tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Versatile OpenID Connect stack for ASP.NET Core and Microsoft.Owin (compatible with ASP.NET 4.6.1)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
538 Commits
1 Branch
82 Tags
32 MiB
 
 
 
 
 
 
Tree: 8546ca47af
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8546ca47af'
${ noResults }
openiddict-core/src/OpenIddict.Server.Owin/OpenIddictServerOwinOptions.cs

92 lines
5.0 KiB
Raw Blame History

/*
* Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
* See https://github.com/openiddict/openiddict-core for more information concerning
* the license and the contributors participating to this project.
*/
using System;
using Microsoft.Extensions.Caching.Distributed;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Owin;
namespace OpenIddict.Server.Owin
{
/// <summary>
/// Provides various settings needed to configure the OpenIddict OWIN server integration.
/// </summary>
public class OpenIddictServerOwinOptions : AuthenticationOptions
{
/// <summary>
/// Creates a new instance of the <see cref="OpenIddictServerOwinOptions"/> class.
/// </summary>
public OpenIddictServerOwinOptions()
: base(OpenIddictServerOwinDefaults.AuthenticationType)
=> AuthenticationMode = AuthenticationMode.Passive;
/// <summary>
/// Gets or sets a boolean indicating whether incoming requests arriving on insecure endpoints should be rejected.
/// By default, this property is set to <c>false</c> to help mitigate man-in-the-middle attacks.
/// </summary>
public bool DisableTransportSecurityRequirement { get; set; }
/// <summary>
/// Gets or sets a boolean indicating whether the pass-through mode is enabled for the authorization endpoint.
/// When the pass-through mode is used, OpenID Connect requests are initially handled by OpenIddict.
/// Once validated, the rest of the request processing pipeline is invoked, so that OpenID Connect requests
/// can be handled at a later stage (in a custom middleware or in a MVC controller, for instance).
/// </summary>
public bool EnableAuthorizationEndpointPassthrough { get; set; }
/// <summary>
/// Gets or sets a boolean indicating whether OpenIddict should allow the rest of the request processing pipeline
/// to be invoked when returning an error from the interactive authorization and logout endpoints.
/// When this option is enabled, special logic must be added to these actions to handle errors, that can be
/// retrieved using <see cref="OpenIddictServerOwinHelpers.GetOpenIddictServerResponse(IOwinContext)"/>
/// </summary>
public bool EnableErrorPassthrough { get; set; }
/// <summary>
/// Gets or sets a boolean indicating whether the pass-through mode is enabled for the authorization endpoint.
/// When the pass-through mode is used, OpenID Connect requests are initially handled by OpenIddict.
/// Once validated, the rest of the request processing pipeline is invoked, so that OpenID Connect requests
/// can be handled at a later stage (in a custom middleware or in a MVC controller, for instance).
/// </summary>
public bool EnableLogoutEndpointPassthrough { get; set; }
/// <summary>
/// Gets or sets a boolean indicating whether the pass-through mode is enabled for the token endpoint.
/// When the pass-through mode is used, OpenID Connect requests are initially handled by OpenIddict.
/// Once validated, the rest of the request processing pipeline is invoked, so that OpenID Connect requests
/// can be handled at a later stage (in a custom middleware or in a MVC controller, for instance).
/// </summary>
public bool EnableTokenEndpointPassthrough { get; set; }
/// <summary>
/// Gets or sets a boolean indicating whether the pass-through mode is enabled for the userinfo endpoint.
/// When the pass-through mode is used, OpenID Connect requests are initially handled by OpenIddict.
/// Once validated, the rest of the request processing pipeline is invoked, so that OpenID Connect requests
/// can be handled at a later stage (in a custom middleware or in a MVC controller, for instance).
/// </summary>
public bool EnableUserinfoEndpointPassthrough { get; set; }
/// <summary>
/// Gets or sets a boolean indicating whether request caching should be enabled.
/// When enabled, both authorization and logout requests are automatically stored
/// in the distributed cache, which allows flowing large payloads across requests.
/// Enabling this option is recommended when using external authentication providers
/// or when large GET or POST OpenID Connect authorization requests support is required.
/// </summary>
public bool EnableRequestCaching { get; set; }
/// <summary>
/// Gets or sets the caching policy used to determine how long the authorization
/// and end session requests should be cached by the distributed cache implementation.
/// </summary>
public DistributedCacheEntryOptions RequestCachingPolicy { get; set; } = new DistributedCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromHours(1),
SlidingExpiration = TimeSpan.FromMinutes(30)
};
}
}