Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Validation.EndSessionHintValidationResult
Assembly: Duende.IdentityServer
Inheritance: object → EndSessionHintValidationResult
Represents the result of validating an id_token_hint's claims against the current user session during an end session (logout) request.
Remarks
Use the static factory methods <see cref="M:Duende.IdentityServer.Validation.EndSessionHintValidationResult.Valid" /> , <see cref="M:Duende.IdentityServer.Validation.EndSessionHintValidationResult.Invalid(System.String)" /> , and
<see cref="M:Duende.IdentityServer.Validation.EndSessionHintValidationResult.RequiresConfirmation" /> to create instances.
<para>
<b>Security note</b>: Returning <see cref="M:Duende.IdentityServer.Validation.EndSessionHintValidationResult.Valid" /> unconditionally from a custom override of
<c>ValidateIdTokenHintAsync</c> (i.e., accepting any id_token_hint regardless of sub/sid match)
creates a cross-user logout vector. An attacker holding any valid id_token_hint can silently log
out other users when the signout prompt is suppressed. Ensure custom overrides apply appropriate
validation logic.
</para>
Properties
Outcome
Gets the outcome of the validation.
public
string
ErrorMessage
Gets the error message when <see cref="P:Duende.IdentityServer.Validation.EndSessionHintValidationResult.Outcome" /> is <see cref="F:Duende.IdentityServer.Validation.EndSessionHintValidationOutcome.Invalid" /> .
Methods
public static
EndSessionHintValidationResult
Valid()
Creates a result indicating the id_token_hint's claims match the current session.
public static
EndSessionHintValidationResult
Invalid(string errorMessage)
Creates a result indicating the id_token_hint's claims do not match the current session.
The logout request will be rejected with the specified error message.
errorMessage
A description of why validation failed.
public static
EndSessionHintValidationResult
RequiresConfirmation()
Creates a result indicating that the session match is uncertain and the user should be
prompted to confirm logout. The logout request proceeds but
<see cref="P:Duende.IdentityServer.Validation.ValidatedEndSessionRequest.RequiresConfirmation" /> will be set to <c>true</c> .
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object