Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

class Microsoft.​Extensions.​DependencyInjection.​IdentityServerBuilderExtensionsAdditional

Assembly: Duende.IdentityServer

Inheritance: object → IdentityServerBuilderExtensionsAdditional

Builder extension methods for registering additional services

Methods

public static IIdentityServerBuilder
AddExtensionGrantValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IExtensionGrantValidator" /> implementation that handles a custom OAuth 2.0 extension grant type at the token endpoint.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddRedirectUriValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IRedirectUriValidator" /> implementation that controls which redirect URIs are permitted during authorization and end-session requests.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddAppAuthRedirectUriValidator​(IIdentityServerBuilder builder)
Adds an "AppAuth" (OAuth 2.0 for Native Apps) compliant redirect URI validator (does strict validation but also allows http://127.0.0.1 with random port)
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddResourceOwnerValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IResourceOwnerPasswordValidator" /> implementation for validating user credentials submitted via the Resource Owner Password Credentials grant type.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddProfileService​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Services.IProfileService" /> implementation that determines which claims are included in tokens and the userinfo endpoint response for a given user. The default implementation relies on the authentication cookie as the only source of claims.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the profile service to.
public static IIdentityServerBuilder
AddResourceValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IResourceValidator" /> implementation that validates whether the requested scopes and resources are valid for a given client.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddScopeParser​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IScopeParser" /> implementation that parses the raw scope string from authorization and token requests into individual parsed scope values.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the scope parser to.
public static IIdentityServerBuilder
AddClientStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Stores.IClientStore" /> implementation for loading client configuration. The store is wrapped in a <see cref="T:Duende.IdentityServer.Stores.ValidatingClientStore`1" /> that validates client configuration on load using the registered <see cref="T:Duende.IdentityServer.Validation.IClientConfigurationValidator" /> .
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the client store to.
public static IIdentityServerBuilder
AddResourceStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Stores.IResourceStore" /> implementation for loading identity resources, API resources, and API scopes used during request validation and token issuance.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the resource store to.
public static IIdentityServerBuilder
AddDeviceFlowStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Stores.IDeviceFlowStore" /> implementation for persisting device flow authorization codes and user codes during the OAuth 2.0 Device Authorization Grant flow.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the device flow store to.
public static IIdentityServerBuilder
AddPersistedGrantStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Stores.IPersistedGrantStore" /> implementation for persisting grants such as authorization codes, refresh tokens, reference tokens, and user consent records. Replace the default in-memory store with a durable implementation for production use.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the persisted grant store to.
public static IIdentityServerBuilder
AddSigningKeyStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Stores.ISigningKeyStore" /> implementation for persisting automatically managed signing keys. Replace the default file-system store with a durable implementation (e.g. database or key vault) for production deployments with multiple server instances.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the signing key store to.
public static IIdentityServerBuilder
AddPushedAuthorizationRequestStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Stores.IPushedAuthorizationRequestStore" /> implementation for persisting Pushed Authorization Requests (PAR). Replace the default in-memory store with a durable implementation for production use.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the pushed authorization request store to.
public static IIdentityServerBuilder
AddSamlSigninStateStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Saml.ISamlSigninStateStore" /> implementation for persisting SAML authentication state during the single sign-on flow. Replace the default in-memory store with a durable implementation for production use.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the SAML signin state store to.
public static IIdentityServerBuilder
AddSamlLogoutSessionStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Saml.ISamlLogoutSessionStore" /> implementation for persisting SAML logout session tracking state during the single logout flow. Replace the default in-memory store with a durable implementation for production use.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the SAML logout session store to.
