService
Access to current IdentityServer Entity Id.
interface ISamlNameIdGenerator
Generates SAML NameID values for SSO responses. Register a custom implementation
to override the built-in email, persistent, and unspecified format handling.
interface ISamlResourceResolver
Resolves the claim types that a SAML service provider is allowed to receive,
based on its AllowedScopes and RequestedClaimTypes configuration.
AllowedScopes must contain only identity resource names — API resource scopes
are not supported for SAML service providers.
interface ISamlSigningService
Service for obtaining signing credentials for SAML operations.
class NameIdGenerationContext
Context provided to <see cref="T:Duende.IdentityServer.Saml.Services.ISamlNameIdGenerator" /> for NameID generation.
class NameIdGenerationResult
Result of NameID generation, representing either a successful <see cref="P:Duende.IdentityServer.Saml.Services.NameIdGenerationResult.NameId" /> or
a SAML protocol error.
Builds outbound SAML 2.0 LogoutRequest messages for front-channel logout notifications.
Default implementation of <see cref="T:Duende.IdentityServer.Saml.ISamlLogoutNotificationService" /> that uses the new
<see cref="T:Duende.IdentityServer.Saml.Services.ISaml2FrontChannelLogoutRequestBuilder" /> to build outbound LogoutRequest messages.
class SamlLogoutRequestContext
Encapsulates the result of building a SAML LogoutRequest, including the binding-layer
message and application-level metadata needed for response correlation.
The result of resolving claim types for a SAML service provider.
Duende.IdentityServer.Saml.Services.Default
Default implementation of <see cref="T:Duende.IdentityServer.Saml.IIdpInitiatedSsoService" /> .
Validates the target SP, generates a signed SAML response, records the SP
session for SLO, and returns an <see cref="T:Duende.IdentityServer.Saml.IdpInitiatedSsoResult" /> containing
the HTML auto-POST form.
Default implementation of <see cref="T:Duende.IdentityServer.Saml.Services.ISamlNameIdGenerator" /> supporting email
and unspecified NameID formats.
Default implementation of <see cref="T:Duende.IdentityServer.Saml.Services.ISamlResourceResolver" /> that resolves
claim types from the SP's AllowedScopes via the resource store.
Duende.IdentityServer.Saml.Validation
Result of AuthnRequestValidation
class AuthnRequestValidator
AuthnRequest validator
interface IAuthnRequestValidator
Validator for AuthnRequest
interface ILogoutRequestValidator
Validator for LogoutRequest
Result of LogoutRequest validation
class LogoutRequestValidator
LogoutRequest validator
class ValidatedAuthnRequest
Validated AuthnRequest
class ValidatedLogoutRequest
Validated LogoutRequest context
Duende.IdentityServer.Saml.Xml
ECDSA-SHA256 signature description for use with <see cref="T:System.Security.Cryptography.Xml.SignedXml" /> .
ECDSA-SHA384 signature description for use with <see cref="T:System.Security.Cryptography.Xml.SignedXml" /> .
ECDSA-SHA512 signature description for use with <see cref="T:System.Security.Cryptography.Xml.SignedXml" /> .
ECDSA signature deformatter for use with <see cref="T:System.Security.Cryptography.Xml.SignedXml" /> .
Base <see cref="T:System.Security.Cryptography.SignatureDescription" /> for ECDSA algorithms.
Required to register ECDSA algorithm URIs with <see cref="T:System.Security.Cryptography.CryptoConfig" /> so that
<see cref="T:System.Security.Cryptography.Xml.SignedXml" /> can resolve and use them for signing and verification.
