text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 An identity cannot be extracted from this token request. This generally indicates that the OpenIddict server stack was asked to validate a token for an invalid grant type (e.g password). An identity cannot be extracted from this request. This generally indicates that the OpenIddict server stack was asked to validate a token for an endpoint it doesn't manage. To validate tokens received by custom API endpoints, the OpenIddict validation handler (e.g OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme or OpenIddictValidationOwinDefaults.AuthenticationType) must be used instead. The token type is not supported. The deserialized principal doesn't contain the mandatory 'oi_tkn_typ' claim. When implementing custom token deserialization, a 'oi_tkn_typ' claim containing the type of the token being processed must be added to the security principal. The type of token associated with the deserialized principal ({0}) doesn't match one of the expected token types ({1}). A challenge response cannot be returned from this endpoint. The authentication context cannot be found. The device code identifier cannot be extracted from the principal. The token identifier cannot be extracted from the principal. A sign-in response cannot be returned from this endpoint. The specified principal is null or doesn't contain a claims-based identity. Make sure that 'ClaimsPrincipal.Identity' is not null. The specified principal contains an authenticated identity, which is not valid when the sign-in operation is triggered from the device authorization endpoint. Make sure that 'ClaimsPrincipal.Identity.AuthenticationType' is null and that 'ClaimsPrincipal.Identity.IsAuthenticated' returns 'false'. The specified principal contains a subject claim, which is not valid when the sign-in operation is triggered from the device authorization endpoint. The specified principal doesn't contain a valid/authenticated identity. Make sure that 'ClaimsPrincipal.Identity.AuthenticationType' is not null and that 'ClaimsPrincipal.Identity.IsAuthenticated' returns 'true'. The specified principal was rejected because the mandatory subject claim was missing. The core services must be registered when enabling the OpenIddict server feature. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'. Alternatively, you can disable the built-in database-based server features by enabling the degraded mode with 'services.AddOpenIddict().AddServer().EnableDegradedMode()'. The application entry cannot be found in the database. An unknown error occurred while creating an authorization entry. An unknown error occurred while creating a token entry. A token entry cannot be created from a null principal or from a principal containing a null or invalid identity. The token entry cannot be found in the database. A token cannot be created from a null principal. The issuer must be a non-null, non-empty absolute URL. A sign-out response cannot be returned from this endpoint. The token type cannot be resolved. The payload associated with a reference token cannot be retrieved. This may indicate that the token entry was corrupted. The authorization request was not correctly extracted. To extract authorization requests, create a class implementing 'IOpenIddictServerHandler<ExtractAuthorizationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The request cannot be validated because no redirect_uri was specified. The authorization request was not handled. To handle authorization requests in a controller, create a custom action with the same route as the authorization endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableAuthorizationEndpointPassthrough()'. Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleAuthorizationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The authorization response was not correctly applied. To apply authorization responses, create a class implementing 'IOpenIddictServerHandler<ApplyAuthorizationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The device request was not correctly extracted. To extract device requests, create a class implementing 'IOpenIddictServerHandler<ExtractDeviceRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The client application details cannot be found in the database. The device response was not correctly applied. To apply device responses, create a class implementing 'IOpenIddictServerHandler<ApplyDeviceResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The verification request was not correctly extracted. To extract verification requests, create a class implementing 'IOpenIddictServerHandler<ExtractVerificationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The verification request was not handled. To handle verification requests in a controller, create a custom action with the same route as the verification endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableVerificationEndpointPassthrough()'. Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleVerificationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The verification response was not correctly applied. To apply verification responses, create a class implementing 'IOpenIddictServerHandler<ApplyVerificationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The configuration request was not correctly extracted. To extract configuration requests, create a class implementing 'IOpenIddictServerHandler<ExtractConfigurationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The cryptography request was not correctly extracted. To extract configuration requests, create a class implementing 'IOpenIddictServerHandler<ExtractCryptographyRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The cryptography response was not correctly applied. To apply cryptography responses, create a class implementing 'IOpenIddictServerHandler<ApplyCryptographyResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The token request was not correctly extracted. To extract token requests, create a class implementing 'IOpenIddictServerHandler<ExtractTokenRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The token request was not handled. To handle token requests in a controller, create a custom action with the same route as the token endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableTokenEndpointPassthrough()'. Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleTokenRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The token response was not correctly applied. To apply token responses, create a class implementing 'IOpenIddictServerHandler<ApplyTokenResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The presenters list cannot be extracted from the authorization code. The presenters list cannot be extracted from the device code. The specified code challenge method is not supported. The introspection request was not correctly extracted. To extract introspection requests, create a class implementing 'IOpenIddictServerHandler<ExtractIntrospectionRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The introspection response was not correctly applied. To apply introspection responses, create a class implementing 'IOpenIddictServerHandler<ApplyIntrospectionResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The revocation request was not correctly extracted. To extract revocation requests, create a class implementing 'IOpenIddictServerHandler<ExtractRevocationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The revocation response was not correctly applied. To apply revocation responses, create a class implementing 'IOpenIddictServerHandler<ApplyRevocationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The logout request was not correctly extracted. To extract logout requests, create a class implementing 'IOpenIddictServerHandler<ExtractLogoutRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The logout request was not handled. To handle logout requests in a controller, create a custom controller action with the same route as the logout endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableLogoutEndpointPassthrough()'. Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleLogoutRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The logout response was not correctly applied. To apply logout responses, create a class implementing 'IOpenIddictServerHandler<ApplyLogoutResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The userinfo request was not correctly extracted. To extract userinfo requests, create a class implementing 'IOpenIddictServerHandler<ExtractUserinfoRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The userinfo response was not correctly applied. To apply userinfo responses, create a class implementing 'IOpenIddictServerHandler<ApplyUserinfoResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The asymmetric encryption key doesn't contain the required private key. An encryption algorithm cannot be automatically inferred from the encrypting key. Consider using 'options.AddEncryptionCredentials(EncryptingCredentials)' instead. The algorithm cannot be null or empty. The specified algorithm is not supported. RSA key generation failed. The specified certificate is not a key encryption certificate. The specified certificate doesn't contain the required private key. The resource cannot be null or empty. The certificate was not found in the specified assembly. The thumbprint cannot be null or empty. The certificate corresponding to the specified thumbprint was not found. The asymmetric signing key doesn't contain the required private key. A signature algorithm cannot be automatically inferred from the signing key. Consider using 'options.AddSigningCredentials(SigningCredentials)' instead. ECDSA signing keys are not supported on this platform. The specified certificate is not a signing certificate. The grant type cannot be null or empty. Endpoint addresses must be valid URLs. Claims cannot be null or empty. Scopes cannot be null or empty. The security token handler cannot be null. At least one OAuth 2.0/OpenID Connect flow must be enabled. The authorization endpoint must be enabled to use the authorization code and implicit flows. The device endpoint must be enabled to use the device flow. The token endpoint must be enabled to use the authorization code, client credentials, device, password and refresh token flows. The verification endpoint must be enabled to use the device flow. Endpoint addresses cannot start with '{0}'. Dependency injection support must be enabled in Quartz.NET when using the OpenIddict integration. To enable DI support, call 'services.AddQuartz(options => options.UseMicrosoftDependencyInjectionJobFactory())' or 'services.AddQuartz(options => options.UseMicrosoftDependencyInjectionScopedJobFactory())'. Reference tokens cannot be used when disabling token storage. The device grant must be allowed when enabling the device endpoint. At least one encryption key must be registered in the OpenIddict server options. Consider registering a certificate using 'services.AddOpenIddict().AddServer().AddEncryptionCertificate()' or 'services.AddOpenIddict().AddServer().AddDevelopmentEncryptionCertificate()' or call 'services.AddOpenIddict().AddServer().AddEphemeralEncryptionKey()' to use an ephemeral key. At least one asymmetric signing key must be registered in the OpenIddict server options. Consider registering a certificate using 'services.AddOpenIddict().AddServer().AddSigningCertificate()' or 'services.AddOpenIddict().AddServer().AddDevelopmentSigningCertificate()' or call 'services.AddOpenIddict().AddServer().AddEphemeralSigningKey()' to use an ephemeral key. When using X.509 encryption credentials, at least one of the registered certificates must be valid. To use key rollover, register both the new certificate and the old one in the credentials collection. When using X.509 signing credentials, at least one of the registered certificates must be valid. To use key rollover, register both the new certificate and the old one in the credentials collection. No custom authorization request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateAuthorizationRequestContext>' must be implemented to validate authorization requests (e.g to ensure the client_id and redirect_uri are valid). No custom device request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateDeviceRequestContext>' must be implemented to validate device requests (e.g to ensure the client_id and client_secret are valid). No custom introspection request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateIntrospectionRequestContext>' must be implemented to validate introspection requests (e.g to ensure the client_id and client_secret are valid). No custom logout request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateLogoutRequestContext>' must be implemented to validate logout requests (e.g to ensure the post_logout_redirect_uri is valid). No custom revocation request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateRevocationRequestContext>' must be implemented to validate revocation requests (e.g to ensure the client_id and client_secret are valid). No custom token request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateTokenRequestContext>' must be implemented to validate token requests (e.g to ensure the client_id and client_secret are valid). No custom verification request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateVerificationRequestContext>' must be implemented to validate verification requests (e.g to ensure the user_code is valid). No custom token validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateTokenContext>' must be implemented to handle device and user codes (e.g by retrieving them from a database). No custom token generation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<GenerateTokenContext>' must be implemented to handle device and user codes (e.g by storing them in a database). The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddServer().AddEventHandler()'. The event handler filter of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. The redirect_uri cannot be null or empty. The authorization request cannot be validated because a different redirect_uri was specified by the client application. The post_logout_redirect_uri cannot be null or empty. The end session request cannot be validated because a different post_logout_redirect_uri was specified by the client application. The specified service type is not valid. No service descriptor was set. The property name cannot be null or empty. The realm cannot be null or empty. The OpenIddict ASP.NET Core server handler cannot be registered as an authentication scheme. This may indicate that an instance of another handler was registered with the same scheme. The OpenIddict ASP.NET Core server handler cannot be used as the default scheme handler. Make sure that neither DefaultAuthenticateScheme, DefaultChallengeScheme, DefaultForbidScheme, DefaultSignInScheme, DefaultSignOutScheme nor DefaultScheme point to an instance of the OpenIddict ASP.NET Core server handler. The error pass-through mode cannot be used when the status code pages integration is enabled. The OpenID Connect response was not correctly processed. This may indicate that the event handler responsible for processing OpenID Connect responses was not registered or was explicitly removed from the handlers list. An error occurred while retrieving the OpenIddict server context. On ASP.NET Core, this may indicate that the authentication middleware was not registered early enough in the request pipeline. Make sure that 'app.UseAuthentication()' is registered before 'app.UseAuthorization()' and 'app.UseEndpoints()' (or 'app.UseMvc()') and try again. An error occurred while authenticating the current request. The ASP.NET Core HTTP request cannot be resolved. Only strings, booleans, integers, arrays