Introduce AuthenticationTicket extensions and move the EntityFramework/EntityFrameworkCore extensions to a better namespace

OpenIddict.sln

@@ -65,7 +65,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIddict.MongoDb.Tests",
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "shared", "shared", "{D8075F1F-6257-463B-B481-BDC7C5ABA292}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "OpenIddict.Extensions", "shared\OpenIddict.Extensions\OpenIddict.Extensions.csproj", "{B90761B9-7582-44CB-AB0D-3C4058693227}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIddict.Extensions", "shared\OpenIddict.Extensions\OpenIddict.Extensions.csproj", "{B90761B9-7582-44CB-AB0D-3C4058693227}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution

src/OpenIddict.EntityFramework/OpenIddictEntityFrameworkExtensions.cs

@@ -5,7 +5,6 @@
  */
 
 using System;
-using System.Data.Entity;
 using JetBrains.Annotations;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using OpenIddict.EntityFramework;
@@ -81,45 +80,5 @@ namespace Microsoft.Extensions.DependencyInjection
 
             return builder;
         }
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework 6.x context
-        /// using the default OpenIddict models and the default key type (string).
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static DbModelBuilder UseOpenIddict([NotNull] this DbModelBuilder builder)
-            => builder.UseOpenIddict<OpenIddictApplication,
-                                     OpenIddictAuthorization,
-                                     OpenIddictScope,
-                                     OpenIddictToken, string>();
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework 6.x
-        /// context using the specified entities and the specified key type.
-        /// Note: using this method requires creating non-generic derived classes
-        /// for all the OpenIddict entities (application, authorization, scope, token).
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static DbModelBuilder UseOpenIddict<TApplication, TAuthorization, TScope, TToken, TKey>([NotNull] this DbModelBuilder builder)
-            where TApplication : OpenIddictApplication<TKey, TAuthorization, TToken>
-            where TAuthorization : OpenIddictAuthorization<TKey, TApplication, TToken>
-            where TScope : OpenIddictScope<TKey>
-            where TToken : OpenIddictToken<TKey, TApplication, TAuthorization>
-            where TKey : IEquatable<TKey>
-        {
-            if (builder == null)
-            {
-                throw new ArgumentNullException(nameof(builder));
-            }
-
-            builder.Configurations.Add(new OpenIddictApplicationConfiguration<TApplication, TAuthorization, TToken, TKey>());
-            builder.Configurations.Add(new OpenIddictAuthorizationConfiguration<TAuthorization, TApplication, TToken, TKey>());
-            builder.Configurations.Add(new OpenIddictScopeConfiguration<TScope, TKey>());
-            builder.Configurations.Add(new OpenIddictTokenConfiguration<TToken, TApplication, TAuthorization, TKey>());
-
-            return builder;
-        }
     }
 }

src/OpenIddict.EntityFramework/OpenIddictEntityFrameworkHelpers.cs

@@ -0,0 +1,59 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using JetBrains.Annotations;
+using OpenIddict.EntityFramework;
+using OpenIddict.EntityFramework.Models;
+
+namespace System.Data.Entity
+{
+    /// <summary>
+    /// Exposes extensions allowing to register the OpenIddict Entity Framework 6.x entity sets.
+    /// </summary>
+    public static class OpenIddictEntityFrameworkHelpers
+    {
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework 6.x context
+        /// using the default OpenIddict models and the default key type (string).
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static DbModelBuilder UseOpenIddict([NotNull] this DbModelBuilder builder)
+            => builder.UseOpenIddict<OpenIddictApplication,
+                                     OpenIddictAuthorization,
+                                     OpenIddictScope,
+                                     OpenIddictToken, string>();
+
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework 6.x
+        /// context using the specified entities and the specified key type.
+        /// Note: using this method requires creating non-generic derived classes
+        /// for all the OpenIddict entities (application, authorization, scope, token).
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static DbModelBuilder UseOpenIddict<TApplication, TAuthorization, TScope, TToken, TKey>([NotNull] this DbModelBuilder builder)
+            where TApplication : OpenIddictApplication<TKey, TAuthorization, TToken>
+            where TAuthorization : OpenIddictAuthorization<TKey, TApplication, TToken>
+            where TScope : OpenIddictScope<TKey>
+            where TToken : OpenIddictToken<TKey, TApplication, TAuthorization>
+            where TKey : IEquatable<TKey>
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            builder.Configurations
+                .Add(new OpenIddictApplicationConfiguration<TApplication, TAuthorization, TToken, TKey>())
+                .Add(new OpenIddictAuthorizationConfiguration<TAuthorization, TApplication, TToken, TKey>())
+                .Add(new OpenIddictScopeConfiguration<TScope, TKey>())
+                .Add(new OpenIddictTokenConfiguration<TToken, TApplication, TAuthorization, TKey>());
+
+            return builder;
+        }
+    }
+}

