Move the server and validation components to an .Internal namespace

src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs

@@ -1137,7 +1137,7 @@ namespace OpenIddict.Core
             => UpdateAsync((TAuthorization) authorization, cancellationToken);
 
         Task IOpenIddictAuthorizationManager.UpdateAsync(object authorization, OpenIddictAuthorizationDescriptor descriptor, CancellationToken cancellationToken)
-            => UpdateAsync((TAuthorization) authorization, cancellationToken);
+            => UpdateAsync((TAuthorization) authorization, descriptor, cancellationToken);
 
         Task<ImmutableArray<ValidationResult>> IOpenIddictAuthorizationManager.ValidateAsync(object authorization, CancellationToken cancellationToken)
             => ValidateAsync((TAuthorization) authorization, cancellationToken);

src/OpenIddict.Server/IOpenIddictServerEvent.cs

@@ -1,4 +1,10 @@
-namespace OpenIddict.Server
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+namespace OpenIddict.Server
 {
     /// <summary>
     /// Represents an OpenIddict server event.

src/OpenIddict.Server/IOpenIddictServerEventHandler.cs

@@ -1,4 +1,10 @@
-using System.Threading;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System.Threading;
 using System.Threading.Tasks;
 using JetBrains.Annotations;
 

src/OpenIddict.Server/IOpenIddictServerEventService.cs

@@ -1,22 +0,0 @@
-using System.Threading;
-using System.Threading.Tasks;
-using JetBrains.Annotations;
-
-namespace OpenIddict.Server
-{
-    /// <summary>
-    /// Dispatches events by invoking the corresponding handlers.
-    /// </summary>
-    public interface IOpenIddictServerEventService
-    {
-        /// <summary>
-        /// Publishes a new event.
-        /// </summary>
-        /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
-        /// <param name="notification">The event to publish.</param>
-        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
-        /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
-        Task PublishAsync<TEvent>([NotNull] TEvent notification, CancellationToken cancellationToken = default)
-            where TEvent : class, IOpenIddictServerEvent;
-    }
-}

src/OpenIddict.Server/OpenIddictServerEventService.cs → src/OpenIddict.Server/Internal/OpenIddictServerEventService.cs

@@ -1,4 +1,10 @@
-using System;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
 using System.Threading;
 using System.Threading.Tasks;
 using AspNet.Security.OpenIdConnect.Primitives;
@@ -6,12 +12,14 @@ using JetBrains.Annotations;
 using Microsoft.Extensions.DependencyInjection;
 using static OpenIddict.Server.OpenIddictServerEvents;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
     /// <summary>
-    /// Dispatches notifications by invoking the corresponding handlers.
+    /// Dispatches events by invoking the corresponding notification handlers.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
-    public class OpenIddictServerEventService : IOpenIddictServerEventService
+    public class OpenIddictServerEventService
     {
         private readonly IServiceProvider _provider;
 

src/OpenIddict.Server/Internal/OpenIddictServerHandler.cs

@@ -1,4 +1,9 @@
-using System.ComponentModel;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
 using System.Text.Encodings.Web;
 using AspNet.Security.OpenIdConnect.Server;
 using JetBrains.Annotations;
@@ -6,9 +11,13 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    [EditorBrowsable(EditorBrowsableState.Never)]
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
     public class OpenIddictServerHandler : OpenIdConnectServerHandler
     {
         public OpenIddictServerHandler(

src/OpenIddict.Server/Internal/OpenIddictServerInitializer.cs

@@ -5,7 +5,6 @@
  */
 
 using System;
-using System.ComponentModel;
 using System.Linq;
 using System.Text;
 using AspNet.Security.OpenIdConnect.Primitives;
@@ -17,13 +16,13 @@ using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
     /// <summary>
-    /// Contains the methods required to ensure that the configuration
-    /// used by OpenIddict is in a consistent and valid state.
+    /// Contains the methods required to ensure that the OpenIddict server configuration is valid.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
-    [EditorBrowsable(EditorBrowsableState.Never)]
     public class OpenIddictServerInitializer : IPostConfigureOptions<OpenIddictServerOptions>
     {
         private readonly IDistributedCache _cache;