of strings and instances of type 'OpenIddictParameter' or 'JsonElement' can be returned as custom parameters. A distributed cache instance must be registered when enabling request caching. To register the default in-memory distributed cache implementation, reference the 'Microsoft.Extensions.Caching.Memory' package and call 'services.AddDistributedMemoryCache()' from 'ConfigureServices'. The authorization request payload is malformed. The logout request payload is malformed. The OpenIddict OWIN server handler cannot be used as an active authentication handler. Make sure that 'OpenIddictServerOwinOptions.AuthenticationMode' is not set to 'Active'. The OWIN request cannot be resolved. No service provider was found in the OWIN context. For the OpenIddict server services to work correctly, a per-request 'IServiceProvider' must be attached to the OWIN environment with the dictionary key 'System.IServiceProvider'. Note: when using a dependency injection container supporting middleware resolution (like Autofac), the 'app.UseOpenIddictServer()' extension MUST NOT be called. The OpenIddict server services cannot be resolved from the DI container. To register the server services, use 'services.AddOpenIddict().AddServer()'. Audiences cannot be null or empty. The client identifier cannot be null or empty. The client secret cannot be null or empty. The issuer cannot be null or empty. The issuer must be a valid absolute URL. An OAuth 2.0/OpenID Connect server configuration or an issuer address must be registered. To use a local OpenIddict server, reference the 'OpenIddict.Validation.ServerIntegration' package and call 'services.AddOpenIddict().AddValidation().UseLocalServer()' to import the server settings. To use a remote server, reference the 'OpenIddict.Validation.SystemNetHttp' package and call 'services.AddOpenIddict().AddValidation().UseSystemNetHttp()' and 'services.AddOpenIddict().AddValidation().SetIssuer()' to use server discovery. Alternatively, you can register a static server configuration by calling 'services.AddOpenIddict().AddValidation().SetConfiguration()'. An introspection client must be registered when using introspection. Reference the 'OpenIddict.Validation.SystemNetHttp' package and call 'services.AddOpenIddict().AddValidation().UseSystemNetHttp()' to register the default System.Net.Http-based integration. The issuer or the metadata address must be set when using introspection. The client identifier cannot be null or empty when using introspection. The client secret cannot be null or empty when using introspection. Authorization entry validation cannot be enabled when using introspection. Token entry validation cannot be enabled when using introspection. A discovery client must be registered when using server discovery. Reference the 'OpenIddict.Validation.SystemNetHttp' package and call 'services.AddOpenIddict().AddValidation().UseSystemNetHttp()' to register the default System.Net.Http-based integration. The authority must be provided and must be an absolute URL. The authority cannot contain a fragment or a query string. The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddValidation().AddEventHandler()'. The core services must be registered when enabling token entry validation. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'. An unknown error occurred while retrieving the server configuration. An unknown error occurred while introspecting the access token. The core services must be registered when enabling authorization entry validation. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'. The address cannot be null or empty. The address must be a valid absolute URI. The server configuration couldn't be retrieved. The JWKS URI couldn't be resolved from the provider metadata. The server JSON Web Key set couldn't be retrieved. An error occurred while preparing the configuration request. Error: {0} Error description: {1} Error URI: {2} An error occurred while sending the configuration request. Error: {0} Error description: {1} Error URI: {2} An error occurred while extracting the configuration response. Error: {0} Error description: {1} Error URI: {2} An error occurred while handling the configuration response. Error: {0} Error description: {1} Error URI: {2} An error occurred while preparing the cryptography request. Error: {0} Error description: {1} Error URI: {2} An error occurred while sending the cryptography request. Error: {0} Error description: {1} Error URI: {2} An error occurred while extracting the cryptography response. Error: {0} Error description: {1} Error URI: {2} An error occurred while handling the cryptography response. Error: {0} Error description: {1} Error URI: {2} The token cannot be null or empty. An unknown error occurred while introspecting the token. An error occurred while preparing the introspection request. Error: {0} Error description: {1} Error URI: {2} An error occurred while sending the introspection request. Error: {0} Error description: {1} Error URI: {2} An error occurred while extracting the introspection response. Error: {0} Error description: {1} Error URI: {2} An error occurred while handling the introspection response. Error: {0} Error description: {1} Error URI: {2} The access token cannot be null or empty. An error occurred while validating the access token. Error: {0} Error description: {1} Error URI: {2} The OpenIddict ASP.NET Core validation handler cannot be registered as an authentication scheme. This may indicate that an instance of another handler was registered with the same scheme. The OpenIddict ASP.NET Core validation handler cannot be used as the default sign-in/sign-out handler. Make sure that neither DefaultSignInScheme nor DefaultSignOutScheme point to an instance of the OpenIddict ASP.NET Core validation handler. An error occurred while retrieving the OpenIddict validation context. On ASP.NET Core, this may indicate that the authentication middleware was not registered early enough in the request pipeline. Make sure that 'app.UseAuthentication()' is registered before 'app.UseAuthorization()' and 'app.UseEndpoints()' (or 'app.UseMvc()') and try again. Generic token validation is not supported by the validation handler. No service provider was found in the OWIN context. For the OpenIddict validation services to work correctly, a per-request 'IServiceProvider' must be attached to the OWIN environment with the dictionary key 'System.IServiceProvider'. Note: when using a dependency injection container supporting middleware resolution (like Autofac), the 'app.UseOpenIddictValidation()' extension MUST NOT be called. The OpenIddict validation services cannot be resolved from the DI container. To register the validation services, use 'services.AddOpenIddict().AddValidation()'. The local server integration can only be used with direct validation. Authorization entry validation cannot be enabled when authorization storage is disabled in the OpenIddict server options. Token entry validation cannot be enabled when token storage is disabled in the OpenIddict server options. The System.Net.Http request cannot be resolved. An unknown error occurred while creating a System.Net.Http client. An unknown error occurred while sending a System.Net.Http request. The specified type is not supported. The value cannot be null or empty. The prompt cannot be null or empty. The response type cannot be null or empty. The scope cannot be null or empty. The destination cannot be null or empty. Destinations cannot be null or empty. Conflicting destinations for the claim '{0}' were specified. The claim type cannot be null or empty. The claim value cannot be null or empty. The audience cannot be null or empty. The presenter cannot be null or empty. The token type cannot be null or empty. The specified JSON element is not an object. The parameter name cannot be null or empty. A parameter with the same name already exists. The item name