src/OpenIddict.EntityFrameworkCore/OpenIddictEntityFrameworkCoreCustomizer.cs

@@ -8,7 +8,6 @@ using System;
 using JetBrains.Annotations;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Infrastructure;
-using Microsoft.Extensions.DependencyInjection;
 using OpenIddict.EntityFrameworkCore.Models;
 
 namespace OpenIddict.EntityFrameworkCore

src/OpenIddict.EntityFrameworkCore/OpenIddictEntityFrameworkCoreExtensions.cs

@@ -82,102 +82,5 @@ namespace Microsoft.Extensions.DependencyInjection
 
             return builder;
         }
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework Core context
-        /// using the default OpenIddict models and the default key type (string).
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static DbContextOptionsBuilder UseOpenIddict([NotNull] this DbContextOptionsBuilder builder)
-            => builder.UseOpenIddict<OpenIddictApplication,
-                                     OpenIddictAuthorization,
-                                     OpenIddictScope,
-                                     OpenIddictToken, string>();
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework Core 
-        /// context using the default OpenIddict models and the specified key type.
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static DbContextOptionsBuilder UseOpenIddict<TKey>([NotNull] this DbContextOptionsBuilder builder)
-            where TKey : IEquatable<TKey>
-            => builder.UseOpenIddict<OpenIddictApplication<TKey>,
-                                     OpenIddictAuthorization<TKey>,
-                                     OpenIddictScope<TKey>,
-                                     OpenIddictToken<TKey>, TKey>();
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework Core
-        /// context using the specified entities and the specified key type.
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static DbContextOptionsBuilder UseOpenIddict<TApplication, TAuthorization, TScope, TToken, TKey>([NotNull] this DbContextOptionsBuilder builder)
-            where TApplication : OpenIddictApplication<TKey, TAuthorization, TToken>
-            where TAuthorization : OpenIddictAuthorization<TKey, TApplication, TToken>
-            where TScope : OpenIddictScope<TKey>
-            where TToken : OpenIddictToken<TKey, TApplication, TAuthorization>
-            where TKey : IEquatable<TKey>
-        {
-            if (builder == null)
-            {
-                throw new ArgumentNullException(nameof(builder));
-            }
-
-            return builder.ReplaceService<IModelCustomizer, OpenIddictEntityFrameworkCoreCustomizer<
-                TApplication, TAuthorization, TScope, TToken, TKey>>();
-        }
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework Core context
-        /// using the default OpenIddict models and the default key type (string).
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static ModelBuilder UseOpenIddict([NotNull] this ModelBuilder builder)
-            => builder.UseOpenIddict<OpenIddictApplication,
-                                     OpenIddictAuthorization,
-                                     OpenIddictScope,
-                                     OpenIddictToken, string>();
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework Core
-        /// context using the default OpenIddict models and the specified key type.
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static ModelBuilder UseOpenIddict<TKey>([NotNull] this ModelBuilder builder) where TKey : IEquatable<TKey>
-            => builder.UseOpenIddict<OpenIddictApplication<TKey>,
-                                     OpenIddictAuthorization<TKey>,
-                                     OpenIddictScope<TKey>,
-                                     OpenIddictToken<TKey>, TKey>();
-
-        /// <summary>
-        /// Registers the OpenIddict entity sets in the Entity Framework Core
-        /// context using the specified entities and the specified key type.
-        /// </summary>
-        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
-        /// <returns>The Entity Framework context builder.</returns>
-        public static ModelBuilder UseOpenIddict<TApplication, TAuthorization, TScope, TToken, TKey>([NotNull] this ModelBuilder builder)
-            where TApplication : OpenIddictApplication<TKey, TAuthorization, TToken>
-            where TAuthorization : OpenIddictAuthorization<TKey, TApplication, TToken>
-            where TScope : OpenIddictScope<TKey>
-            where TToken : OpenIddictToken<TKey, TApplication, TAuthorization>
-            where TKey : IEquatable<TKey>
-        {
-            if (builder == null)
-            {
-                throw new ArgumentNullException(nameof(builder));
-            }
-
-            builder.ApplyConfiguration(new OpenIddictApplicationConfiguration<TApplication, TAuthorization, TToken, TKey>());
-            builder.ApplyConfiguration(new OpenIddictAuthorizationConfiguration<TAuthorization, TApplication, TToken, TKey>());
-            builder.ApplyConfiguration(new OpenIddictScopeConfiguration<TScope, TKey>());
-            builder.ApplyConfiguration(new OpenIddictTokenConfiguration<TToken, TApplication, TAuthorization, TKey>());
-
-            return builder;
-        }
     }
 }

