You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1046 lines
75 KiB
1046 lines
75 KiB
<?xml version="1.0"?>
|
|
<doc>
|
|
<assembly>
|
|
<name>Microsoft.Owin.Security.OAuth</name>
|
|
</assembly>
|
|
<members>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestCustomExtension">
|
|
<summary>
|
|
Data object used by TokenEndpointRequest which contains parameter information when the "grant_type" is unrecognized.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestCustomExtension.Parameters">
|
|
<summary>
|
|
The parameter information when the "grant_type" is unrecognized.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestRefreshToken">
|
|
<summary>
|
|
Data object used by TokenEndpointRequest when the "grant_type" parameter is "refresh_token".
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestRefreshToken.RefreshToken">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "refresh_token" parameter
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestRefreshToken.Scope">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "scope" parameter
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestAuthorizationCode">
|
|
<summary>
|
|
Data object used by TokenEndpointRequest when the "grant_type" is "authorization_code".
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestAuthorizationCode.Code">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "code" parameter
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestAuthorizationCode.RedirectUri">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "redirect_uri" parameter. This MUST be provided by the caller
|
|
if the original visit to the Authorize endpoint contained a "redirect_uri" parameter.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest">
|
|
<summary>
|
|
Data object representing the information contained in the query string of an Authorize endpoint request.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.#ctor(Microsoft.Owin.IReadableStringCollection)">
|
|
<summary>
|
|
Creates a new instance populated with values from the query string parameters.
|
|
</summary>
|
|
<param name="parameters">Query string parameters from a request.</param>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.ResponseType">
|
|
<summary>
|
|
The "response_type" query string parameter of the Authorize request. Known values are "code" and "token".
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.ClientId">
|
|
<summary>
|
|
The "client_id" query string parameter of the Authorize request.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.RedirectUri">
|
|
<summary>
|
|
The "redirect_uri" query string parameter of the Authorize request. May be absent if the server should use the
|
|
redirect uri known to be registered to the client id.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.Scope">
|
|
<summary>
|
|
The "scope" query string parameter of the Authorize request. May be absent if the server should use default scopes.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.State">
|
|
<summary>
|
|
The "scope" query string parameter of the Authorize request. May be absent if the client does not require state to be
|
|
included when returning to the RedirectUri.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.IsAuthorizationCodeGrantType">
|
|
<summary>
|
|
True if the "response_type" query string parameter is "code".
|
|
See also, http://tools.ietf.org/html/rfc6749#section-4.1.1
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.AuthorizeEndpointRequest.IsImplicitGrantType">
|
|
<summary>
|
|
True if the "response_type" query string parameter is "token".
|
|
See also, http://tools.ietf.org/html/rfc6749#section-4.2.1
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest">
|
|
<summary>
|
|
Data object representing the information contained in form encoded body of a Token endpoint request.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.#ctor(Microsoft.Owin.IReadableStringCollection)">
|
|
<summary>
|
|
Creates a new instance populated with values from the form encoded body parameters.
|
|
</summary>
|
|
<param name="parameters">Form encoded body parameters from a request.</param>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.Parameters">
|
|
<summary>
|
|
The form encoded body parameters of the Token endpoint request
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.GrantType">
|
|
<summary>
|
|
The "grant_type" parameter of the Token endpoint request. This parameter is required.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.ClientId">
|
|
<summary>
|
|
The "client_id" parameter of the Token endpoint request. This parameter is optional. It might not
|
|
be present if the request is authenticated in a different way, for example, by using basic authentication
|
|
credentials.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.AuthorizationCodeGrant">
|
|
<summary>
|
|
Data object available when the "grant_type" is "authorization_code".
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.1.3
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.ClientCredentialsGrant">
|
|
<summary>
|
|
Data object available when the "grant_type" is "client_credentials".
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.4.2
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.RefreshTokenGrant">
|
|
<summary>
|
|
Data object available when the "grant_type" is "refresh_token".
|
|
See also http://tools.ietf.org/html/rfc6749#section-6
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.ResourceOwnerPasswordCredentialsGrant">
|
|
<summary>
|
|
Data object available when the "grant_type" is "password".