Must be <c>public</c> because <see cref="M:System.Security.Cryptography.CryptoConfig.AddAlgorithm(System.Type,System.String[])" /> requires types
accessible from outside their assembly.
class EcdsaSignatureFormatter
ECDSA signature formatter for use with <see cref="T:System.Security.Cryptography.Xml.SignedXml" /> .
class Error
Represents an error that occured during parsing.
enum ErrorReason
Error reasons in the error reporting.
class ReadErrorInspectorContext<TData>
Context for an error inspector.
class SamlXmlException
Exception type thrown for Xml-related errors from the Saml2 library.
class SignedXmlHelper
Helpers for SignedXml
class SigningKey
Represents a signing key.
class XmlHelpers
Xml utilities
class XmlTraverser
Traverser to navigate an Xml document. This is essentially a replacement for the XmlNodeReader
with the difference that this keeps access to the underlying XmlDocument available. When handling
data that contains XmlSignatures it is necessary to be able to read parts of the documents and look up
references to the signed elements. That is not possible with a simple forward-only XmlReader. The
EnvelopedSignatureReader of the Microsoft.IdentityModel.Xml library is just too complex and error
prone in my opinion, I prefer using the SignedXml implementation for signature handling.
Duende.IdentityServer.Services
class BackChannelLogoutRequest
Information necessary to make a back-channel logout request to a client.
Models the data needed for a user to complete a backchannel authentication request.
Default implementation of IBackchannelAuthenticationInteractionService.
Models making HTTP requests for back-channel logout notification.
Default back-channel logout notification implementation.
class DefaultClaimsService
Default claims provider implementation
class DefaultConsentService
Default consent service
class DefaultCorsPolicyService
Default CORS policy service.
class DefaultEventSink
Default implementation of the event service. Write events raised to the log.
Default handle generation service
class DefaultIssuerNameService
Abstracts issuer name access
Default JwtRequest client
The default key material service
Default persisted grant service
class DefaultProfileService
Default profile service implementation.
This implementation sources all claims from the current subject (e.g. the cookie).
Default refresh token service
class DefaultReplayCache
Default implementation of the replay cache using IDistributedCache
class DefaultServerUrls
Implements IServerUrls
Default session coordination service
Default session management service
Default token creation service
class DefaultTokenService
Default token service
class DefaultUserCodeService
Default user code service implementation.
class DefaultUserSession
Cookie-based session implementation
A pushed authorization request that is not serialized.
class DiagnosticDataService
Implementation of IBackchannelAuthenticationThrottlingService that uses the IDistributedCache.
The default device flow throttling service using IDistributedCache.
Provides services used by the user interface to communicate with IdentityServer for
Client-Initiated Backchannel Authentication (CIBA) login requests.
This service is available from the dependency injection system and is typically injected
as a constructor parameter into MVC controllers that implement the CIBA user interaction UI.
The backchannel authentication throttling service.
Used to contact users when a Client-Initiated Backchannel Authentication (CIBA) login request has been made.
To use CIBA, you must implement this interface and register it in the ASP.NET Core service provider.
The implementation is responsible for delivering the login notification to the user via an
out-of-band channel such as push notification, SMS, or email.
interface IBackChannelLogoutHttpClient
Models making HTTP requests for back-channel logout notification.
interface IBackChannelLogoutService
The service responsible for performing back-channel logout notification.
interface IClaimsService
The claims service is responsible for determining which claims to include in tokens
interface IConsentService
Service to retrieve and update consent.
interface IDeviceFlowCodeService
Wrapper service for IDeviceFlowStore.
interface IDeviceFlowInteractionService
Provides services used by the user interface to communicate with IdentityServer during
OAuth 2.0 Device Authorization Grant (device flow) authorization.
This service is available from the dependency injection system and is typically injected
as a constructor parameter into MVC controllers that implement the device flow UI.
interface IDeviceFlowThrottlingService
The device flow throttling service.
interface IEventService
Provides the ability to raise IdentityServer events, such as successful or failed logins,
token issuance, and consent decisions. Events are dispatched to the registered
<see cref="T:Duende.IdentityServer.Services.IEventSink" /> for persistence or forwarding to external systems.