public static IIdentityServerBuilder
AddCorsPolicyService​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Services.ICorsPolicyService" /> implementation that determines whether a given origin is allowed to make cross-origin requests to IdentityServer endpoints.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the CORS policy service to.
public static IIdentityServerBuilder
AddCorsPolicyCache​(IIdentityServerBuilder builder)
Registers a caching decorator around a custom <see cref="T:Duende.IdentityServer.Services.ICorsPolicyService" /> implementation. The decorator maintains an in-memory cache of CORS policy evaluation results to reduce repeated store lookups. Cache duration is configurable via <see cref="P:Duende.IdentityServer.Configuration.IdentityServerOptions.Caching" /> .
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the caching CORS policy service to.
public static IIdentityServerBuilder
AddSecretParser​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.ISecretParser" /> implementation for extracting client or API resource credentials from incoming HTTP requests (e.g. from headers, query strings, or the request body). Multiple parsers can be registered and are tried in order.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the secret parser to.
public static IIdentityServerBuilder
AddSecretValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.ISecretValidator" /> implementation for validating parsed client or API resource credentials against a credential store. Multiple validators can be registered and are tried in order.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the secret validator to.
public static IIdentityServerBuilder
AddClientStoreCache​(IIdentityServerBuilder builder)
Registers a caching decorator around a custom <see cref="T:Duende.IdentityServer.Stores.IClientStore" /> implementation. The decorator maintains an in-memory cache of <c>Client</c> configuration objects to reduce repeated store lookups. Cache duration is configurable via <see cref="P:Duende.IdentityServer.Configuration.IdentityServerOptions.Caching" /> .
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the caching client store to.
public static IIdentityServerBuilder
AddResourceStoreCache​(IIdentityServerBuilder builder)
Registers a caching decorator around a custom <see cref="T:Duende.IdentityServer.Stores.IResourceStore" /> implementation. The decorator maintains an in-memory cache of identity resources, API resources, and API scopes to reduce repeated store lookups. Cache duration is configurable via <see cref="P:Duende.IdentityServer.Configuration.IdentityServerOptions.Caching" /> .
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the caching resource store to.
public static IIdentityServerBuilder
AddIdentityProviderStoreCache​(IIdentityServerBuilder builder)
Registers a caching decorator around a custom <see cref="T:Duende.IdentityServer.Stores.IIdentityProviderStore" /> implementation. The decorator maintains an in-memory cache of <c>IdentityProvider</c> configuration objects to reduce repeated store lookups. Cache duration is configurable via <see cref="P:Duende.IdentityServer.Configuration.IdentityServerOptions.Caching" /> .
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the caching identity provider store to.
public static IIdentityServerBuilder
AddAuthorizeInteractionResponseGenerator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.ResponseHandling.IAuthorizeInteractionResponseGenerator" /> implementation that controls the logic at the authorization endpoint for determining when a user must be shown a UI page (e.g. login, consent, error, or a custom page). Consider deriving from <c>AuthorizeInteractionResponseGenerator</c> to augment the default behavior.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the response generator to.
public static IIdentityServerBuilder
AddCustomAuthorizeRequestValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.ICustomAuthorizeRequestValidator" /> implementation for adding additional validation logic to authorization endpoint requests, such as enforcing custom parameter requirements or business rules.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddCustomTokenRequestValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.ICustomTokenRequestValidator" /> implementation for adding additional validation logic to token endpoint requests, such as enforcing custom parameter requirements or enriching the token request context.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddCustomBackchannelAuthenticationRequestValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.ICustomBackchannelAuthenticationValidator" /> implementation for adding additional validation logic to CIBA (Client-Initiated Backchannel Authentication) requests.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddJwtBearerClientAuthentication​(IIdentityServerBuilder builder)
Adds support for client authentication using JWT bearer assertions (private_key_jwt). Registers the <c>JwtBearerClientAssertionSecretParser</c> and <c>PrivateKeyJwtSecretValidator</c> so that clients can authenticate at the token endpoint using a signed JWT instead of a shared secret.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add JWT bearer client authentication to.