cannot be null or empty. The item index cannot be negative. The type of the parameter value is not supported. The identifier cannot be null or empty. The application identifier cannot be extracted. An error occurred while creating an expiration signal. The subject cannot be null or empty. The status cannot be null or empty. The type cannot be null or empty. The authorization identifier cannot be extracted. The scope name cannot be null or empty. Scope names cannot be null or empty. The scope identifier cannot be extracted. The token identifier cannot be extracted. The client secret hash cannot be set on the application entity. One or more validation error(s) occurred while trying to create a new application: An error occurred while trying to create a new application. The client type cannot be null or empty. The consent type cannot be null or empty. The permission name cannot be null or empty. The requirement name cannot be null or empty. Callback URLs cannot be null or empty. Callback URLs must be valid absolute URLs. One or more validation error(s) occurred while trying to update an existing application: The secret cannot be null or empty. The specified hash algorithm is not valid. The comparand cannot be null or empty. One or more validation error(s) occurred while trying to create a new authorization: An error occurred while trying to create a new authorization. One or more validation error(s) occurred while trying to update an existing authorization: One or more validation error(s) occurred while trying to create a new scope: An error occurred while trying to create a new scope. One or more validation error(s) occurred while trying to update an existing scope: One or more validation error(s) occurred while trying to create a new token: An error occurred while trying to create a new token One or more validation error(s) occurred while trying to update an existing token: No application store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. To register a custom store, create an implementation of 'IOpenIddictApplicationStore' and use 'services.AddOpenIddict().AddCore().AddApplicationStore()' to add it to the DI container. No authorization store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. To register a custom store, create an implementation of 'IOpenIddictAuthorizationStore' and use 'services.AddOpenIddict().AddCore().AddAuthorizationStore()' to add it to the DI container. No scope store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. To register a custom store, create an implementation of 'IOpenIddictScopeStore' and use 'services.AddOpenIddict().AddCore().AddScopeStore()' to add it to the DI container. No token store has been registered in the dependency injection container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. To register a custom store, create an implementation of 'IOpenIddictTokenStore' and use 'services.AddOpenIddict().AddCore().AddTokenStore()' to add it to the DI container. The specified type is invalid. The cache size cannot be less than 10. The specified application type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkApplication' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkApplication' entity. No Entity Framework 6.x context was specified in the OpenIddict options. To configure the OpenIddict Entity Framework 6.x stores to use a specific 'DbContext', use 'options.UseEntityFramework().UseDbContext<TContext>()'. The specified authorization type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkAuthorization' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkAuthorization' entity. The specified scope type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkScope' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkScope' entity. The specified token type is not compatible with the Entity Framework 6.x stores. When enabling the Entity Framework 6.x stores, make sure you use the built-in 'OpenIddictEntityFrameworkToken' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkToken' entity. The application was concurrently updated and cannot be persisted in its current state. Reload the application from the database and retry the operation. An error occurred while trying to create a new application instance. Make sure that the application entity is not abstract and has a public parameterless constructor or create a custom application store that overrides 'InstantiateAsync()' to use a custom factory. The authorization was concurrently updated and cannot be persisted in its current state. Reload the authorization from the database and retry the operation. An error occurred while trying to create a new authorization instance. Make sure that the authorization entity is not abstract and has a public parameterless constructor or create a custom authorization store that overrides 'InstantiateAsync()' to use a custom factory. An error occurred while pruning authorizations. The application associated with the authorization cannot be found. The scope was concurrently updated and cannot be persisted in its current state. Reload the scope from the database and retry the operation. An error occurred while trying to create a new scope instance. Make sure that the scope entity is not abstract and has a public parameterless constructor or create a custom scope store that overrides 'InstantiateAsync()' to use a custom factory. The token was concurrently updated and cannot be persisted in its current state. Reload the token from the database and retry the operation. An error occurred while trying to create a new token instance. Make sure that the token entity is not abstract and has a public parameterless constructor or create a custom token store that overrides 'InstantiateAsync()' to use a custom factory. An error occurred while pruning tokens. The application associated with the token cannot be found. The authorization associated with the token cannot be found. The specified application type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreApplication' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkCoreApplication' entity. No Entity Framework Core context was specified in the OpenIddict options. To configure the OpenIddict Entity Framework Core stores to use a specific 'DbContext', use 'options.UseEntityFrameworkCore().UseDbContext<TContext>()'. The specified authorization type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreAuthorization' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkCoreAuthorization' entity. The specified scope type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreScope' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkCoreScope' entity. The specified token type is not compatible with the Entity Framework Core stores. When enabling the Entity Framework Core stores, make sure you use the built-in 'OpenIddictEntityFrameworkCoreToken' entity or a custom entity that inherits from the generic 'OpenIddictEntityFrameworkCoreToken' entity. The specified application type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbApplication' entity or a custom entity that inherits from the 'OpenIddictMongoDbApplication' entity. The specified authorization type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbAuthorization' entity or a custom entity that inherits from the 'OpenIddictMongoDbAuthorization' entity. The specified scope type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbScope' entity or a custom entity that inherits from the 'OpenIddictMongoDbScope' entity. The specified token type is not compatible with the MongoDB stores. When enabling the MongoDB stores, make sure you use the built-in 'OpenIddictMongoDbToken' entity or a custom entity that inherits from the 'OpenIddictMongoDbToken' entity. The collection name cannot be null or empty. No suitable MongoDB database service can be found. To configure the OpenIddict MongoDB stores to use a specific database, use 'services.AddOpenIddict().AddCore().UseMongoDb().UseDatabase()' or