Represents a dynamic client registration request. The parameters that are supported include a subset of the parameters defined by IANA, and custom properties needed by IdentityServer.
public class DynamicClientRegistrationRequest
| name | description |
|---|---|
| AbsoluteRefreshTokenLifetime { get; set; } | The absolute lifetime of refresh tokens, in seconds. This property is an extension to the Dynamic Client Registration Protocol. |
| AccessTokenLifetime { get; set; } | The lifetime of access tokens, in seconds. This property is an extension to the Dynamic Client Registration Protocol. |
| AccessTokenType { get; set; } | The type of access tokens that this client will create. Either “Jwt” or “Reference”. This property is an extension to the Dynamic Client Registration Protocol. |
| AllowedCorsOrigins { get; set; } | List of allowed CORS origins for JavaScript clients. This property is an extension to the Dynamic Client Registration Protocol. |
| AllowedIdentityTokenSigningAlgorithms { get; set; } | List of signing algorithms to use when signing identity tokens. If not set, will use the server default signing algorithm. This property is an extension to the Dynamic Client Registration Protocol. |
| AllowRememberConsent { get; set; } | Boolean value specifying whether a user’s consent can be remembered in flows initiated by this client. This property is an extension to the Dynamic Client Registration Protocol. |
| AuthorizationCodeLifetime { get; set; } | The lifetime of authorization codes, in seconds. This property is an extension to the Dynamic Client Registration Protocol. |
| BackChannelLogoutSessionRequired { get; set; } | Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. |
| BackChannelLogoutUri { get; set; } | RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. |
| ClientName { get; set; } | Human-readable string name of the client to be presented to the end-user during authorization. |
| ClientUri { get; set; } | Web page providing information about the client. |
| ConsentLifetime { get; set; } | The lifetime of consent, in seconds. This property is an extension to the Dynamic Client Registration Protocol. |
| CoordinateLifetimeWithUserSession { get; set; } | When enabled, the client’s token lifetimes (e.g. refresh tokens) will be tied to the user’s session lifetime. This means when the user logs out, any revokable tokens will be removed. If using server-side sessions, expired sessions will also remove any revokable tokens, and backchannel logout will be triggered. This client’s setting overrides the global CoordinateTokensWithUserSession configuration setting. This property is an extension to the Dynamic Client Registration Protocol. |
| DefaultMaxAge { get; set; } | Default maximum authentication age. This is stored as the UserSsoLifetime property of the IdentityServer client model. |
| EnableLocalLogin { get; set; } | Boolean value specifying if local logins are enabled when this client uses interactive flows. This property is an extension to the Dynamic Client Registration Protocol. |
| Extensions { get; set; } | Custom client metadata fields to include in the serialization. |
| FrontChannelLogoutSessionRequired { get; set; } | Boolean value specifying whether the RP requires that a sid (session ID) query parameter be included to identify the RP session with the OP when the frontchannel_logout_uri is used. |
| FrontChannelLogoutUri { get; set; } | RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. |
| GrantTypes { get; set; } | List of OAuth 2.0 grant type strings that the client can use at the token endpoint. Valid values are “authorization_code”, “client_credentials”, “refresh_token”. |
| IdentityProviderRestrictions { get; set; } | List of external IdPs that can be used with this client. If list is empty all IdPs are allowed. Defaults to empty. This property is an extension to the Dynamic Client Registration Protocol. |
| IdentityTokenLifetime { get; set; } | The lifetime of identity tokens, in seconds. This property is an extension to the Dynamic Client Registration Protocol. |
| InitiateLoginUri { get; set; } | URI using the https scheme that a third party can use to initiate a login by the relying party. |
| Jwks { get; set; } | JWK Set document which contains the client’s public keys. The JwksUri and Jwks parameters MUST NOT both be present in the same request or response. |
| JwksUri { get; set; } | URL to a JWK Set document which contains the client’s public keys. The JwksUri and Jwks parameters MUST NOT both be present in the same request or response. The default validator must be extended to make use of the JwksUri. The default implementation ignores this property. |
| LogoUri { get; set; } | Logo for the client. If present, the server should display this image to the end-user during approval. |
| PostLogoutRedirectUris { get; set; } | List of post-logout redirection URIs for use in the end session endpoint. |
| RedirectUris { get; set; } | List of redirection URI strings for use in redirect-based flows such as the authorization code flow. Clients using flows with redirection must register their redirection URI values. |
| RefreshTokenExpiration { get; set; } | The type of expiration for refresh tokens. Either “sliding” or “absolute”. This property is an extension to the Dynamic Client Registration Protocol. |
| RefreshTokenUsage { get; set; } | The usage type for refresh tokens. Either “OneTimeOnly” or “ReUse”. This property is an extension to the Dynamic Client Registration Protocol. |
| RequireClientSecret { get; set; } | Boolean value specifying if a client secret is needed to request tokens at the token endpoint. This property is an extension to the Dynamic Client Registration Protocol. |
| RequireConsent { get; set; } | Boolean value specifying whether consent is required in user-centric flows initiated by this client. This property is an extension to the Dynamic Client Registration Protocol. |
| RequireSignedRequestObject { get; set; } | Boolean value specifying whether authorization requests must be protected as signed request objects and provided through either the request or request_uri parameters. |
| Scope { get; set; } | String containing a space-separated list of scope values that the client can use when requesting access tokens. If omitted, the configuration API will register a client with the scopes set by the DynamicClientRegistrationValidator.SetDefaultScopes method, which defaults to no scopes. |