src/OpenIddict.EntityFrameworkCore/OpenIddictEntityFrameworkCoreHelpers.cs

@@ -0,0 +1,116 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
+using JetBrains.Annotations;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using OpenIddict.EntityFrameworkCore;
+using OpenIddict.EntityFrameworkCore.Models;
+
+namespace Microsoft.EntityFrameworkCore
+{
+    /// <summary>
+    /// Exposes extensions allowing to register the OpenIddict Entity Framework Core entity sets.
+    /// </summary>
+    public static class OpenIddictEntityFrameworkCoreHelpers
+    {
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework Core context
+        /// using the default OpenIddict models and the default key type (string).
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static DbContextOptionsBuilder UseOpenIddict([NotNull] this DbContextOptionsBuilder builder)
+            => builder.UseOpenIddict<OpenIddictApplication,
+                                     OpenIddictAuthorization,
+                                     OpenIddictScope,
+                                     OpenIddictToken, string>();
+
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework Core 
+        /// context using the default OpenIddict models and the specified key type.
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static DbContextOptionsBuilder UseOpenIddict<TKey>([NotNull] this DbContextOptionsBuilder builder)
+            where TKey : IEquatable<TKey>
+            => builder.UseOpenIddict<OpenIddictApplication<TKey>,
+                                     OpenIddictAuthorization<TKey>,
+                                     OpenIddictScope<TKey>,
+                                     OpenIddictToken<TKey>, TKey>();
+
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework Core
+        /// context using the specified entities and the specified key type.
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static DbContextOptionsBuilder UseOpenIddict<TApplication, TAuthorization, TScope, TToken, TKey>([NotNull] this DbContextOptionsBuilder builder)
+            where TApplication : OpenIddictApplication<TKey, TAuthorization, TToken>
+            where TAuthorization : OpenIddictAuthorization<TKey, TApplication, TToken>
+            where TScope : OpenIddictScope<TKey>
+            where TToken : OpenIddictToken<TKey, TApplication, TAuthorization>
+            where TKey : IEquatable<TKey>
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            return builder.ReplaceService<IModelCustomizer, OpenIddictEntityFrameworkCoreCustomizer<
+                TApplication, TAuthorization, TScope, TToken, TKey>>();
+        }
+
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework Core context
+        /// using the default OpenIddict models and the default key type (string).
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static ModelBuilder UseOpenIddict([NotNull] this ModelBuilder builder)
+            => builder.UseOpenIddict<OpenIddictApplication,
+                                     OpenIddictAuthorization,
+                                     OpenIddictScope,
+                                     OpenIddictToken, string>();
+
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework Core
+        /// context using the default OpenIddict models and the specified key type.
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static ModelBuilder UseOpenIddict<TKey>([NotNull] this ModelBuilder builder) where TKey : IEquatable<TKey>
+            => builder.UseOpenIddict<OpenIddictApplication<TKey>,
+                                     OpenIddictAuthorization<TKey>,
+                                     OpenIddictScope<TKey>,
+                                     OpenIddictToken<TKey>, TKey>();
+
+        /// <summary>
+        /// Registers the OpenIddict entity sets in the Entity Framework Core
+        /// context using the specified entities and the specified key type.
+        /// </summary>
+        /// <param name="builder">The builder used to configure the Entity Framework context.</param>
+        /// <returns>The Entity Framework context builder.</returns>
+        public static ModelBuilder UseOpenIddict<TApplication, TAuthorization, TScope, TToken, TKey>([NotNull] this ModelBuilder builder)
+            where TApplication : OpenIddictApplication<TKey, TAuthorization, TToken>
+            where TAuthorization : OpenIddictAuthorization<TKey, TApplication, TToken>
+            where TScope : OpenIddictScope<TKey>
+            where TToken : OpenIddictToken<TKey, TApplication, TAuthorization>
+            where TKey : IEquatable<TKey>
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            return builder
+                .ApplyConfiguration(new OpenIddictApplicationConfiguration<TApplication, TAuthorization, TToken, TKey>())
+                .ApplyConfiguration(new OpenIddictAuthorizationConfiguration<TAuthorization, TApplication, TToken, TKey>())
+                .ApplyConfiguration(new OpenIddictScopeConfiguration<TScope, TKey>())
+                .ApplyConfiguration(new OpenIddictTokenConfiguration<TToken, TApplication, TAuthorization, TKey>());
+        }
+    }
+}

src/OpenIddict.Server/Internal/OpenIddictServerConfiguration.cs

@@ -59,10 +59,7 @@ namespace OpenIddict.Server.Internal
                     .ToString());
             }
 
