static void InitializeMessageStructures()
{
idTokenRequestStructure = new MessageStructure <IdTokenRequest>()
{
BrowserOnly = true
};
idTokenRequestStructure.AddSecret(nameof(IdTokenRequest.state),
// The sender (the client) gets implicitly added.
// It doesn't matter whether we add the IdP here. Convention?
(msg) => new Principal[] { msg.rpPrincipal });
idTokenResponseStructure = new MessageStructure <IdTokenResponse>()
{
BrowserOnly = true
};
idTokenResponseStructure.AddSecret(nameof(IdTokenRequest.state),
// We're not passing the state along further, so we don't have to declare any readers.
(msg) => new Principal[] { });
idTokenResponseStructure.AddMessagePayloadSecret(nameof(IdTokenResponse.idToken),
(msg) => new Principal[] { },
new GoogleIdTokenVerifier(),
true);
}