Use <see cref="M:Duende.IdentityServer.Services.IEventService.CanRaiseEventType(Duende.IdentityServer.Events.EventTypes)" /> to check whether a given event category is enabled
before constructing and raising an event.
interface IEventSink
Handles the persistence or forwarding of IdentityServer events raised by <see cref="T:Duende.IdentityServer.Services.IEventService" /> .
Implement this interface to integrate IdentityServer's event stream with an external system
such as a logging framework, audit database, or SIEM solution.
interface IHandleGenerationService
Interface for the handle generation service
interface IIdentityServerInteractionService
Provides services used by the user interface to communicate with IdentityServer,
mainly pertaining to user interaction such as login, consent, logout, and error handling.
This service is available from the dependency injection system and is typically injected
as a constructor parameter into MVC controllers that implement the IdentityServer UI.
interface IIssuerNameService
Abstract access to the current issuer name
interface IJwtRequestUriHttpClient
Models making HTTP requests for JWTs from the authorize endpoint.
interface IKeyMaterialService
Interface for the key material service
interface ILogoutNotificationService
Provides features for OIDC signout notifications.
An ICorsPolicyService for use with clients configured with AddInMemoryClients.
This service will allow any origin included in any client's AllowedCorsOrigins.
interface IPersistedGrantService
Provides access to a user's persisted grants, which represent consents and authorizations
that have been granted to client applications. Use this service to retrieve or revoke
grants on behalf of a user, for example when building a grants management page.
interface IProfileService
Allows IdentityServer to connect to your user and profile store.
Implement this interface to control which claims are included in tokens and at the UserInfo endpoint,
and to determine whether a user is currently allowed to obtain tokens (e.g. if the account has been deactivated).
interface IPushedAuthorizationSerializer
Contract for a service that can serialize and deserialize pushed
authorization requests.
interface IPushedAuthorizationService
Contract for a service that performs high-level operations on pushed
authorization requests.
interface IRefreshTokenService
Handles the lifecycle of refresh tokens, including validation, creation, and rotation.
The default implementation is <c>DefaultRefreshTokenService</c> . Rather than implementing
this interface from scratch, it is recommended to derive from the default implementation
and override its virtual methods — in particular <c>AcceptConsumedTokenAsync</c> — to
customize how consumed one-time-use tokens are handled (e.g. to add a grace period for
network failures or to treat replay as an attack and revoke access).
interface IReplayCache
Interface for replay cache implementations
interface IReturnUrlParser
Interface for the return URL parser
interface IServerUrls
Configures the per-request URLs and paths into the current server
interface ISessionCoordinationService
Service responsible for logic around coordinating client and server session lifetimes.
interface ISessionManagementService
Provides administrative features for querying and terminating server-side sessions.
When server-side sessions are enabled, this service can be used to enumerate active sessions
and to terminate them — including revoking associated tokens and consents, and triggering
back-channel logout notifications to participating clients.
interface ITokenCreationService
Responsible for serializing a <see cref="T:Duende.IdentityServer.Models.Token" /> model into a signed and protected JWT string.
The default implementation is <c>DefaultTokenCreationService</c> .
This is the lowest-level token creation hook; prefer <see cref="T:Duende.IdentityServer.Services.IProfileService" /> ,
<c>IClaimsService</c> , or <see cref="T:Duende.IdentityServer.Services.ITokenService" /> for adding or modifying claims,
and only implement this interface when those extension points are insufficient.
If customization is needed, derive from <c>DefaultTokenCreationService</c> and override
<c>CreatePayloadAsync</c> rather than implementing this interface from scratch.
interface ITokenService
Responsible for building the <see cref="T:Duende.IdentityServer.Models.Token" /> model for identity tokens and access tokens.