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs

@@ -23,9 +23,14 @@ using Newtonsoft.Json.Bson;
 using Newtonsoft.Json.Linq;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override async Task ExtractAuthorizationRequest([NotNull] ExtractAuthorizationRequestContext context)
         {

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Discovery.cs

@@ -9,9 +9,14 @@ using AspNet.Security.OpenIdConnect.Primitives;
 using AspNet.Security.OpenIdConnect.Server;
 using JetBrains.Annotations;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractConfigurationRequest([NotNull] ExtractConfigurationRequestContext context)
             => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractConfigurationRequest(context));

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs

@@ -16,9 +16,14 @@ using JetBrains.Annotations;
 using Microsoft.Extensions.Logging;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractTokenRequest([NotNull] ExtractTokenRequestContext context)
             => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractTokenRequest(context));

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs

@@ -19,9 +19,14 @@ using Microsoft.IdentityModel.Tokens;
 using Newtonsoft.Json.Linq;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         private async Task CreateAuthorizationAsync([NotNull] AuthenticationTicket ticket,
             [NotNull] OpenIddictServerOptions options, [NotNull] OpenIdConnectRequest request)

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs

@@ -13,9 +13,14 @@ using JetBrains.Annotations;
 using Microsoft.Extensions.Logging;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractIntrospectionRequest([NotNull] ExtractIntrospectionRequestContext context)
             => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractIntrospectionRequest(context));

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs

@@ -14,9 +14,14 @@ using JetBrains.Annotations;
 using Microsoft.Extensions.Logging;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractRevocationRequest([NotNull] ExtractRevocationRequestContext context)
             => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractRevocationRequest(context));

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Serialization.cs

@@ -10,9 +10,14 @@ using AspNet.Security.OpenIdConnect.Primitives;
 using AspNet.Security.OpenIdConnect.Server;
 using JetBrains.Annotations;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override async Task DeserializeAccessToken([NotNull] DeserializeAccessTokenContext context)
         {

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs

@@ -20,9 +20,14 @@ using Newtonsoft.Json.Bson;
 using Newtonsoft.Json.Linq;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override async Task ExtractLogoutRequest([NotNull] ExtractLogoutRequestContext context)
         {

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Userinfo.cs

@@ -8,9 +8,14 @@ using System.Threading.Tasks;
 using AspNet.Security.OpenIdConnect.Server;
 using JetBrains.Annotations;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    /// <summary>
+    /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractUserinfoRequest([NotNull] ExtractUserinfoRequestContext context)
         {

src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs

@@ -18,16 +18,17 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Server
+namespace OpenIddict.Server.Internal
 {
     /// <summary>
     /// Provides the logic necessary to extract, validate and handle OpenID Connect requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
-    [EditorBrowsable(EditorBrowsableState.Never)]
-    public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
+    public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         private readonly ILogger _logger;
-        private readonly IOpenIddictServerEventService _eventService;
+        private readonly OpenIddictServerEventService _eventService;
         private readonly IOpenIddictApplicationManager _applicationManager;
         private readonly IOpenIddictAuthorizationManager _authorizationManager;
         private readonly IOpenIddictScopeManager _scopeManager;
@@ -35,7 +36,7 @@ namespace OpenIddict.Server
 
         public OpenIddictServerProvider(
             [NotNull] ILogger<OpenIddictServerProvider> logger,
-            [NotNull] IOpenIddictServerEventService eventService,
+            [NotNull] OpenIddictServerEventService eventService,
             [NotNull] IOpenIddictApplicationManager applicationManager,
             [NotNull] IOpenIddictAuthorizationManager authorizationManager,
             [NotNull] IOpenIddictScopeManager scopeManager,

src/OpenIddict.Server/OpenIddictServerDefaults.cs

@@ -1,4 +1,10 @@
-using AspNet.Security.OpenIdConnect.Server;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using AspNet.Security.OpenIdConnect.Server;
 using Microsoft.AspNetCore.Authentication;
 