-            options.AddScheme(OpenIddictServerDefaults.AuthenticationScheme, scheme =>
-            {
-                scheme.HandlerType = typeof(OpenIddictServerHandler);
-            });
+            options.AddScheme<OpenIddictServerHandler>(OpenIddictServerDefaults.AuthenticationScheme, displayName: null);
         }
 
         /// <summary>

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs

@@ -341,7 +341,7 @@ namespace OpenIddict.Server.Internal
             if (!options.DisableTokenStorage)
             {
                 // Extract the token identifier from the authentication ticket.
-                var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId);
+                var identifier = context.Ticket.GetInternalTokenId();
                 Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier.");
 
                 // If the authorization code/refresh token is already marked as redeemed, this may indicate that
@@ -397,7 +397,7 @@ namespace OpenIddict.Server.Internal
             if (!options.DisableAuthorizationStorage)
             {
                 // Extract the authorization identifier from the authentication ticket.
-                var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId);
+                var identifier = context.Ticket.GetInternalAuthorizationId();
                 if (!string.IsNullOrEmpty(identifier))
                 {
                     var authorization = await _authorizationManager.FindByIdAsync(identifier);

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs

@@ -81,7 +81,7 @@ namespace OpenIddict.Server.Internal
 
                 // Attach the unique identifier of the ad hoc authorization to the authentication ticket
                 // so that it is attached to all the derived tokens, allowing batched revocations support.
-                ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, identifier);
+                ticket.SetInternalAuthorizationId(identifier);
             }
         }
 
@@ -118,7 +118,7 @@ namespace OpenIddict.Server.Internal
 
             var descriptor = new OpenIddictTokenDescriptor
             {
-                AuthorizationId = ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId),
+                AuthorizationId = ticket.GetInternalAuthorizationId(),
                 CreationDate = ticket.Properties.IssuedUtc,
                 ExpirationDate = ticket.Properties.ExpiresUtc,
                 Principal = ticket.Principal,
@@ -203,8 +203,8 @@ namespace OpenIddict.Server.Internal
             ticket.Properties.ExpiresUtc = descriptor.ExpirationDate;
 
             // Restore the token/authorization identifiers using the identifiers attached with the database entry.
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, identifier)
-                  .SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, descriptor.AuthorizationId);
+            ticket.SetInternalAuthorizationId(descriptor.AuthorizationId)
+                  .SetInternalTokenId(identifier);
 
             if (options.UseReferenceTokens)
             {
@@ -309,7 +309,7 @@ namespace OpenIddict.Server.Internal
                     return null;
                 }
 
-                identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId);
+                identifier = ticket.GetInternalTokenId();
                 if (string.IsNullOrEmpty(identifier))
                 {
                     _logger.LogWarning("The identifier associated with the received token cannot be retrieved. " +
@@ -337,9 +337,8 @@ namespace OpenIddict.Server.Internal
             ticket.Properties.ExpiresUtc = await _tokenManager.GetExpirationDateAsync(token);
 
             // Restore the token/authorization identifiers using the identifiers attached with the database entry.
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, identifier);
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId,
-                await _tokenManager.GetAuthorizationIdAsync(token));
+            ticket.SetInternalAuthorizationId(await _tokenManager.GetAuthorizationIdAsync(token))
+                  .SetInternalTokenId(identifier);
 
             _logger.LogTrace("The token '{Identifier}' was successfully decrypted and " +
                              "retrieved from the database: {Claims} ; {Properties}.",
@@ -353,7 +352,7 @@ namespace OpenIddict.Server.Internal
             // Note: if the authorization identifier or the authorization itself
             // cannot be found, return true as the authorization doesn't need
             // to be revoked if it doesn't exist or is already invalid.
-            var identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId);
+            var identifier = ticket.GetInternalAuthorizationId();
             if (string.IsNullOrEmpty(identifier))
             {
                 return true;
@@ -427,7 +426,7 @@ namespace OpenIddict.Server.Internal
         private async Task<bool> TryRevokeTokensAsync([NotNull] AuthenticationTicket ticket)
         {
             // Note: if the authorization identifier is null, return true as no tokens need to be revoked.
-            var identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId);
+            var identifier = ticket.GetInternalAuthorizationId();
             if (string.IsNullOrEmpty(identifier))
             {
                 return true;
@@ -438,7 +437,7 @@ namespace OpenIddict.Server.Internal
             foreach (var token in await _tokenManager.FindByAuthorizationIdAsync(identifier))
             {
                 // Don't change the status of the token used in the token request.
-                if (string.Equals(ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId),
+                if (string.Equals(ticket.GetInternalTokenId(),
                     await _tokenManager.GetIdAsync(token), StringComparison.Ordinal))
                 {
                     continue;
@@ -484,7 +483,7 @@ namespace OpenIddict.Server.Internal
         private async Task<bool> TryExtendRefreshTokenAsync(
             [NotNull] object token, [NotNull] AuthenticationTicket ticket, [NotNull] OpenIddictServerOptions options)
         {
-            var identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId);
+            var identifier = ticket.GetInternalTokenId();
             Debug.Assert(!string.IsNullOrEmpty(identifier), "The token identifier shouldn't be null or empty.");
 
