ValidationParameters Class

Initializes a new instance of the ValidationParameters class.

Copy constructor for ValidationParameters.

This is the default value of AuthenticationType when creating a ClaimsIdentity. The value is "AuthenticationTypes.Federation". To change the value, set AuthenticationType to a different value.

Default for the clock skew.

Default for the maximum token size.

Gets or sets ValidationParameters.

Allows overriding the delegate used to validate the cryptographic algorithm used.

Allows overriding the delegate that will be used to validate the audience.

Gets or sets the AuthenticationType when creating a ClaimsIdentity.

Gets or sets the clock skew to apply when validating a time.

If set, this property will be used to obtain the issuer and signing keys associated with the metadata endpoint of Issuer. The obtained issuer and signing keys will then be used along with those present on the ValidationParameters for validation of the incoming token.

Users can override the default CryptoProviderFactory with this property. This factory will be used for creating signature providers.

Gets or sets a string that helps with setting breakpoints when debugging.

Gets or sets a boolean that controls if a '/' is significant at the end of the audience. The default is true.

Gets or sets the flag that indicates whether to include the SecurityToken when the validation fails.

Gets a IDictionary<TKey,TValue> that is unique to this instance. Calling Clone() will result in a new instance of this IDictionary.

Gets a value indicating if Clone() was called to obtain this instance.

Gets or sets a delegate that will be called to retrieve a SecurityKey used for signature validation.

Gets the IList<T> used for signature validation.

Gets or sets a delegate for validating the SecurityKey that signed the token.

Allows overriding the delegate that will be used to validate the issuer of the token.

Allows overriding the delegate that will be used to validate the lifetime of the token

Gets or sets a Boolean that will decide if the token identifier claim needs to be logged. Default value is true.

Gets or sets a String that defines the NameClaimType.

Gets or sets a delegate that will be called to set the property NameClaimType after validating a token.

Gets or sets the IDictionary<TKey,TValue> that contains a collection of custom key/value pairs. This allows addition of parameters that could be used in custom token validation scenarios.

A boolean to control whether configuration should be refreshed before validating a token.

Gets or sets the String that defines the RoleClaimType.

Gets or sets a delegate that will be called to set the property RoleClaimType after validating a token.

Gets or sets a boolean to control if the original token should be saved after the security token is validated.

Gets or sets a delegate that will be used to validate the signature of the token.

Gets the IList<T> that is to be used for decrypting inbound tokens.

Gets or set the ITokenReplayCache that store tokens that can be checked to help detect token replay.

Allows overriding the delegate that will be used to validate the token replay of the token.

Allows overriding the delegate that will be used to validate the type of the token. If the token type cannot be validated, a ValidationResult<TResult,TError> MUST be returned by the delegate. Note: the 'type' parameter may be null if it couldn't be extracted from its usual location. Implementations that need to resolve it from a different location can use the 'token' parameter.

Gets or sets a value indicating whether all TokenDecryptionKeys should be tried during token decryption when a key is not matched to token 'kid' or if token 'kid' is empty. The default is true.

If the IssuerSigningKeyResolver is unable to resolve the key when validating the signature of the SecurityToken, all available keys will be tried.

Gets or sets the valid algorithms for cryptographic operations.

Gets or sets a boolean that controls if the actor claim should be validated.

Gets or sets a boolean to control if the LKG configuration will be used for token validation.

Gets the IList<T> that contains valid audiences that will be used to check against the token's audience. The default is an empty collection.

Gets the IList<T> that contains valid issuers that will be used to check against the token's issuer. The default is an empty collection.

Gets the IList<T> that contains valid types that will be used to check against the JWT header's 'typ' claim. If this property is not set, the 'typ' header claim will not be validated and all types will be accepted. In the case of a JWE, this property will ONLY apply to the inner token header. The default is an empty collection.

Returns a new instance of ValidationParameters with values copied from this object.

Creates a ClaimsIdentity using:

AuthenticationType

'NameClaimType': If NameClaimTypeRetriever is set, call delegate, else call NameClaimType. If the result is a null or empty string, use DefaultNameClaimType

'RoleClaimType': If RoleClaimTypeRetriever is set, call delegate, else call RoleClaimType. If the result is a null or empty string, use DefaultRoleClaimType