 namespace OpenIddict.Server

src/OpenIddict.Server/OpenIddictServerEvent.cs

@@ -1,4 +1,10 @@
-using System;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
 using JetBrains.Annotations;
 
 namespace OpenIddict.Server

src/OpenIddict.Server/OpenIddictServerEventHandler.cs

@@ -1,4 +1,10 @@
-using System;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
 using System.Threading;
 using System.Threading.Tasks;
 using JetBrains.Annotations;

src/OpenIddict.Server/OpenIddictServerEvents.cs

@@ -1,4 +1,10 @@
-using AspNet.Security.OpenIdConnect.Server;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using AspNet.Security.OpenIdConnect.Server;
 using JetBrains.Annotations;
 
 namespace OpenIddict.Server

src/OpenIddict.Server/OpenIddictServerExtensions.cs

@@ -14,6 +14,7 @@ using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using OpenIddict.Abstractions;
 using OpenIddict.Server;
+using OpenIddict.Server.Internal;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -38,18 +39,19 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.AddMemoryCache();
             builder.Services.AddOptions();
 
-            builder.Services.TryAddScoped<IOpenIddictServerEventService, OpenIddictServerEventService>();
+            builder.Services.TryAddScoped<OpenIddictServerEventService>();
             builder.Services.TryAddScoped<OpenIddictServerHandler>();
             builder.Services.TryAddScoped(provider =>
             {
                 InvalidOperationException CreateException() => new InvalidOperationException(new StringBuilder()
-                    .AppendLine("The core services must be registered when enabling the server handler.")
-                    .Append("To register the OpenIddict core services, use 'services.AddOpenIddict().AddCore()'.")
+                    .AppendLine("The core services must be registered when enabling the OpenIddict server handler.")
+                    .Append("To register the OpenIddict core services, reference the 'OpenIddict.Core' package ")
+                    .Append("and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.")
                     .ToString());
 
                 return new OpenIddictServerProvider(
                     provider.GetRequiredService<ILogger<OpenIddictServerProvider>>(),
-                    provider.GetRequiredService<IOpenIddictServerEventService>(),
+                    provider.GetRequiredService<OpenIddictServerEventService>(),
                     provider.GetService<IOpenIddictApplicationManager>() ?? throw CreateException(),
                     provider.GetService<IOpenIddictAuthorizationManager>() ?? throw CreateException(),
                     provider.GetService<IOpenIddictScopeManager>() ?? throw CreateException(),

src/OpenIddict.Server/OpenIddictServerOptions.cs

@@ -10,6 +10,7 @@ using System.Security.Cryptography;
 using AspNet.Security.OpenIdConnect.Primitives;
 using AspNet.Security.OpenIdConnect.Server;
 using Microsoft.Extensions.Caching.Distributed;
+using OpenIddict.Server.Internal;
 
 namespace OpenIddict.Server
 {

src/OpenIddict.Validation/IOpenIddictValidationEvent.cs

@@ -1,4 +1,10 @@
-namespace OpenIddict.Validation
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+namespace OpenIddict.Validation
 {
     /// <summary>
     /// Represents an OpenIddict validation event.

src/OpenIddict.Validation/IOpenIddictValidationEventHandler.cs

@@ -1,4 +1,10 @@
-using System.Threading;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System.Threading;
 using System.Threading.Tasks;
 using JetBrains.Annotations;
 

src/OpenIddict.Validation/IOpenIddictValidationEventService.cs

@@ -1,22 +0,0 @@
-using System.Threading;
-using System.Threading.Tasks;
-using JetBrains.Annotations;
-
-namespace OpenIddict.Validation
-{
-    /// <summary>
-    /// Dispatches events by invoking the corresponding handlers.
-    /// </summary>
-    public interface IOpenIddictValidationEventService
-    {
-        /// <summary>
-        /// Publishes a new event.
-        /// </summary>
-        /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
-        /// <param name="notification">The event to publish.</param>
-        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
-        /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
-        Task PublishAsync<TEvent>([NotNull] TEvent notification, CancellationToken cancellationToken = default)
-            where TEvent : class, IOpenIddictValidationEvent;
-    }
-}

src/OpenIddict.Validation/OpenIddictValidationEventService.cs → src/OpenIddict.Validation/Internal/OpenIddictValidationEventService.cs