public static IIdentityServerBuilder
AddClientConfigurationValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IClientConfigurationValidator" /> implementation that validates client configuration when clients are loaded from the store, allowing enforcement of organization-specific client configuration rules.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddIdentityProviderConfigurationValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IIdentityProviderConfigurationValidator" /> implementation that validates dynamic identity provider configuration when providers are loaded from the store.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddMutualTlsSecretValidators​(IIdentityServerBuilder builder)
Adds the X.509 secret parsers and validators required for mutual TLS (mTLS) client authentication. Registers <c>MutualTlsSecretParser</c> , <c>X509ThumbprintSecretValidator</c> , and <c>X509NameSecretValidator</c> so that clients can authenticate using their TLS client certificate.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add mTLS secret validators to.
public static IIdentityServerBuilder
AddBackChannelLogoutService​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Services.IBackChannelLogoutService" /> implementation that handles sending back-channel logout notifications to clients when a user's session ends.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the back-channel logout service to.
public static IHttpClientBuilder
AddBackChannelLogoutHttpClient​(IIdentityServerBuilder builder, System.​Action?<​System.​Net.​Http.​HttpClient> configureClient = null)
Configures the named <see cref="T:System.Net.Http.HttpClient" /> used for sending back-channel logout notifications to client applications. Use this to customize timeouts, add delegating handlers, or configure other <see cref="T:System.Net.Http.HttpClient" /> settings for logout HTTP calls.
Returns An <see cref="T:Microsoft.Extensions.DependencyInjection.IHttpClientBuilder" /> for further HTTP client configuration (e.g. adding handlers).
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to configure the HTTP client on.
configureClient An optional delegate to configure the <see cref="T:System.Net.Http.HttpClient" /> instance. If not provided, a default timeout of <see cref="F:Duende.IdentityServer.IdentityServerConstants.HttpClients.DefaultTimeoutSeconds" /> is applied.
public static IHttpClientBuilder
AddJwtRequestUriHttpClient​(IIdentityServerBuilder builder, System.​Action?<​System.​Net.​Http.​HttpClient> configureClient = null)
Configures the named <see cref="T:System.Net.Http.HttpClient" /> used for fetching JWT request objects from a <c>request_uri</c> parameter at the authorization endpoint. Use this to customize timeouts, add delegating handlers, or configure other <see cref="T:System.Net.Http.HttpClient" /> settings for request URI fetches.
Returns An <see cref="T:Microsoft.Extensions.DependencyInjection.IHttpClientBuilder" /> for further HTTP client configuration (e.g. adding handlers).
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to configure the HTTP client on.
configureClient An optional delegate to configure the <see cref="T:System.Net.Http.HttpClient" /> instance. If not provided, a default timeout of <see cref="F:Duende.IdentityServer.IdentityServerConstants.HttpClients.DefaultTimeoutSeconds" /> is applied.
public static IIdentityServerBuilder
AddUserSession​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Services.IUserSession" /> implementation that manages the user's authentication session, including reading and writing the session cookie and tracking session identifiers. The service is registered as scoped.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the user session to.
public static IIdentityServerBuilder
AddIdentityProviderStore​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Stores.IIdentityProviderStore" /> implementation for loading dynamic external identity provider configuration used by the dynamic providers feature. The store is wrapped in a <see cref="T:Duende.IdentityServer.Hosting.DynamicProviders.ValidatingIdentityProviderStore`1" /> that validates provider configuration on load.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the identity provider store to.
public static IIdentityServerBuilder
AddBackchannelAuthenticationUserValidator​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Validation.IBackchannelAuthenticationUserValidator" /> implementation that validates the user hint provided in a CIBA (Client-Initiated Backchannel Authentication) request, resolving the hint to a subject identifier.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validator to.
public static IIdentityServerBuilder
AddBackchannelAuthenticationUserNotificationService​(IIdentityServerBuilder builder)
Registers a custom <see cref="T:Duende.IdentityServer.Services.IBackchannelAuthenticationUserNotificationService" /> implementation that is responsible for notifying the end user of a pending CIBA authentication request (e.g. by sending a push notification or SMS).
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the notification service to.
public bool
Equals​(object obj)
Inherited from object
protected void
Finalize​()
Inherited from object
public int
GetHashCode​()
Inherited from object
GetType​()
Inherited from object
protected object
MemberwiseClone​()
Inherited from object
public string
ToString​()
Inherited from object