             try

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs

@@ -107,7 +107,7 @@ namespace OpenIddict.Server.Internal
             Debug.Assert(context.Ticket != null, "The authentication ticket shouldn't be null.");
             Debug.Assert(!string.IsNullOrEmpty(context.Request.ClientId), "The client_id parameter shouldn't be null.");
 
-            var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId);
+            var identifier = context.Ticket.GetInternalTokenId();
             Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier.");
 
             if (!context.Ticket.IsAccessToken())
@@ -145,12 +145,9 @@ namespace OpenIddict.Server.Internal
             }
 
             // If an authorization was attached to the access token, ensure it is still valid.
-            if (!options.DisableAuthorizationStorage &&
-                 context.Ticket.HasProperty(OpenIddictConstants.Properties.InternalAuthorizationId))
+            if (!options.DisableAuthorizationStorage && !string.IsNullOrEmpty(context.Ticket.GetInternalAuthorizationId()))
             {
-                var authorization = await _authorizationManager.FindByIdAsync(
-                    context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId));
-
+                var authorization = await _authorizationManager.FindByIdAsync(context.Ticket.GetInternalAuthorizationId());
                 if (authorization == null || !await _authorizationManager.IsValidAsync(authorization))
                 {
                     _logger.LogError("The token '{Identifier}' was declared as inactive because " +

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs

@@ -199,7 +199,7 @@ namespace OpenIddict.Server.Internal
             }
 
             // Extract the token identifier from the authentication ticket.
-            var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId);
+            var identifier = context.Ticket.GetInternalTokenId();
             Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier.");
 
             var token = await _tokenManager.FindByIdAsync(identifier);

src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs

@@ -105,7 +105,7 @@ namespace OpenIddict.Server.Internal
                 // This scenario is deliberately not supported in OpenIddict and all the tickets
                 // must be linked. To ensure the properties are flowed from the authorization code
                 // or the refresh token to the new ticket, they are manually restored if necessary.
-                if (!context.Ticket.Properties.HasProperty(OpenIddictConstants.Properties.InternalTokenId))
+                if (string.IsNullOrEmpty(context.Ticket.GetInternalTokenId()))
                 {
                     // Retrieve the original authentication ticket from the request properties.
                     var ticket = context.Request.GetProperty<AuthenticationTicket>(
@@ -147,7 +147,7 @@ namespace OpenIddict.Server.Internal
                 // If token revocation was explicitly disabled, none of the following security routines apply.
                 if (!options.DisableTokenStorage)
                 {
-                    var token = await _tokenManager.FindByIdAsync(context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId));
+                    var token = await _tokenManager.FindByIdAsync(context.Ticket.GetInternalTokenId());
                     if (token == null)
                     {
                         context.Reject(
@@ -206,7 +206,7 @@ namespace OpenIddict.Server.Internal
             // create an ad hoc authorization if an authorization code or a refresh token
             // is going to be returned to the client application as part of the response.
             if (!options.DisableAuthorizationStorage &&
-                !context.Ticket.HasProperty(OpenIddictConstants.Properties.InternalAuthorizationId) &&
+                string.IsNullOrEmpty(context.Ticket.GetInternalAuthorizationId()) &&
                 (context.IncludeAuthorizationCode || context.IncludeRefreshToken))
             {
                 await CreateAuthorizationAsync(context.Ticket, options, context.Request);