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.3.2
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.CustomExtensionGrant">
|
|
<summary>
|
|
Data object available when the "grant_type" is unrecognized.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.5
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.IsAuthorizationCodeGrantType">
|
|
<summary>
|
|
True when the "grant_type" is "authorization_code".
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.1.3
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.IsClientCredentialsGrantType">
|
|
<summary>
|
|
True when the "grant_type" is "client_credentials".
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.4.2
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.IsRefreshTokenGrantType">
|
|
<summary>
|
|
True when the "grant_type" is "refresh_token".
|
|
See also http://tools.ietf.org/html/rfc6749#section-6
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.IsResourceOwnerPasswordCredentialsGrantType">
|
|
<summary>
|
|
True when the "grant_type" is "password".
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.3.2
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequest.IsCustomExtensionGrantType">
|
|
<summary>
|
|
True when the "grant_type" is unrecognized.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.5
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestClientCredentials">
|
|
<summary>
|
|
Data object used by TokenEndpointRequest when the "grant_type" is "client_credentials".
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestClientCredentials.Scope">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "scope" parameter
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestResourceOwnerPasswordCredentials">
|
|
<summary>
|
|
Data object used by TokenEndpointRequest when the "grant_type" is "password".
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestResourceOwnerPasswordCredentials.UserName">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "username" parameter
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestResourceOwnerPasswordCredentials.Password">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "password" parameter
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.Messages.TokenEndpointRequestResourceOwnerPasswordCredentials.Scope">
|
|
<summary>
|
|
The value passed to the Token endpoint in the "scope" parameter
|
|
</summary>
|
|
</member>
|
|
<member name="T:Owin.OAuthAuthorizationServerExtensions">
|
|
<summary>
|
|
Extension methods to add Authorization Server capabilities to an OWIN pipeline
|
|
</summary>
|
|
</member>
|
|
<member name="M:Owin.OAuthAuthorizationServerExtensions.UseOAuthAuthorizationServer(Owin.IAppBuilder,Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions)">
|
|
<summary>
|
|
Adds OAuth2 Authorization Server capabilities to an OWIN web application. This middleware
|
|
performs the request processing for the Authorize and Token endpoints defined by the OAuth2 specification.
|
|
See also http://tools.ietf.org/html/rfc6749
|
|
</summary>
|
|
<param name="app">The web application builder</param>
|
|
<param name="options">Options which control the behavior of the Authorization Server.</param>
|
|
<returns>The application builder</returns>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions">
|
|
<summary>
|
|
Options class provides information needed to control Authorization Server middleware behavior
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.#ctor">
|
|
<summary>
|
|
Creates an instance of authorization server options with default values.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AuthorizeEndpointPath">
|
|
<summary>
|
|
The request path where client applications will redirect the user-agent in order to
|
|
obtain user consent to issue a token. Must begin with a leading slash, like "/Authorize".
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.TokenEndpointPath">
|
|
<summary>
|
|
The request path client applications communicate with directly as part of the OAuth protocol.
|
|
Must begin with a leading slash, like "/Token". If the client is issued a client_secret, it must
|
|
be provided to this endpoint.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.Provider">
|
|
<summary>
|
|
The object provided by the application to process events raised by the Authorization Server middleware.
|
|
The application may implement the interface fully, or it may create an instance of OAuthAuthorizationServerProvider
|
|
and assign delegates only to the events it wants to process.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AuthorizationCodeFormat">
|
|
<summary>
|
|
The data format used to protect and unprotect the information contained in the authorization code.
|
|
If not provided by the application the default data protection provider depends on the host server.
|
|
The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted
|
|
servers will use DPAPI data protection.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AccessTokenFormat">
|
|
<summary>
|
|
The data format used to protect the information contained in the access token.
|
|
If not provided by the application the default data protection provider depends on the host server.