| SlidingRefreshTokenLifetime { get; set; } | The sliding lifetime of refresh tokens, in seconds. This property is an extension to the Dynamic Client Registration Protocol. |
| SoftwareId { get; set; } | A unique identifier string (e.g., a Universally Unique Identifier (UUID)) assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered. Unlike “client_id”, which is issued by the authorization server and SHOULD vary between instances, the “software_id” SHOULD remain the same for all instances of the client software. The “software_id” SHOULD remain the same across multiple updates or versions of the same piece of software. The value of this field is not intended to be human readable and is usually opaque to the client and authorization server. The default validator must be extended to make use of the SoftwareId. The default implementation ignores this property. |
| SoftwareStatement { get; set; } | A software statement containing client metadata values about the client software as claims. This is a string value containing the entire signed JWT. The default validator must be extended to make use of the software statement. The default implementation ignores this property. |
| SoftwareVersion { get; set; } | A version identifier string for the client software identified by “software_id”. The value of the “software_version” SHOULD change on any update to the client software identified by the same “software_id”. The value of this field is intended to be compared using string equality matching and no other comparison semantics are defined by this specification. The default validator must be extended to make use of the SoftwareVersion. The default implementation ignores this property. |
| TokenEndpointAuthenticationMethod { get; set; } | Requested Client Authentication method for the Token Endpoint. The supported options are client_secret_post, client_secret_basic, client_secret_jwt, private_key_jwt. |
| UpdateAccessTokenClaimsOnRefresh { get; set; } | Boolean value specifying whether access token claims are updated during token refresh. This property is an extension to the Dynamic Client Registration Protocol. |
Represents the response to a successful dynamic client registration request. This class extends the registration request by adding additional properties that are generated server side and not set by the client.
public class DynamicClientRegistrationResponse : DynamicClientRegistrationRequest, IDynamicClientRegistrationResponse
| name | description |
|---|---|
| ClientId { get; set; } | Gets or sets the client ID. |
| ClientSecret { get; set; } | Gets or sets the client secret. |
| ClientSecretExpiresAt { get; set; } | Gets or sets the expiration time of the client secret. |
| ResponseTypes { get; set; } | List of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. |
Represents the context of a dynamic client registration request, including the original DCR request, the client model that is built up through validation and processing, the caller who made the DCR request, and other contextual information.
public class DynamicClientRegistrationContext
| name | description |
|---|---|
| Caller { get; set; } | The ClaimsPrincipal that made the DCR request. |
| Client { get; set; } | The client model that is built up through validation and processing. |
| Items { get; set; } | A collection where additional contextual information may be stored. This is intended as a place to pass additional custom state between validation steps. |
| Request { get; set; } | The original dynamic client registration request. |
Represents an error that occurred during validation of a dynamic client registration request. This class implements the appropriate marker interfaces so that it can be returned from various points in the validator or processor.
public class DynamicClientRegistrationValidationError : IStepResult, IDynamicClientRegistrationResponse, IDynamicClientRegistrationValidationResult
| name | description |
|---|---|
| Error { get; set; } | Gets or sets the error code for the error that occurred during validation. Error codes defined by RFC 7591 are defined as constants in the DynamicClientRegistrationErrors class. |
| ErrorDescription { get; set; } | Gets or sets a human-readable description of the error that occurred during validation. |
Marker interface for the response to a dynamic client registration request. This interface has two implementations; DynamicClientRegistrationResponse indicates success, while DynamicClientRegistrationError indicates failure.
Marker interface for the result of validating a dynamic client registration request. This interface has two implementations; DynamicClientRegistrationValidatedRequest indicates success, while DynamicClientRegistrationError indicates failure. Note that the DynamicClientRegistrationError implements multiple interfaces and can be used throughout the pipeline to convey errors.
Marker interface for the result of a step in the dynamic client registration validator or processor. This interface has two implementations; SuccessfulStep indicates success, while DynamicClientRegistrationError indicates failure. Note that the DynamicClientRegistrationError implements multiple interfaces and can be used throughout the pipeline to convey errors.
Your validation or processing steps can return a call to convenience functions in the static class StepResult to conveniently construct a success or failure from a step wrapped in a task.
| name | description |
|---|---|
| static Task<IStepResult> Success() | Indicates that the validation step was completed was completed successfully |
| static Task<IStepResult> Failure(string errorDescription) | Indicates that the validation step failed with the specified error description and the default error code of invalid_client_metadata |
| static Task<IStepResult> Failure(string errorDescription, string error) | Indicates that the validation step failed with the specified error description and error code |
Represents a successfully validated dynamic client registration request.
public class DynamicClientRegistrationValidatedRequest : DynamicClientRegistrationValidationResult
Represents a successful validation step.
public class SuccessfulStep : IStepResult