register an 'IMongoDatabase' in the dependency injection container in 'ConfigureServices()'. The second parameter must be a generic type definition. X.509 certificate generation is not supported on this platform. The token details cannot be found in the database. No suitable signing credentials could be found. The signing credentials algorithm is not valid. The code challenge method cannot be retrieved from the authorization code. The token usage of the JWT token is not supported. The type of the JWT token cannot be resolved or inferred. The type of the JWT token doesn't match the expected type. The configuration response was not correctly applied. To apply configuration responses, create a class implementing 'IOpenIddictServerHandler<ApplyConfigurationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. No default application entity type was configured in the OpenIddict core options, which generally indicates that no application store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. No default authorization entity type was configured in the OpenIddict core options, which generally indicates that no authorization store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. No default scope entity type was configured in the OpenIddict core options, which generally indicates that no scope store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. No default token entity type was configured in the OpenIddict core options, which generally indicates that no token store was registered in the DI container. To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'. The Entity Framework 6.x stores cannot be used with generic types. Consider creating non-generic classes derived from the default entities for the application, authorization, scope and token entities. The core services must be registered when enabling the OpenIddict Quartz.NET integration. To register the OpenIddict core services, reference the 'OpenIddict.Core' package and call 'services.AddOpenIddict().AddCore()' from 'ConfigureServices'. The maximum refire count cannot be negative. The duration cannot be less than 10 minutes. The authorization code grant must be enabled when adding a response type containing '{0}'. The implicit grant must be enabled when adding a response type containing '{0}'. Provided symmetric key was incorrect size. Expected {0} bits, received {1}. The context type associated with the specified descriptor doesn't match the context type of this builder. Endpoint addresses must be unique across endpoints. The specified principal doesn't contain a valid claims-based identity. The payload of this authentication ticket was serialized using an unsupported formatter version. The OpenIddict ASP.NET Core client handler cannot be registered as an authentication scheme. This may indicate that an instance of another handler was registered with the same scheme. The OpenIddict ASP.NET Core client handler cannot be used as the default authentication/sign-in/sign-out handler. Make sure that neither DefaultAuthenticateScheme, DefaultSignInScheme, DefaultSignOutScheme nor DefaultScheme point to an instance of the OpenIddict ASP.NET Core client handler. An identity cannot be extracted from this request. This generally indicates that the OpenIddict client stack was asked to validate a token for an invalid endpoint. To validate tokens received by custom API endpoints, the OpenIddict validation handler (e.g OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme or OpenIddictValidationOwinDefaults.AuthenticationType) must be used instead. The authorization server information cannot be extracted from the state principal. The client registration corresponding to the specified issuer cannot be found in the client options. The signing algorithm cannot be resolved from the specified frontchannel identity token. The negotiated grant type cannot be extracted from the state principal. The signing algorithm cannot be resolved from the specified backchannel identity token. The specified grant type is not supported. A common grant type supported by both the client and the server couldn't be negotiated automatically. If the error persists, consider specifying a list of allowed grant types in the client registration and ensure the supported grant types listed in the authorization server configuration are appropriate. A common response type combination supported by both the client and the server couldn't be negotiated automatically. If the error persists, consider specifying a list of allowed response type combinations in the client registration and ensure the supported response type combinations listed in the authorization server configuration are appropriate. A common response mode supported by both the client and the server couldn't be negotiated automatically. If the error persists, consider specifying a list of allowed response modes in the client registration and ensure the supported response modes listed in the authorization server configuration are appropriate. A redirection URI must be specified in the client registration options when using OpenID Connect. The '{0}' cannot be resolved from the authorization server configuration or doesn't represent a valid absolute URI, which may indicate this endpoint is not supported or is not enabled in the server configuration. The redirection request was not correctly extracted. To extract authorization requests, create a class implementing 'IOpenIddictClientHandler<ExtractRedirectionRequestContext>' and register it using 'services.AddOpenIddict().AddClient().AddEventHandler()'. The redirection response was not correctly applied. To apply redirection responses, create a class implementing 'IOpenIddictClientHandler<ApplyRedirectionResponseContext>' and register it using 'services.AddOpenIddict().AddClient().AddEventHandler()'. No client registration was found in the client options. To add a registration, use 'services.AddOpenIddict().AddClient().AddRegistration()'. No issuer was specified in the challenge properties. When multiple clients are registered, an issuer must be specified in the challenge properties. The specified issuer is not a valid or absolute URL. The issuer extracted from the server configuration metadata doesn't match the expected value. The specified list of valid token types is not valid. A grant type must be specified when triggering authentication demands from endpoints that are not managed by the OpenIddict client stack. The specified grant type ({0}) is not currently supported for authentication demands. A refresh token must be specified when using the refresh token grant. The event handler of type '{0}' couldn't be resolved. This may indicate that it was not properly registered in the dependency injection container. To register an event handler, use 'services.AddOpenIddict().AddClient().AddEventHandler()'. A discovery client must be registered when using server discovery. Reference the 'OpenIddict.Client.SystemNetHttp' package and call 'services.AddOpenIddict().AddClient().UseSystemNetHttp()' to register the default System.Net.Http-based integration. The security token is missing. The specified authorization code is invalid. The specified device code is invalid. The specified refresh token is invalid. The specified token is invalid. The specified token is not an authorization code. The specified token is not an device code. The specified token is not a refresh token. The specified token is not an access token. The specified identity token is invalid. The specified authorization code has already been redeemed. The specified device code has already been redeemed. The specified refresh token has already been redeemed. The specified token has already been redeemed. The authorization has not been granted yet by the end user. The authorization was denied by the end user. The specified authorization code is no longer valid. The specified device code is no longer