Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

class Microsoft.​Extensions.​DependencyInjection.​IdentityServerBuilderExtensionsCrypto

Assembly: Duende.IdentityServer

Inheritance: object → IdentityServerBuilderExtensionsCrypto

Builder extension methods for registering crypto services

Methods

public static IIdentityServerBuilder
AddSigningCredential​(IIdentityServerBuilder builder, IdentityModel.​Tokens.​SigningCredentials credential)
Registers the provided <see cref="T:Microsoft.IdentityModel.Tokens.SigningCredentials" /> as the active signing key used by IdentityServer to sign tokens. The key must be asymmetric and use a supported signing algorithm (RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, or ES512). The key is also registered as a validation key and will appear in the JWKS discovery document.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the signing credential to.
credential The <see cref="T:Microsoft.IdentityModel.Tokens.SigningCredentials" /> containing the asymmetric key and algorithm to use for token signing.
public static IIdentityServerBuilder
AddSigningCredential​(IIdentityServerBuilder builder, System.​Security.​Cryptography.​X509Certificates.​X509Certificate2 certificate, string signingAlgorithm = "RS256")
Registers an X.509 certificate as the active signing credential used by IdentityServer to sign tokens. The certificate must have a private key. The signing algorithm name is appended to the key ID to allow the same certificate to be used with multiple algorithms (e.g. RS256 and PS256).
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the signing credential to.
certificate The X.509 certificate with a private key to use for token signing.
signingAlgorithm The signing algorithm to use (defaults to RS256).
public static IIdentityServerBuilder
AddSigningCredential​(IIdentityServerBuilder builder, string name, System.​Security.​Cryptography.​X509Certificates.​StoreLocation location = 2, Duende.​IdentityServer.​Configuration.​NameType nameType = 0, string signingAlgorithm = "RS256")
Loads an X.509 certificate from the Windows certificate store by name and registers it as the active signing credential used by IdentityServer to sign tokens.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the signing credential to.
name The subject distinguished name or thumbprint of the certificate to locate in the store.
location The certificate store location to search (defaults to <see cref="F:System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine" /> ).
nameType Specifies whether <paramref name="name" /> is a distinguished name or a thumbprint (defaults to <see cref="F:Duende.IdentityServer.Configuration.NameType.SubjectDistinguishedName" /> ).
signingAlgorithm The signing algorithm to use (defaults to RS256).
public static IIdentityServerBuilder
AddSigningCredential​(IIdentityServerBuilder builder, IdentityModel.​Tokens.​SecurityKey key, string signingAlgorithm)
Registers the provided <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey" /> with the specified algorithm as the active signing credential used by IdentityServer to sign tokens.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the signing credential to.
key The asymmetric security key to use for token signing.
signingAlgorithm The signing algorithm identifier (e.g. <c>RS256</c> , <c>ES256</c> ).
public static IIdentityServerBuilder
AddSigningCredential​(IIdentityServerBuilder builder, IdentityModel.​Tokens.​RsaSecurityKey key, Duende.​IdentityServer.​RsaSigningAlgorithm signingAlgorithm)
public static IIdentityServerBuilder
AddSigningCredential​(IIdentityServerBuilder builder, IdentityModel.​Tokens.​ECDsaSecurityKey key, Duende.​IdentityServer.​ECDsaSigningAlgorithm signingAlgorithm)
public static IIdentityServerBuilder
AddDeveloperSigningCredential​(IIdentityServerBuilder builder, bool persistKey = true, string filename = null, Duende.​IdentityServer.​RsaSigningAlgorithm signingAlgorithm = 0)
public static IIdentityServerBuilder
AddValidationKey​(IIdentityServerBuilder builder, Duende.​IdentityServer.​Models.​SecurityKeyInfo[] keys)
Registers one or more additional keys for validating tokens. These keys are used by the internal token validator and are published in the JWKS discovery document. Use this to support key rollover by adding the previous signing key as a validation-only key while the new key is used for signing.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add validation keys to.
keys One or more <see cref="T:Duende.IdentityServer.Models.SecurityKeyInfo" /> instances describing the keys and their algorithms.
public static IIdentityServerBuilder
AddValidationKey​(IIdentityServerBuilder builder, IdentityModel.​Tokens.​RsaSecurityKey key, Duende.​IdentityServer.​RsaSigningAlgorithm signingAlgorithm = 0)
public static IIdentityServerBuilder
AddValidationKey​(IIdentityServerBuilder builder, IdentityModel.​Tokens.​ECDsaSecurityKey key, Duende.​IdentityServer.​ECDsaSigningAlgorithm signingAlgorithm = 0)
public static IIdentityServerBuilder
AddValidationKey​(IIdentityServerBuilder builder, System.​Security.​Cryptography.​X509Certificates.​X509Certificate2 certificate, string signingAlgorithm = "RS256")
Registers an X.509 certificate as an additional validation key. The key will be used by the internal token validator and published in the JWKS discovery document. Useful for key rollover scenarios.
Returns The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> for chaining.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validation key to.
certificate The X.509 certificate whose public key is registered for token validation.
signingAlgorithm The signing algorithm associated with this certificate (defaults to RS256).
public static IIdentityServerBuilder
AddValidationKey​(IIdentityServerBuilder builder, string name, System.​Security.​Cryptography.​X509Certificates.​StoreLocation location = 2, Duende.​IdentityServer.​Configuration.​NameType nameType = 0, string signingAlgorithm = "RS256")
Loads an X.509 certificate from the Windows certificate store by name and registers it as an additional validation key. The key will be used by the internal token validator and published in the JWKS discovery document. Useful for key rollover scenarios.
builder The <see cref="T:Microsoft.Extensions.DependencyInjection.IIdentityServerBuilder" /> to add the validation key to.
name The subject distinguished name or thumbprint of the certificate to locate in the store.
location The certificate store location to search (defaults to <see cref="F:System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine" /> ).
nameType Specifies whether <paramref name="name" /> is a distinguished name or a thumbprint (defaults to <see cref="F:Duende.IdentityServer.Configuration.NameType.SubjectDistinguishedName" /> ).
signingAlgorithm The signing algorithm associated with this certificate (defaults to RS256).
public bool
Equals​(object obj)
Inherited from object
protected void
Finalize​()
Inherited from object
public int
GetHashCode​()
Inherited from object
GetType​()
Inherited from object
protected object
MemberwiseClone​()
Inherited from object
public string
ToString​()
Inherited from object