This is a higher-level service than <see cref="T:Duende.IdentityServer.Services.ITokenCreationService" /> : it assembles the
token's claims, lifetime, and signing key information, then delegates serialization to
<see cref="T:Duende.IdentityServer.Services.ITokenCreationService" /> . Implement or override this service to customize how
token models are constructed before they are signed and serialized.
interface IUiLocalesService
interface IUserCodeGenerator
Implements device flow user code generation
interface IUserCodeService
Implements user code generation
interface IUserSession
Manages the current user's authentication session and tracks the client applications
that are participating in it. The session is identified by a unique random session ID
assigned when the user first logs in. As clients request tokens, their IDs are recorded
in the session so that IdentityServer can send logout notifications to all participating
clients at sign-out time.
This interface also exposes methods for managing the session ID cookie used by
IdentityServer's OIDC session management implementation.
The default implementation is <c>DefaultUserSession</c> , which stores the session ID
and client list in the authentication properties.
Default implementation of logout notification service.
Nop implementation of IUserLoginService.
class NumericUserCodeGenerator
User code generator using 9 digit number
Default implementation of <see cref="T:Duende.IdentityServer.Services.IPushedAuthorizationSerializer" /> .
class RemoveSessionsContext
Models the information to remove a user's session data.
class ReturnUrlParser
Parses a return URL using all registered URL parsers
class SessionValidationRequest
Models request to validation a session from a client.
Represent the type of session validation request
Duende.IdentityServer.Services.Default
Default wrapper service for IDeviceFlowStore, handling key hashing
class DefaultUiLocalesService
Duende.IdentityServer.Services.KeyManagement
Implementation of IValidationKeysStore and ISigningCredentialStore based on KeyManager.
Client configuration validator that ensures access token lifetimes are compatible with the key management options.
Implementation of IKeyProtector based on ASP.NET Core's data protection feature.
class EcKeyContainer
Container class for ECDsaSecurityKey.
class FileSystemKeyStore
Implementation of ISigningKeyStore based on file system.
interface IAutomaticKeyManagerKeyStore
Store abstraction for automatic key management.
interface IKeyManager
Interface to model loading the keys.
interface ISigningKeyProtector
Interface to model protecting/unprotecting RsaKeyContainer.
interface ISigningKeyStoreCache
Interface to model caching keys loaded from key store.
class KeyContainer
Container class for key.
class KeyManager
Implementation of IKeyManager that creates, stores, and rotates signing keys.
class RsaKeyContainer
Container class for RsaSecurityKey.
class X509KeyContainer
Container class for X509 keys.
Duende.IdentityServer.Stores
class CachingClientStore<T>
Cache decorator for IClientStore
class CachingCorsPolicyService<T>
Caching decorator for ICorsPolicyService
class CachingResourceStore<T>
Caching decorator for IResourceStore that maintains a single authoritative
cached <see cref="T:Duende.IdentityServer.Models.Resources" /> snapshot. All lookup methods filter this
snapshot in memory, ensuring atomic cache population and eliminating
cross-entry drift that can occur with per-item caching strategies.
class CachingSamlServiceProviderStore<T>
Cache decorator for <see cref="T:Duende.IdentityServer.Stores.ISamlServiceProviderStore" /> .
Default implementation of <see cref="T:Duende.IdentityServer.Stores.IConnectedApplicationStore" /> that composes
<see cref="T:Duende.IdentityServer.Stores.IClientStore" /> and <see cref="T:Duende.IdentityServer.Stores.ISamlServiceProviderStore" /> to provide
a unified read-only view over all registered applications.
Default authorization code store.
Default authorization code store.
class DefaultGrantStore<T>
Base class for persisting grants using the IPersistedGrantStore.
Default reference token store.
class DefaultRefreshTokenStore
Default refresh token store.
class DefaultUserConsentStore
Default user consent store.
class IClientStoreExtensions
Extension for IClientStore
interface IConsentMessageStore
Interface for consent messages that are sent from the consent UI to the authorization endpoint.
interface IMessageStore<TModel>
Interface for a message store
class InMemoryClientStore
In-memory client store
class InMemoryDeviceFlowStore
In-memory device flow store
In-memory persisted grant store
In-memory implementation of the pushed authorization request store
class InMemoryResourcesStore
In-memory resource store
In-memory implementation of <see cref="T:Duende.IdentityServer.Saml.ISamlLogoutSessionStore" /> .