valid. The specified refresh token is no longer valid. The specified token is no longer valid. The authorization associated with the authorization code is no longer valid. The authorization associated with the device code is no longer valid. The authorization associated with the refresh token is no longer valid. The authorization associated with the token is no longer valid. The token request was rejected by the authentication server. The user information access demand was rejected by the authentication server. The specified user code is no longer valid. The client application is not allowed to use the device code flow. The '{0}' parameter is not supported. The mandatory '{0}' parameter is missing. The '{0}' parameter must be a valid absolute URL. The '{0}' parameter must not include a fragment. The specified '{0}' is not supported. The specified '{0}'/'{1}' combination is invalid. The mandatory '{0}' scope is missing. The '{0}' scope is not allowed. The client identifier cannot be null or empty. The '{0}' parameter cannot be used without '{1}'. The status cannot be null or empty. Scopes cannot be null or empty. The '{0}' and '{1}' parameters can only be used with a response type containing '{2}'. The specified '{0}' is not allowed when using PKCE. Scopes cannot contain spaces. The specified '{0}' is not valid for this client application. The scope name cannot be null or empty. The scope name cannot contain spaces. This client application is not allowed to use the authorization endpoint. The client application is not allowed to use the authorization code flow. The client application is not allowed to use the implicit flow. The client application is not allowed to use the hybrid flow. The client type cannot be null or empty. This client application is not allowed to use the specified scope. The specified '{0}' is invalid. The '{0}' parameter is not valid for this client application. The '{0}' parameter required for this client application is missing. The specified client credentials are invalid. This client application is not allowed to use the device endpoint. The '{0}' and '{1}' parameters are required when using the client credentials grant. The '{0}' parameter is required when using the device code grant. The mandatory '{0}' and/or '{1}' parameters are missing. A scope with the same name already exists. Callback URLs cannot be null or empty. Callback URLs must be valid absolute URLs. This client application is not allowed to use the token endpoint. This client application is not allowed to use the specified grant type. The client application is not allowed to use the '{0}' scope. The specified authorization code cannot be used without sending a client identifier. The specified device code cannot be used without sending a client identifier. The specified refresh token cannot be used without sending a client identifier. The specified authorization code cannot be used by this client application. The specified device code cannot be used by this client application. The specified refresh token cannot be used by this client application. The specified '{0}' parameter doesn't match the client redirection address the authorization code was initially sent to. The '{0}' parameter cannot be used when no '{1}' was specified in the authorization request. The '{0}' parameter is not valid in this context. This client application is not allowed to use the introspection endpoint. The specified token cannot be introspected. The client application is not allowed to introspect the specified token. This client application is not allowed to use the revocation endpoint. This token cannot be revoked. The client application is not allowed to revoke the specified token. The mandatory '{0}' header is missing. The specified '{0}' header is invalid. This server only accepts HTTPS requests. The specified HTTP method is not valid. A token with the same reference identifier already exists. The token type cannot be null or empty. Multiple client credentials cannot be specified. The issuer associated to the specified token is not valid. The specified token is not of the expected type. The signing key associated to the specified token was not found. The signature associated to the specified token is not valid. This resource server is currently unavailable. The specified token doesn't contain any audience. The specified token cannot be used with this resource server. The user represented by the token is not allowed to perform the requested action. No issuer could be found in the server configuration. A server configuration containing an invalid issuer was returned. The issuer returned in the server configuration doesn't match the value set in the validation options. No JWKS endpoint could be found in the server configuration. A server configuration containing an invalid '{0}' URL was returned. The JWKS document didn't contain a valid '{0}' node with at least one key. A JWKS response containing an unsupported key was returned. A JWKS response containing an invalid key was returned. The mandatory '{0}' parameter couldn't be found in the introspection response. The token was rejected by the remote authentication server. The '{0}' claim is malformed or isn't of the expected type. An introspection response containing a malformed issuer was returned. The issuer returned in the introspection response is not valid. The type of the introspected token doesn't match the expected type. An application with the same client identifier already exists. Only confidential or public applications are supported by the default application manager. The client secret cannot be null or empty for a confidential application. A client secret cannot be associated with a public application. Callback URLs cannot contain a fragment. The authorization type cannot be null or empty. The specified authorization type is not supported by the default token manager. The token usage returned by the authorization server is not supported. The specified '{0}' parameter doesn't match the authorization server the authorization request was initially sent to. The '{0}' parameter cannot be used when '{1}' is not supported by the authorization server. The '{0}' claim extracted from the specified frontchannel identity token is malformed or isn't of the expected type. The mandatory '{0}' claim cannot be found in the specified frontchannel identity token. The specified frontchannel identity token cannot be used with this client application. The '{0}' claim returned in the specified frontchannel identity token doesn't match the expected value. The '{0}' claim extracted from the specified backchannel identity token is malformed or isn't of the expected type. The mandatory '{0}' claim cannot be found in the specified backchannel identity token. The specified backchannel identity token cannot be used with this client application. The '{0}' claim returned in the specified backchannel identity token doesn't match the expected value. No correlation cookie associated with the specified state can be found. Please try logging in again. If the error persists, please contact the website owner. The specified state token is not valid in this context. The '{0}' claim extracted from the specified userinfo response/token is malformed or isn't of the expected type. The mandatory '{0}' claim cannot be found in the specified userinfo response/token. The '{0}' claim returned in the specified userinfo response/token doesn't match the expected value. Callback URLs cannot contain an "{0}" parameter. The '{0}' parameter must not include a '{1}' component. The '{0}' parameter shouldn't be null or empty at this point. The separators collection shouldn't be null or empty. The value string shouldn't be null or empty. RSA.ExportParameters() shouldn't return invalid values. ECDsa.ExportParameters() shouldn't return invalid values. ECDsa.ExportParameters() shouldn't return an unnamed curve. The principal and its attached