@@ -1,15 +1,23 @@
-using System;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
 using System.Threading;
 using System.Threading.Tasks;
 using JetBrains.Annotations;
 using Microsoft.Extensions.DependencyInjection;
 
-namespace OpenIddict.Validation
+namespace OpenIddict.Validation.Internal
 {
     /// <summary>
-    /// Dispatches notifications by invoking the corresponding handlers.
+    /// Dispatches events by invoking the corresponding notification handlers.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
-    public class OpenIddictValidationEventService : IOpenIddictValidationEventService
+    public class OpenIddictValidationEventService
     {
         private readonly IServiceProvider _provider;
 

src/OpenIddict.Validation/Internal/OpenIddictValidationHandler.cs

@@ -4,7 +4,6 @@
  * the license and the contributors participating to this project.
  */
 
-using System.ComponentModel;
 using System.Text.Encodings.Web;
 using AspNet.Security.OAuth.Validation;
 using JetBrains.Annotations;
@@ -12,9 +11,13 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace OpenIddict.Validation
+namespace OpenIddict.Validation.Internal
 {
-    [EditorBrowsable(EditorBrowsableState.Never)]
+    /// <summary>
+    /// Provides the logic necessary to extract and validate tokens from HTTP requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
+    /// </summary>
     public class OpenIddictValidationHandler : OAuthValidationHandler
     {
         public OpenIddictValidationHandler(

src/OpenIddict.Validation/Internal/OpenIddictValidationHelpers.cs

@@ -8,10 +8,12 @@ using System;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
 
-namespace OpenIddict.Validation
+namespace OpenIddict.Validation.Internal
 {
     /// <summary>
     /// Defines a set of commonly used helpers.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
     internal static class OpenIddictValidationHelpers
     {

src/OpenIddict.Validation/Internal/OpenIddictValidationInitializer.cs

@@ -5,20 +5,19 @@
  */
 
 using System;
-using System.ComponentModel;
 using System.Text;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Options;
 
-namespace OpenIddict.Validation
+namespace OpenIddict.Validation.Internal
 {
     /// <summary>
-    /// Contains the methods required to ensure that the configuration used by
-    /// the OpenIddict validation handler is in a consistent and valid state.
+    /// Contains the methods required to ensure that the OpenIddict validation configuration is valid.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
-    [EditorBrowsable(EditorBrowsableState.Never)]
     public class OpenIddictValidationInitializer : IPostConfigureOptions<OpenIddictValidationOptions>
     {
         private readonly IDataProtectionProvider _dataProtectionProvider;

src/OpenIddict.Validation/Internal/OpenIddictValidationProvider.cs

@@ -5,7 +5,6 @@
  */
 
 using System;
-using System.ComponentModel;
 using System.Text;
 using System.Threading.Tasks;
 using AspNet.Security.OAuth.Validation;
@@ -13,17 +12,18 @@ using JetBrains.Annotations;
 using Microsoft.Extensions.DependencyInjection;
 using OpenIddict.Abstractions;
 
-namespace OpenIddict.Validation
+namespace OpenIddict.Validation.Internal
 {
     /// <summary>
-    /// Provides the logic necessary to extract, validate and handle OAuth2 requests.
+    /// Provides the logic necessary to extract and validate tokens from HTTP requests.
+    /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
+    /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
-    [EditorBrowsable(EditorBrowsableState.Never)]
-    public class OpenIddictValidationProvider : OAuthValidationEvents
+    public sealed class OpenIddictValidationProvider : OAuthValidationEvents
     {
-        private readonly IOpenIddictValidationEventService _eventService;
+        private readonly OpenIddictValidationEventService _eventService;
 
