Beispiel #1
0
 /// <summary>
 /// Initializes a new <see cref="OpenIdConnectOptions"/>
 /// </summary>
 /// <remarks>
 /// Defaults:
 /// <para>AddNonceToRequest: true.</para>
 /// <para>BackchannelTimeout: 1 minute.</para>
 /// <para>Caption: <see cref="OpenIdConnectDefaults.Caption"/>.</para>
 /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para>
 /// <para>RefreshOnIssuerKeyNotFound: true</para>
 /// <para>ResponseType: <see cref="OpenIdConnectResponseTypes.CodeIdToken"/></para>
 /// <para>Scope: <see cref="OpenIdConnectScopes.OpenIdProfile"/>.</para>
 /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationScheme = authenticationScheme.</para>
 /// <para>UseTokenLifetime: false.</para>
 /// </remarks>
 /// <param name="authenticationScheme"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationScheme property.</param>
 public OpenIdConnectOptions(string authenticationScheme)
 {
     AuthenticationScheme = authenticationScheme;
     AutomaticChallenge = true;
     DisplayName = OpenIdConnectDefaults.Caption;
     CallbackPath = new PathString("/signin-oidc");
     Events = new OpenIdConnectEvents();
     Scope.Add("openid");
     Scope.Add("profile");
 }
Beispiel #2
0
        /// <summary>
        /// Initializes a new <see cref="OpenIdConnectOptions"/>
        /// </summary>
        /// <remarks>
        /// Defaults:
        /// <para>AddNonceToRequest: true.</para>
        /// <para>BackchannelTimeout: 1 minute.</para>
        /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para>
        /// <para>RefreshOnIssuerKeyNotFound: true</para>
        /// <para>ResponseType: <see cref="OpenIdConnectResponseType.CodeIdToken"/></para>
        /// <para>Scope: <see cref="OpenIdConnectScope.OpenIdProfile"/>.</para>
        /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationScheme = authenticationScheme.</para>
        /// <para>UseTokenLifetime: false.</para>
        /// </remarks>
        public OpenIdConnectOptions()
        {
            CallbackPath          = new PathString("/signin-oidc");
            SignedOutCallbackPath = new PathString("/signout-callback-oidc");
            RemoteSignOutPath     = new PathString("/signout-oidc");

            Events = new OpenIdConnectEvents();
            Scope.Add("openid");
            Scope.Add("profile");

            ClaimActions.DeleteClaim("nonce");
            ClaimActions.DeleteClaim("aud");
            ClaimActions.DeleteClaim("azp");
            ClaimActions.DeleteClaim("acr");
            ClaimActions.DeleteClaim("amr");
            ClaimActions.DeleteClaim("iss");
            ClaimActions.DeleteClaim("iat");
            ClaimActions.DeleteClaim("nbf");
            ClaimActions.DeleteClaim("exp");
            ClaimActions.DeleteClaim("at_hash");
            ClaimActions.DeleteClaim("c_hash");
            ClaimActions.DeleteClaim("auth_time");
            ClaimActions.DeleteClaim("ipaddr");
            ClaimActions.DeleteClaim("platf");
            ClaimActions.DeleteClaim("ver");

            // http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
            ClaimActions.MapUniqueJsonKey("sub", "sub");
            ClaimActions.MapUniqueJsonKey("name", "name");
            ClaimActions.MapUniqueJsonKey("given_name", "given_name");
            ClaimActions.MapUniqueJsonKey("family_name", "family_name");
            ClaimActions.MapUniqueJsonKey("profile", "profile");
            ClaimActions.MapUniqueJsonKey("email", "email");

            _nonceCookieBuilder = new OpenIdConnectNonceCookieBuilder(this)
            {
                Name         = OpenIdConnectDefaults.CookieNoncePrefix,
                HttpOnly     = true,
                SameSite     = SameSiteMode.None,
                SecurePolicy = CookieSecurePolicy.SameAsRequest,
                IsEssential  = true,
            };
        }