static void InitializeMessageStructures() { idTokenRequestStructure = new MessageStructure <IdTokenRequest>() { BrowserOnly = true }; idTokenRequestStructure.AddSecret(nameof(IdTokenRequest.state), // The sender (the client) gets implicitly added. // It doesn't matter whether we add the IdP here. Convention? (msg) => new Principal[] { msg.rpPrincipal }); idTokenResponseStructure = new MessageStructure <IdTokenResponse>() { BrowserOnly = true }; idTokenResponseStructure.AddSecret(nameof(IdTokenRequest.state), // We're not passing the state along further, so we don't have to declare any readers. (msg) => new Principal[] { }); idTokenResponseStructure.AddMessagePayloadSecret(nameof(IdTokenResponse.idToken), (msg) => new Principal[] { }, new GoogleIdTokenVerifier(), true); }