In-memory SAML Service Provider store.
In-memory implementation of <see cref="T:Duende.IdentityServer.Saml.ISamlSigninStateStore" /> .
In-memory user session store
Default signing credentials store
The default validation key store
class IResourceStoreExtensions
Extensions for IResourceStore
interface IServerSideTicketStore
Custom type for ITicketStore
interface ISigningCredentialStore
Provides the active signing credentials used by IdentityServer to sign tokens such
as identity tokens and JWT access tokens. The returned <see cref="T:Microsoft.IdentityModel.Tokens.SigningCredentials" />
represent the current primary signing key. Implement this interface to supply signing
credentials from a custom key management solution.
interface IValidationKeysStore
Provides all public keys that IdentityServer accepts for validating token signatures.
This includes the current signing key as well as any recently rotated keys that may
still be in use by previously issued tokens. The keys are published via the JWKS
(JSON Web Key Set) discovery endpoint so that resource servers and other parties can
validate tokens. Implement this interface to supply validation keys from a custom key
management solution.
class ProtectedDataMessageStore<TModel>
IMessageStore implementation that uses data protection to protect message.
class ServerSideTicketStore
IServerSideSessionService backed by server side session store
class ValidatingClientStore<T>
Client store decorator for running runtime configuration validation checks
class ValidatingSamlServiceProviderStore<T>
SAML service provider store decorator for running runtime configuration validation checks.
Duende.IdentityServer.Test
class TestUser
In-memory user object for testing. Not intended for modeling users in production.
class TestUserProfileService
Profile service for test users
Resource owner password validator for test users
class TestUserStore
Store for test users
Duende.IdentityServer.Validation
Validation result for API validation
class ApiSecretValidator
Validates API secrets using the registered secret validators and parsers
enum AuthorizeRequestType
Indicates the context in which authorization validation is occurring (is
this the authorize endpoint with or without PAR or the PAR endpoint itself?)
Validation result for authorize requests
Context for backchannel authentication request id validation.
Validation result for backchannel authentication requests
Represents the result of a backchannel authentication request.
Context information for validating a user during backchannel authentication request.
Parses a Basic Authentication header
enum BearerTokenUsageType
Models usage of a bearer token
Context for client configuration validation.
Validation result for client validation
class ClientSecretValidator
Validates a client secret using the registered secret validators and parsers
Context for custom authorize request validation.
The validation context for a custom CIBA validator.
Context class for custom token request validation
Default client configuration validator
Default implementation of the CIBA validator extensibility point. This
validator deliberately does nothing.
Default custom token validator
Default implementation of IDPoPProofValidator
Default identity provider configuration validator
class DefaultResourceValidator
Default implementation of IResourceValidator.
Default SAML service provider configuration validator.
class DefaultScopeParser
Default implementation of IScopeParser.
Validation result for device authorization requests
Validation result for device code validation request.
Models the context for validaing DPoP proof tokens.
Models the result of DPoP proof validation.
Validation result for end session callback requests.
Context for validating the id_token_hint's sub/sid claims against the current user session
during end session (logout) requests.
Represents the outcome of validating an id_token_hint's claims (sub/sid) against the
current user session during an end session (logout) request.
Represents the result of validating an id_token_hint's claims against the current user
session during an end session (logout) request.
Validates requests to the end session endpoint.
Validation result for end session requests
Class describing the extension grant validation context
class ExtensionGrantValidator
Validates an extension grant request using the registered validators
class GrantValidationResult
Models the result of custom grant validation.