identity shouldn't be null at this point. The response shouldn't be null at this point. The request shouldn't be null at this point. The token type shouldn't be null or empty. The token shouldn't be null or empty at this point. EC-based keys shouldn't have a null OID. EC-based keys should have a non-null OID raw value or friendly name. The issuer should be a valid absolute URL at this point. An error occurred while validating the token '{Token}'. The token '{Token}' was successfully validated and the following claims could be extracted: {Claims}. The token '{Identifier}' has already been redeemed. The token '{Identifier}' is not active yet. The token '{Identifier}' was marked as rejected. The token '{Identifier}' was no longer valid. The authorization '{Identifier}' was no longer valid. An ad hoc authorization was automatically created and associated with an unknown application: {Identifier}. An ad hoc authorization was automatically created and associated with the '{ClientId}' application: {Identifier}. '{Claim}' was excluded from the access token claims. The access token scopes will be limited to the scopes requested by the client application: {Scopes}. '{Claim}' was excluded from the identity token claims. The token entry for '{Type}' token '{Identifier}' was successfully created. A new '{Type}' token was successfully created: {Payload}. The principal used to create the token contained the following claims: {Claims}. The token entry for '{Type}' token '{Identifier}' was successfully converted to a reference token with the identifier '{ReferenceId}'. The reference token entry for device code '{Identifier}' was successfully updated'. The authorization request was successfully extracted: {Request}. The authorization request was successfully validated. The authorization request was rejected because it contained an unsupported parameter: {Parameter}. The authorization request was rejected because the mandatory '{Parameter}' parameter was missing. The authorization request was rejected because the '{Parameter}' parameter wasn't a valid absolute URL: {RedirectUri}. The authorization request was rejected because the '{Parameter}' contained a URL fragment: {RedirectUri}. The authorization request was rejected because the '{ResponseType}' response type is not supported. The authorization request was rejected because the 'response_type'/'response_mode' combination was invalid: {ResponseType} ; {ResponseMode}. The authorization request was rejected because the '{ResponseMode}' response mode is not supported. The authorization request was rejected because the '{Scope}' scope was missing. The authorization request was rejected because an invalid prompt parameter was specified. The authorization request was rejected because the specified code challenge method was not supported. The authorization request was rejected because the response type was not compatible with 'code_challenge'/'code_challenge_method'. The authorization request was rejected because the specified response type was not compatible with PKCE. The authorization request was rejected because the client application was not found: '{ClientId}'. The authorization request was rejected because the confidential application '{ClientId}' was not allowed to retrieve an access token from the authorization endpoint. The authorization request was rejected because the redirect_uri was invalid: '{RedirectUri}'. The authentication request was rejected because invalid scopes were specified: {Scopes}. The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization endpoint. The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization code flow. The authorization request was rejected because the application '{ClientId}' was not allowed to use the implicit flow. The authorization request was rejected because the application '{ClientId}' was not allowed to use the hybrid flow. The authorization request was rejected because the application '{ClientId}' was not allowed to use the '{Scope}' scope. The request address matched a server endpoint: {Endpoint}. The device request was successfully extracted: {Request}. The device request was successfully validated. The device request was rejected because the mandatory '{Parameter}' parameter was missing. The device request was rejected because invalid scopes were specified: {Scopes}. The device request was rejected because the client application was not found: '{ClientId}'. The device request was rejected because the public application '{ClientId}' was not allowed to send a client secret. The device request was rejected because the confidential application '{ClientId}' didn't specify a client secret. The device request was rejected because the confidential application '{ClientId}' didn't specify valid client credentials. The device request was rejected because the application '{ClientId}' was not allowed to use the device endpoint. The device request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}. The verification request was successfully extracted: {Request}. The verification request was successfully validated. The configuration request was successfully extracted: {Request}. The configuration request was successfully validated. The cryptography request was successfully extracted: {Request}. The cryptography request was successfully validated. A JSON Web Key was excluded from the key set because it didn't contain the mandatory '{Parameter}' parameter. An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA and ECDSA asymmetric security keys can be exposed via the JWKS endpoint. An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA asymmetric security keys can be exposed via the JWKS endpoint. A signing key of type '{Type}' was ignored because its RSA public parameters couldn't be extracted. A signing key of type '{Type}' was ignored because its EC public parameters couldn't be extracted. The token request was successfully extracted: {Request}. The token request was successfully validated. The token request was rejected because the mandatory '{Parameter}' parameter was missing. The token request was rejected because the '{GrantType}' grant type is not supported. The token request was rejected because the resource owner credentials were missing. The token request was rejected because invalid scopes were specified: {Scopes}. The token request was rejected because the client application was not found: '{ClientId}'. The token request was rejected because the public client application '{ClientId}' was not allowed to use the client credentials grant. The token request was rejected because the public application '{ClientId}' was not allowed to send a client secret. The token request was rejected because the confidential application '{ClientId}' didn't specify a client secret. The token request was rejected because the confidential application '{ClientId}' didn't specify valid client credentials. The token request was rejected because the application '{ClientId}' was not allowed to use the token endpoint. The token request was rejected because the application '{ClientId}' was not allowed to use the specified grant type: {GrantType}. The token request was rejected because the application '{ClientId}' was not allowed to request the '{Scope}' scope. The token request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}. The token request was rejected because the client identifier of the application was not available and could not be compared to the presenters list stored in the authorization code, the device code or the refresh token. The token request was rejected because the authorization code, the device code or the refresh token was issued to a different client application. The token request was rejected because the '{Parameter}' parameter didn't correspond to the expected value. The token request was rejected because a '{0}' parameter was presented with an authorization code to which no code challenge was attached