-        public OpenIddictValidationProvider([NotNull] IOpenIddictValidationEventService eventService)
+        public OpenIddictValidationProvider([NotNull] OpenIddictValidationEventService eventService)
             => _eventService = eventService;
 
         public override Task ApplyChallenge([NotNull] ApplyChallengeContext context)
@@ -44,7 +44,8 @@ namespace OpenIddict.Validation
                 {
                     throw new InvalidOperationException(new StringBuilder()
                         .AppendLine("The core services must be registered when enabling reference tokens support.")
-                        .Append("To register the OpenIddict core services, use 'services.AddOpenIddict().AddCore()'.")
+                        .Append("To register the OpenIddict core services, reference the 'OpenIddict.Core' package ")
+                        .Append("and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.")
                         .ToString());
                 }
 
@@ -117,7 +118,8 @@ namespace OpenIddict.Validation
                 {
                     throw new InvalidOperationException(new StringBuilder()
                         .AppendLine("The core services must be registered when enabling authorization validation.")
-                        .Append("To register the OpenIddict core services, use 'services.AddOpenIddict().AddCore()'.")
+                        .Append("To register the OpenIddict core services, reference the 'OpenIddict.Core' package ")
+                        .Append("and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.")
                         .ToString());
                 }
 

src/OpenIddict.Validation/OpenIddictValidationDefaults.cs

@@ -1,4 +1,10 @@
-using AspNet.Security.OAuth.Validation;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using AspNet.Security.OAuth.Validation;
 using Microsoft.AspNetCore.Authentication;
 
 namespace OpenIddict.Validation

src/OpenIddict.Validation/OpenIddictValidationEvent.cs

@@ -1,4 +1,10 @@
-using System;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
 using JetBrains.Annotations;
 
 namespace OpenIddict.Validation

src/OpenIddict.Validation/OpenIddictValidationEventHandler.cs

@@ -1,4 +1,10 @@
-using System;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using System;
 using System.Threading;
 using System.Threading.Tasks;
 using JetBrains.Annotations;

src/OpenIddict.Validation/OpenIddictValidationEvents.cs

@@ -1,4 +1,10 @@
-using AspNet.Security.OAuth.Validation;
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using AspNet.Security.OAuth.Validation;
 using JetBrains.Annotations;
 
 namespace OpenIddict.Validation

src/OpenIddict.Validation/OpenIddictValidationExtensions.cs

@@ -12,6 +12,7 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using OpenIddict.Validation;
+using OpenIddict.Validation.Internal;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -37,7 +38,7 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.AddLogging();
             builder.Services.AddOptions();
 
-            builder.Services.TryAddScoped<IOpenIddictValidationEventService, OpenIddictValidationEventService>();
+            builder.Services.TryAddScoped<OpenIddictValidationEventService>();
             builder.Services.TryAddScoped<OpenIddictValidationHandler>();
             builder.Services.TryAddScoped<OpenIddictValidationProvider>();
 

src/OpenIddict.Validation/OpenIddictValidationOptions.cs

@@ -5,6 +5,7 @@
  */
 
 using AspNet.Security.OAuth.Validation;
+using OpenIddict.Validation.Internal;
 
 namespace OpenIddict.Validation
 {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerInitializerTests.cs

@@ -19,7 +19,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public class OpenIddictServerInitializerTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs

@@ -20,7 +20,7 @@ using Newtonsoft.Json.Bson;
 using OpenIddict.Abstractions;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs

@@ -11,7 +11,7 @@ using AspNet.Security.OpenIdConnect.Primitives;
 using Newtonsoft.Json.Linq;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs

@@ -18,7 +18,7 @@ using Moq;
 using OpenIddict.Abstractions;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs

@@ -16,7 +16,7 @@ using Moq;
 using OpenIddict.Abstractions;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs

@@ -19,7 +19,7 @@ using Moq;
 using OpenIddict.Abstractions;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs

@@ -18,7 +18,7 @@ using Moq;
 using OpenIddict.Abstractions;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs

@@ -17,7 +17,7 @@ using Moq;
 using OpenIddict.Abstractions;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs

@@ -9,7 +9,7 @@ using AspNet.Security.OpenIdConnect.Client;
 using AspNet.Security.OpenIdConnect.Primitives;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs

@@ -33,7 +33,7 @@ using OpenIddict.Abstractions;
 using OpenIddict.Core;
 using Xunit;
 
-namespace OpenIddict.Server.Tests
+namespace OpenIddict.Server.Internal.Tests
 {
     public partial class OpenIddictServerProviderTests
     {

test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs

@@ -13,6 +13,7 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using OpenIddict.Server.Internal;
 using Xunit;
 
 namespace OpenIddict.Server.Tests
@@ -113,7 +114,7 @@ namespace OpenIddict.Server.Tests
 
             // Assert
             Assert.Contains(services, service => service.Lifetime == ServiceLifetime.Scoped &&
-                                                 service.ServiceType == typeof(IOpenIddictServerEventService) &&
+                                                 service.ServiceType == typeof(OpenIddictServerEventService) &&
                                                  service.ImplementationType == typeof(OpenIddictServerEventService));
         }
 
@@ -165,8 +166,9 @@ namespace OpenIddict.Server.Tests
             var exception = Assert.Throws<InvalidOperationException>(() => provider.GetRequiredService<OpenIddictServerProvider>());
 
             Assert.Equal(new StringBuilder()
-                .AppendLine("The core services must be registered when enabling the server handler.")
-                .Append("To register the OpenIddict core services, use 'services.AddOpenIddict().AddCore()'.")
+                .AppendLine("The core services must be registered when enabling the OpenIddict server handler.")
+                .Append("To register the OpenIddict core services, reference the 'OpenIddict.Core' package ")
+                .Append("and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.")
                 .ToString(), exception.Message);
         }
 

test/OpenIddict.Validation.Tests/Internal/OpenIddictValidationInitializerTests.cs

@@ -16,7 +16,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Xunit;
 
-namespace OpenIddict.Validation.Tests
+namespace OpenIddict.Validation.Internal.Tests
 {
     public class OpenIddictValidationInitializerTests
     {

test/OpenIddict.Validation.Tests/Internal/OpenIddictValidationProviderTests.cs

@@ -33,7 +33,7 @@ using OpenIddict.Abstractions;
 using OpenIddict.Core;
 using Xunit;
 
-namespace OpenIddict.Validation.Tests
+namespace OpenIddict.Validation.Internal.Tests
 {
     public class OpenIddictValidationProviderTests
     {
@@ -59,7 +59,8 @@ namespace OpenIddict.Validation.Tests
 
             Assert.Equal(new StringBuilder()
                 .AppendLine("The core services must be registered when enabling reference tokens support.")
-                .Append("To register the OpenIddict core services, use 'services.AddOpenIddict().AddCore()'.")
+                .Append("To register the OpenIddict core services, reference the 'OpenIddict.Core' package ")
+                .Append("and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.")
                 .ToString(), exception.Message);
         }
 
@@ -333,7 +334,8 @@ namespace OpenIddict.Validation.Tests
 
             Assert.Equal(new StringBuilder()
                 .AppendLine("The core services must be registered when enabling authorization validation.")
-                .Append("To register the OpenIddict core services, use 'services.AddOpenIddict().AddCore()'.")
+                .Append("To register the OpenIddict core services, reference the 'OpenIddict.Core' package ")
+                .Append("and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'.")
                 .ToString(), exception.Message);
         }
 

test/OpenIddict.Validation.Tests/OpenIddictValidationExtensionsTests.cs

@@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using OpenIddict.Validation.Internal;
 using Xunit;
 
 namespace OpenIddict.Validation.Tests
@@ -96,7 +97,7 @@ namespace OpenIddict.Validation.Tests
 
             // Assert
             Assert.Contains(services, service => service.Lifetime == ServiceLifetime.Scoped &&
-                                                 service.ServiceType == typeof(IOpenIddictValidationEventService) &&
+                                                 service.ServiceType == typeof(OpenIddictValidationEventService) &&
                                                  service.ImplementationType == typeof(OpenIddictValidationEventService));
         }