Validates a shared secret stored in SHA256 or SHA512
interface IApiSecretValidator
Validator for handling API client authentication.
interface IAuthorizeRequestValidator
Authorize endpoint request validator.
The backchannel authentication request id validator
Interface for the backchannel authentication request validator
interface IBackchannelAuthenticationUserValidator
Interface for the backchannel authentication user validation
interface IClientConfigurationValidator
Validator for handling client authentication
interface IClientSecretValidator
Validator for handling client authentication
interface ICustomAuthorizeRequestValidator
Allows inserting custom validation logic into authorization requests at the authorization endpoint.
Extensibility point for adding custom validation logic to Client-Initiated Backchannel
Authentication (CIBA) requests.
interface ICustomTokenRequestValidator
Allows inserting custom validation logic into token requests at the token endpoint.
interface ICustomTokenValidator
Allows inserting custom validation logic into the access token and identity token validation pipelines.
Context for identity provider configuration validation.
Context for identity provider configuration validation.
interface IDeviceAuthorizationRequestValidator
Device authorization endpoint request validator.
interface IDeviceCodeValidator
The device code validator
interface IDPoPProofValidator
Validates Demonstrating Proof of Possession (DPoP) proof tokens submitted to IdentityServer.
interface IEndSessionRequestValidator
Validates end session requests.
interface IExtensionGrantValidator
Handles validation of token requests that use a custom (extension) OAuth grant type.
interface IIdentityProviderConfigurationValidator
Validator for handling identity provider configuration
interface IIntrospectionRequestValidator
Interface for the introspection request validator
interface IIssuerPathValidator
interface IJwtRequestValidator
Interface for request object validator
Context for validating an introspection request.
Failure reasons for introspection request
Validation result for introspection request
interface IPushedAuthorizationRequestValidator
Validation service for pushed authorization requests. Note that, in addition
to validation performed specially for pushed authorization requests, the
pushed parameters should be validated in the same way as an authorization
request sent to the authorization endpoint. Typical implementations of this
service will delegate to the <see cref="T:Duende.IdentityServer.Validation.IAuthorizeRequestValidator" /> for
this purpose.
interface IRedirectUriValidator
Validates redirect URIs and post-logout redirect URIs submitted in authorization and end-session requests.
interface IResourceOwnerPasswordValidator
Validates resource owner password credentials submitted to the token endpoint.
interface IResourceValidator
Validates requested resources (scopes and resource indicators)
Validator for SAML service provider configuration.
interface IScopeParser
Allows parsing raw scopes values into structured scope values.
interface ISecretParser
A service for parsing secrets found on the request
interface ISecretsListParser
Parser for finding the best secret in an Enumerable List
interface ISecretsListValidator
Validator for an Enumerable List of Secrets
interface ISecretValidator
Service for validating a received secret against a stored secret
interface ITokenRequestValidator
Interface for the token request validator
interface ITokenRevocationRequestValidator
Interface for the token revocation request validator
interface ITokenValidator
Interface for the token validator
interface IUserInfoRequestValidator
Validator for userinfo requests
interface IValidatedRequest
Protocol-agnostic representation of a validated request, providing
the common context needed by services like <see cref="T:Duende.IdentityServer.Services.IProfileService" /> .
Use pattern matching to downcast to a protocol-specific type
(e.g., <see cref="T:Duende.IdentityServer.Validation.ValidatedRequest" /> for OIDC).
Parses a POST body for a JWT bearer client assertion
Context for validating a JWT sent as a request parameter.
Models the result of JWT request validation.
class JwtRequestValidator
Validates JWT authorization request objects
class MutualTlsSecretParser
Parses secret according to MTLS spec
Nop implementation of IBackchannelAuthenticationUserValidator.
No-op client configuration validator (for backwards-compatibility).
Default resource owner password validator (no implementation == not supported)
class ParsedScopesResult
Represents the result of scope parsing.
Models an error parsing a scope.
class ParsedScopeValue
Models a parsed scope value.
