/// <summary> /// Initializes a new <see cref="OpenIdConnectOptions"/> /// </summary> /// <remarks> /// Defaults: /// <para>AddNonceToRequest: true.</para> /// <para>BackchannelTimeout: 1 minute.</para> /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para> /// <para>RefreshOnIssuerKeyNotFound: true</para> /// <para>ResponseType: <see cref="OpenIdConnectResponseType.CodeIdToken"/></para> /// <para>Scope: <see cref="OpenIdConnectScope.OpenIdProfile"/>.</para> /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationScheme = authenticationScheme.</para> /// <para>UseTokenLifetime: false.</para> /// </remarks> public OpenIdConnectOptions() { CallbackPath = new PathString("/signin-oidc"); SignedOutCallbackPath = new PathString("/signout-callback-oidc"); RemoteSignOutPath = new PathString("/signout-oidc"); Events = new OpenIdConnectEvents(); Scope.Add("openid"); Scope.Add("profile"); ClaimActions.DeleteClaim("nonce"); ClaimActions.DeleteClaim("aud"); ClaimActions.DeleteClaim("azp"); ClaimActions.DeleteClaim("acr"); ClaimActions.DeleteClaim("amr"); ClaimActions.DeleteClaim("iss"); ClaimActions.DeleteClaim("iat"); ClaimActions.DeleteClaim("nbf"); ClaimActions.DeleteClaim("exp"); ClaimActions.DeleteClaim("at_hash"); ClaimActions.DeleteClaim("c_hash"); ClaimActions.DeleteClaim("auth_time"); ClaimActions.DeleteClaim("ipaddr"); ClaimActions.DeleteClaim("platf"); ClaimActions.DeleteClaim("ver"); // http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims ClaimActions.P7MapUniqueJsonKey("sub", "sub"); ClaimActions.P7MapUniqueJsonKey("name", "name"); ClaimActions.P7MapUniqueJsonKey("given_name", "given_name"); ClaimActions.P7MapUniqueJsonKey("family_name", "family_name"); ClaimActions.P7MapUniqueJsonKey("profile", "profile"); ClaimActions.P7MapUniqueJsonKey("email", "email"); _nonceCookieBuilder = new OpenIdConnectNonceCookieBuilder(this) { Name = OpenIdConnectDefaults.CookieNoncePrefix, HttpOnly = true, SameSite = SameSiteMode.None, SecurePolicy = CookieSecurePolicy.SameAsRequest, IsEssential = true, }; }