src/OpenIddict.Server/OpenIddictServerHelpers.cs

@@ -0,0 +1,89 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
+using AspNet.Security.OpenIdConnect.Extensions;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using OpenIddict.Abstractions;
+
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Exposes extensions allowing to store and retrieve
+    /// OpenIddict-specific properties in authentication tickets.
+    /// </summary>
+    public static class OpenIddictServerHelpers
+    {
+        /// <summary>
+        /// Gets the internal authorization identifier associated with the authentication ticket.
+        /// Note: this identifier can be used to retrieve the authorization from the database.
+        /// </summary>
+        /// <param name="ticket">The authentication ticket.</param>
+        /// <returns>The authorization identifier or <c>null</c> if it cannot be found.</returns>
+        public static string GetInternalAuthorizationId([NotNull] this AuthenticationTicket ticket)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+
+            return ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId);
+        }
+
+        /// <summary>
+        /// Gets the internal token identifier associated with the authentication ticket.
+        /// Note: this identifier can be used to retrieve the token from the database.
+        /// </summary>
+        /// <param name="ticket">The authentication ticket.</param>
+        /// <returns>The token identifier or <c>null</c> if it cannot be found.</returns>
+        public static string GetInternalTokenId([NotNull] this AuthenticationTicket ticket)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+
+            return ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId);
+        }
+
+        /// <summary>
+        /// Sets the internal authorization identifier associated with the authentication ticket.
+        /// Note: the identifier MUST correspond to a valid authorization entry in the database.
+        /// </summary>
+        /// <param name="ticket">The authentication ticket.</param>
+        /// <param name="identifier">The internal authorization identifier.</param>
+        /// <returns>The authentication ticket.</returns>
+        public static AuthenticationTicket SetInternalAuthorizationId(
+            [NotNull] this AuthenticationTicket ticket, [CanBeNull] string identifier)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+
+            return ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, identifier);
+        }
+
+        /// <summary>
+        /// Sets the internal token identifier associated with the authentication ticket.
+        /// Note: the identifier MUST correspond to a valid token entry in the database.
+        /// </summary>
+        /// <param name="ticket">The authentication ticket.</param>
+        /// <param name="identifier">The internal token identifier.</param>
+        /// <returns>The authentication ticket.</returns>
+        public static AuthenticationTicket SetInternalTokenId(
+            [NotNull] this AuthenticationTicket ticket, [CanBeNull] string identifier)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+
+            return ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, identifier);
+        }
+    }
+}

src/OpenIddict.Validation/Internal/OpenIddictValidationConfiguration.cs

@@ -29,12 +29,10 @@ namespace OpenIddict.Validation.Internal
         /// directly from your code. This API may change or be removed in future minor releases.
         /// </summary>
         public OpenIddictValidationConfiguration([NotNull] IDataProtectionProvider dataProtectionProvider)
-        {
-            _dataProtectionProvider = dataProtectionProvider;
-        }
+            => _dataProtectionProvider = dataProtectionProvider;
 
         /// <summary>
-        /// Registers the OpenIddict server handler in the global authentication options.
+        /// Registers the OpenIddict validation handler in the global authentication options.
         /// </summary>
         /// <param name="options">The options instance to initialize.</param>
         public void Configure(AuthenticationOptions options)
@@ -51,10 +49,7 @@ namespace OpenIddict.Validation.Internal
                     .ToString());
             }
 
-            options.AddScheme(OpenIddictValidationDefaults.AuthenticationScheme, scheme =>
-            {
-                scheme.HandlerType = typeof(OpenIddictValidationHandler);
-            });
+            options.AddScheme<OpenIddictValidationHandler>(OpenIddictValidationDefaults.AuthenticationScheme, displayName: null);
         }
 
         /// <summary>

test/OpenIddict.EntityFrameworkCore.Tests/OpenIddictEntityFrameworkCoreExtensionsTests.cs