Validates a secret stored in plain text
class PostBodySecretParser
Parses a POST body for secrets
Validates a secret based on RS256 signed JWT token
class ProofKeyThumbprint
Models the thumbprint of a proof key
Context needed to validate a pushed authorization request.
Represents the results of validating a pushed authorization request.
Models the context for validating a client's redirect URI
Class describing the resource owner password validation context
Class describing the resource validation context
Models the request to validate scopes and resource indicators for a client.
class ResourceValidationResult
Result of validation of requested scopes and resource indicators.
Compares resource_type strings, where the order of space-delimited values is insignificant.
Context for SAML service provider configuration validation.
class SecretParser
Uses the registered secret parsers to parse a secret on the current request
class SecretValidationResult
Validation result for secrets
class SecretValidator
Validates secrets using the registered validators
Default implementation of redirect URI validator. Validates the URIs against
the client's configured URIs.
Implementation of strict redirect URI validator that allows a random port if 127.0.0.1 is used.
Class describing the token endpoint request validation context
Validation result for token requests
Models the validation result of access tokens and id tokens.
class TokenValidationResult
Models the validation result of access tokens and id tokens.
Validation result for userinfo requests
Models a validated request to the authorize endpoint.
Models a validated request to the backchannel authentication endpoint.
Models a validated request to the device authorization endpoint.
Represents a validated end session (logout) request
A validated pushed authorization request
class ValidatedRequest
Base class for a validated authorize or token request
class ValidatedTokenRequest
Models a validated request to the token endpoint.
class ValidationResult
Minimal validation result class (base-class for more complex validation results)
class X509NameSecretValidator
Validator for an X.509 certificate based client secret using the common name
Validator for an X.509 certificate based client secret using the thumbprint
Microsoft.AspNetCore.Builder
Pipeline extension methods for adding IdentityServer
Options for the IdentityServer middleware
Microsoft.AspNetCore.Http
Extension methods for signin/out using the IdentityServer authentication scheme.
Microsoft.Extensions.DependencyInjection
Extension methods for registering the SAML 2.0 Service Provider handler on
<see cref="T:Microsoft.AspNetCore.Authentication.AuthenticationBuilder" /> without requiring the dynamic provider
infrastructure.
Extension methods for registering custom dynamic identity providers.
Add extension methods for configuring generic dynamic providers.
Extension methods for the IdentityServer builder
Builder extension methods for registering additional services
Builder extension methods for registering core services
Builder extension methods for registering crypto services
Builder extension methods for registering in-memory services
Builder extension methods for opting in to SAML 2.0 support.
Add extension methods for configuring OIDC dynamic providers.
Add extension methods for configuring SAML dynamic providers.
DI extension methods for adding IdentityServer
interface IIdentityServerBuilder
IdentityServer builder Interface
Extensions for registering the local access token authentication handler
Helper to clean up expired server side sessions.
Extension methods for adding session management
Implementation of IBackchannelAuthenticationUserValidator using the test user store.
Dependencies
- Duende.IdentityServer.Storage:8.0.0
- Duende.Private.Licensing:2.0.0
- Microsoft.Extensions.Configuration:10.0.7 (system references not expanded)
- System.IdentityModel.Tokens.Jwt:8.18.0
- Microsoft.AspNetCore.Authentication.OpenIdConnect:10.0.7
- Microsoft.Extensions.Caching.Hybrid:10.0.0
- Microsoft.Extensions.Caching.Abstractions:10.0.0 (system references not expanded)
- Microsoft.Extensions.Caching.Memory:10.0.0 (system references not expanded)
- Microsoft.Extensions.Logging.Abstractions:10.0.0 (system references not expanded)
- Microsoft.Extensions.Options:10.0.0 (system references not expanded)
- Microsoft.IdentityModel.Tokens.Saml:8.18.0
- Microsoft.IdentityModel.Xml:8.18.0