when processing the initial authorization request. The token request was rejected because the '{Parameter}' parameter was not allowed. The token request was rejected because the '{Parameter}' parameter was not valid. The introspection request was successfully extracted: {Request}. The introspection request was successfully validated. The introspection request was rejected because the mandatory '{Parameter}' parameter was missing. The introspection request was rejected because the client application was not found: '{ClientId}'. The introspection request was rejected because the public application '{ClientId}' was not allowed to send a client secret. The introspection request was rejected because the confidential application '{ClientId}' didn't specify a client secret. The introspection request was rejected because the confidential application '{ClientId}' didn't specify valid client credentials. The introspection request was rejected because the application '{ClientId}' was not allowed to use the introspection endpoint. The introspection request was rejected because the received token was of an unsupported type. Potentially sensitive application claims were excluded from the introspection response as the client '{ClientId}' was not explicitly listed as an audience. The introspection request was rejected because the access token was issued to a different client or for another resource server. Potentially sensitive application claims were excluded from the introspection response as the client '{ClientId}' is a public application. The introspection request was rejected because the refresh token was issued to a different client. The revocation request was successfully extracted: {Request}. The revocation request was successfully validated. The revocation request was rejected because the mandatory '{Parameter}' parameter was missing. The revocation request was rejected because the client application was not found: '{ClientId}'. The revocation request was rejected because the public application '{ClientId}' was not allowed to send a client secret. The revocation request was rejected because the confidential application '{ClientId}' didn't specify a client secret. The revocation request was rejected because the confidential application '{ClientId}' didn't specify valid client credentials. The revocation request was rejected because the application '{ClientId}' was not allowed to use the revocation endpoint. The revocation request was rejected because the received token was of an unsupported type. The device request was rejected because the application '{ClientId}' was not allowed to use the device code flow. The revocation request was rejected because the access token was issued to a different client or for another resource server. The device request was rejected because the application '{ClientId}' was not allowed to request the '{Scope}' scope. The revocation request was rejected because the refresh token was issued to a different client. The revocation request was rejected because the token had no internal identifier. The token '{Identifier}' was not revoked because it couldn't be found. The logout request was successfully extracted: {Request}. The logout request was successfully validated. The logout request was rejected because the '{Parameter}' parameter wasn't a valid absolute URL: {PostLogoutRedirectUri}. The logout request was rejected because the '{Parameter}' contained a URL fragment: {PostLogoutRedirectUri}. The logout request was rejected because the specified post_logout_redirect_uri was invalid: {PostLogoutRedirectUri}. The userinfo request was successfully extracted: {Request}. The userinfo request was successfully validated. The userinfo request was rejected because the mandatory '{Parameter}' parameter was missing. An exception was thrown by {HandlerName} while handling the {EventName} event. The event {EventName} was successfully processed by {HandlerName}. The event {EventName} was marked as handled by {HandlerName}. The event {EventName} was marked as skipped by {HandlerName}. The event {EventName} was marked as rejected by {HandlerName}. The request was rejected because an invalid HTTP method was specified: {Method}. The request was rejected because the mandatory '{Header}' header was missing. The request was rejected because an invalid '{Header}' header was specified: {Value}. The request was rejected because multiple client credentials were specified. The response was successfully returned as a challenge response: {Response}. The response was successfully returned as a JSON document: {Response}. The response was successfully returned as a plain-text document: {Response}. The response was successfully returned as a 302 response. The response was successfully returned as an empty 200 response. The authorization request was rejected because an unknown or invalid '{Parameter}' was specified. The authorization response was successfully returned to '{RedirectUri}' using the form post response mode: {Response}. The authorization response was successfully returned to '{RedirectUri}' using the query response mode: {Response}. The authorization response was successfully returned to '{RedirectUri}' using the fragment response mode: {Response}. The logout request was rejected because an unknown or invalid '{Parameter}' was specified. The logout response was successfully returned to '{PostLogoutRedirectUri}': {Response}. The ASP.NET Core Data Protection token '{Token}' was successfully validated and the following claims could be extracted: {Claims}. An exception occured while deserializing the token '{Token}'. The token '{Token}' was successfully introspected and the following claims could be extracted: {Claims}. An error occurred while introspecting the token. The authentication demand was rejected because the token was expired. The authentication demand was rejected because the token had no audience attached. The authentication demand was rejected because the token had no valid audience. Client authentication cannot be enforced for public applications. Client authentication failed for {ClientId} because no client secret was associated with the application. Client authentication failed for {ClientId}. Client validation failed because '{RedirectUri}' was not a valid redirect_uri for {Client}. An error occurred while trying to verify a client secret. This may indicate that the hashed entry is corrupted or malformed. The authorization '{Identifier}' was successfully revoked. A concurrency exception occurred while trying to revoke the authorization '{Identifier}'. An exception occurred while trying to revoke the authorization '{Identifier}'. A signing key of type '{Type}' was ignored because its EC curve couldn't be inferred. The token '{Identifier}' was successfully marked as redeemed. A concurrency exception occurred while trying to redeem the token '{Identifier}'. An exception occurred while trying to redeem the token '{Identifier}'. The token '{Identifier}' was successfully marked as rejected. A concurrency exception occurred while trying to reject the token '{Identifier}'. An exception occurred while trying to reject the token '{Identifier}'. The token '{Identifier}' was successfully revoked. A concurrency exception occurred while trying to revoke the token '{Identifier}'. An exception occurred while trying to revoke the token '{Identifier}'. The authorization request was rejected because the application '{ClientId}' was not allowed to use the '{ResponseType}' response type. The redirection request was successfully extracted: {Request}. The redirection request was successfully validated. The redirection request was successfully validated. The authorization request was rejected because the '{Parameter}' contained a forbidden parameter: {Name}. https://documentation.openiddict.com/errors/{0} Removes orphaned tokens and authorizations from the database. Starts the scheduled task at regular intervals.