@@ -5,12 +5,9 @@
  */
 
 using System;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore.Metadata.Conventions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
-using Moq;
 using OpenIddict.Abstractions;
 using OpenIddict.Core;
 using OpenIddict.EntityFrameworkCore.Models;
@@ -101,70 +98,5 @@ namespace OpenIddict.EntityFrameworkCore.Tests
             // Assert
             Assert.Contains(services, service => service.ServiceType == type && service.ImplementationType == type);
         }
-
-        [Fact]
-        public void UseOpenIddict_RegistersDefaultEntityConfigurations()
-        {
-            // Arrange
-            var builder = new Mock<ModelBuilder>(new ConventionSet());
-
-            // Act
-            builder.Object.UseOpenIddict();
-
-            // Assert
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictApplicationConfiguration<OpenIddictApplication, OpenIddictAuthorization, OpenIddictToken, string>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictAuthorizationConfiguration<OpenIddictAuthorization, OpenIddictApplication, OpenIddictToken, string>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictScopeConfiguration<OpenIddictScope, string>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictTokenConfiguration<OpenIddictToken, OpenIddictApplication, OpenIddictAuthorization, string>>()), Times.Once());
-        }
-
-        [Fact]
-        public void UseOpenIddict_RegistersDefaultEntityConfigurationsWithCustomKeyType()
-        {
-            // Arrange
-            var builder = new Mock<ModelBuilder>(new ConventionSet());
-
-            // Act
-            builder.Object.UseOpenIddict<long>();
-
-            // Assert
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictApplicationConfiguration<OpenIddictApplication<long>, OpenIddictAuthorization<long>, OpenIddictToken<long>, long>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictAuthorizationConfiguration<OpenIddictAuthorization<long>, OpenIddictApplication<long>, OpenIddictToken<long>, long>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictScopeConfiguration<OpenIddictScope<long>, long>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictTokenConfiguration<OpenIddictToken<long>, OpenIddictApplication<long>, OpenIddictAuthorization<long>, long>>()), Times.Once());
-        }
-
-        [Fact]
-        public void UseOpenIddict_RegistersCustomEntityConfigurations()
-        {
-            // Arrange
-            var builder = new Mock<ModelBuilder>(new ConventionSet());
-
-            // Act
-            builder.Object.UseOpenIddict<CustomApplication, CustomAuthorization, CustomScope, CustomToken, Guid>();
-
-            // Assert
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictApplicationConfiguration<CustomApplication, CustomAuthorization, CustomToken, Guid>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictAuthorizationConfiguration<CustomAuthorization, CustomApplication, CustomToken, Guid>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictScopeConfiguration<CustomScope, Guid>>()), Times.Once());
-            builder.Verify(mock => mock.ApplyConfiguration(
-                It.IsAny<OpenIddictTokenConfiguration<CustomToken, CustomApplication, CustomAuthorization, Guid>>()), Times.Once());
-        }
-
-        public class CustomApplication : OpenIddictApplication<Guid, CustomAuthorization, CustomToken> { }
-        public class CustomAuthorization : OpenIddictAuthorization<Guid, CustomApplication, CustomToken> { }
-        public class CustomScope : OpenIddictScope<Guid> { }
-        public class CustomToken : OpenIddictToken<Guid, CustomApplication, CustomAuthorization> { }
     }
 }

test/OpenIddict.EntityFrameworkCore.Tests/OpenIddictEntityFrameworkCoreHelpersTests.cs

@@ -0,0 +1,107 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Conventions;
+using Moq;
+using OpenIddict.EntityFrameworkCore.Models;
+using Xunit;
+
+namespace OpenIddict.EntityFrameworkCore.Tests
+{
+    public class OpenIddictEntityFrameworkCoreHelpersTests
+    {
+        [Fact]
+        public void UseOpenIddict_RegistersDefaultEntityConfigurations()
+        {
+            // Arrange
+            var builder = new Mock<ModelBuilder>(new ConventionSet());
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictApplication>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictAuthorization>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictScope>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictToken>>()))
+                .Returns(builder.Object);
+
+            // Act
+            builder.Object.UseOpenIddict();
+
+            // Assert
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictApplicationConfiguration<OpenIddictApplication, OpenIddictAuthorization, OpenIddictToken, string>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictAuthorizationConfiguration<OpenIddictAuthorization, OpenIddictApplication, OpenIddictToken, string>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictScopeConfiguration<OpenIddictScope, string>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictTokenConfiguration<OpenIddictToken, OpenIddictApplication, OpenIddictAuthorization, string>>()), Times.Once());
+        }
+
+        [Fact]
+        public void UseOpenIddict_RegistersDefaultEntityConfigurationsWithCustomKeyType()
+        {
+            // Arrange
+            var builder = new Mock<ModelBuilder>(new ConventionSet());
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictApplication<long>>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictAuthorization<long>>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictScope<long>>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<OpenIddictToken<long>>>()))
+                .Returns(builder.Object);
+
+            // Act
+            builder.Object.UseOpenIddict<long>();
+
+            // Assert
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictApplicationConfiguration<OpenIddictApplication<long>, OpenIddictAuthorization<long>, OpenIddictToken<long>, long>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictAuthorizationConfiguration<OpenIddictAuthorization<long>, OpenIddictApplication<long>, OpenIddictToken<long>, long>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictScopeConfiguration<OpenIddictScope<long>, long>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictTokenConfiguration<OpenIddictToken<long>, OpenIddictApplication<long>, OpenIddictAuthorization<long>, long>>()), Times.Once());
+        }
+
+        [Fact]
+        public void UseOpenIddict_RegistersCustomEntityConfigurations()
+        {
+            // Arrange
+            var builder = new Mock<ModelBuilder>(new ConventionSet());
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<CustomApplication>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<CustomAuthorization>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<CustomScope>>()))
+                .Returns(builder.Object);
+            builder.Setup(mock => mock.ApplyConfiguration(It.IsAny<IEntityTypeConfiguration<CustomToken>>()))
+                .Returns(builder.Object);
+
+            // Act
+            builder.Object.UseOpenIddict<CustomApplication, CustomAuthorization, CustomScope, CustomToken, Guid>();
+
+            // Assert
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictApplicationConfiguration<CustomApplication, CustomAuthorization, CustomToken, Guid>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictAuthorizationConfiguration<CustomAuthorization, CustomApplication, CustomToken, Guid>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictScopeConfiguration<CustomScope, Guid>>()), Times.Once());
+            builder.Verify(mock => mock.ApplyConfiguration(
+                It.IsAny<OpenIddictTokenConfiguration<CustomToken, CustomApplication, CustomAuthorization, Guid>>()), Times.Once());
+        }
+
+        public class CustomApplication : OpenIddictApplication<Guid, CustomAuthorization, CustomToken> { }
+        public class CustomAuthorization : OpenIddictAuthorization<Guid, CustomApplication, CustomToken> { }
+        public class CustomScope : OpenIddictScope<Guid> { }
+        public class CustomToken : OpenIddictToken<Guid, CustomApplication, CustomAuthorization> { }
+    }
+}

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs

@@ -715,7 +715,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -767,7 +767,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -818,7 +818,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -877,7 +877,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -935,7 +935,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1003,7 +1003,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1070,9 +1070,9 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
+            ticket.SetInternalAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -1153,9 +1153,9 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
+            ticket.SetInternalAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -1235,9 +1235,9 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
+            ticket.SetInternalAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -1330,9 +1330,9 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
+            ticket.SetInternalAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -1424,7 +1424,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1496,7 +1496,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1566,7 +1566,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1647,7 +1647,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1730,7 +1730,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1810,7 +1810,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1895,8 +1895,8 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -1973,8 +1973,8 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -2065,7 +2065,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
 
             switch (flow)
             {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs

@@ -212,7 +212,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(type);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -266,7 +266,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -321,7 +321,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetAudiences("Contoso");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -428,7 +428,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetAudiences("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -522,7 +522,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetAudiences("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -615,7 +615,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetAudiences("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -714,7 +714,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetAudiences("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs

@@ -312,7 +312,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -393,7 +393,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -437,7 +437,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -486,7 +486,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs

@@ -84,7 +84,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetAudiences("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -454,7 +454,7 @@ namespace OpenIddict.Server.Internal.Tests
 
             ticket.SetAudiences("Fabrikam");
             ticket.SetTokenId("070AAEDE-38BF-41BE-870C-4E5A73E54566");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -604,7 +604,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -1178,7 +1178,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -1310,7 +1310,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -1728,7 +1728,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -2299,7 +2299,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs

@@ -154,7 +154,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
             ticket.SetProperty("custom_property_in_original_ticket", "original_value");
@@ -226,7 +226,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -299,7 +299,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -362,7 +362,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -421,7 +421,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -490,7 +490,7 @@ namespace OpenIddict.Server.Internal.Tests
                 OpenIddictServerDefaults.AuthenticationScheme);
 
             ticket.SetPresenters("Fabrikam");
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
+            ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@@ -564,7 +564,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -630,7 +630,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -700,7 +700,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -758,7 +758,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -852,10 +852,10 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
+            ticket.SetInternalAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
 
             var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
 
@@ -937,7 +937,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -1005,7 +1005,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -1072,7 +1072,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -1138,7 +1138,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -1204,7 +1204,7 @@ namespace OpenIddict.Server.Internal.Tests
                 new AuthenticationProperties(),
                 OpenIddictServerDefaults.AuthenticationScheme);
 
-            ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
+            ticket.SetInternalTokenId("60FFF7EA-F98E-437B-937E-5073CC313103");
             ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
             ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
 
@@ -1646,7 +1646,7 @@ namespace OpenIddict.Server.Internal.Tests
 
                     if (request.HasParameter("attach-authorization"))
                     {
-                        ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "1AF06AB2-A0FC-4E3D-86AF-E04DA8C7BE70");
+                        ticket.SetInternalAuthorizationId("1AF06AB2-A0FC-4E3D-86AF-E04DA8C7BE70");
                     }
 
                     if (request.HasParameter("attach-public-parameters"))