|
|
The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted
|
|
servers will use DPAPI data protection. If a different access token
|
|
provider or format is assigned, a compatible instance must be assigned to the OAuthBearerAuthenticationOptions.AccessTokenProvider
|
|
or OAuthBearerAuthenticationOptions.AccessTokenFormat property of the resource server.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.RefreshTokenFormat">
|
|
<summary>
|
|
The data format used to protect and unprotect the information contained in the refresh token.
|
|
If not provided by the application the default data protection provider depends on the host server.
|
|
The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted
|
|
servers will use DPAPI data protection.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AuthorizationCodeExpireTimeSpan">
|
|
<summary>
|
|
The period of time the authorization code remains valid after being issued. The default is five minutes.
|
|
This time span must also take into account clock synchronization between servers in a web farm, so a very
|
|
brief value could result in unexpectedly expired tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AccessTokenExpireTimeSpan">
|
|
<summary>
|
|
The period of time the access token remains valid after being issued. The default is twenty minutes.
|
|
The client application is expected to refresh or acquire a new access token after the token has expired.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AuthorizationCodeProvider">
|
|
<summary>
|
|
Produces a single-use authorization code to return to the client application. For the OAuth server to be secure the
|
|
application MUST provide an instance for AuthorizationCodeProvider where the token produced by the OnCreate or OnCreateAsync event
|
|
is considered valid for only one call to OnReceive or OnReceiveAsync.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AccessTokenProvider">
|
|
<summary>
|
|
Produces a bearer token the client application will typically be providing to resource server as the authorization bearer
|
|
http request header. If not provided the token produced on the server's default data protection. If a different access token
|
|
provider or format is assigned, a compatible instance must be assigned to the OAuthBearerAuthenticationOptions.AccessTokenProvider
|
|
or OAuthBearerAuthenticationOptions.AccessTokenFormat property of the resource server.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.RefreshTokenProvider">
|
|
<summary>
|
|
Produces a refresh token which may be used to produce a new access token when needed. If not provided the authorization server will
|
|
not return refresh tokens from the /Token endpoint.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.ApplicationCanDisplayErrors">
|
|
<summary>
|
|
Set to true if the web application is able to render error messages on the /Authorize endpoint. This is only needed for cases where
|
|
the browser is not redirected back to the client application, for example, when the client_id or redirect_uri are incorrect. The
|
|
/Authorize endpoint should expect to see "oauth.Error", "oauth.ErrorDescription", "oauth.ErrorUri" properties added to the owin environment.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.SystemClock">
|
|
<summary>
|
|
Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on
|
|
DateTimeOffset.UtcNow. This is typically needed only for unit testing.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions.AllowInsecureHttp">
|
|
<summary>
|
|
True to allow authorize and token requests to arrive on http URI addresses, and to allow incoming
|
|
redirect_uri authorize request parameter to have http URI addresses.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerMiddleware">
|
|
<summary>
|
|
Authorization Server middleware component which is added to an OWIN pipeline. This class is not
|
|
created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthAuthorizationServer
|
|
extension method.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerMiddleware.#ctor(Microsoft.Owin.OwinMiddleware,Owin.IAppBuilder,Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions)">
|
|
<summary>
|
|
Authorization Server middleware component which is added to an OWIN pipeline. This constructor is not
|
|
called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthAuthorizationServer
|
|
extension method.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerMiddleware.CreateHandler">
|
|
<summary>
|
|
Called by the AuthenticationMiddleware base class to create a per-request handler.
|
|
</summary>
|
|
<returns>A new instance of the request handler</returns>
|
|
</member>
|
|
<member name="T:Owin.OAuthBearerAuthenticationExtensions">
|
|
<summary>
|
|
Extension methods to add OAuth Bearer authentication capabilities to an OWIN application pipeline
|
|
</summary>
|
|
</member>
|
|
<member name="M:Owin.OAuthBearerAuthenticationExtensions.UseOAuthBearerAuthentication(Owin.IAppBuilder,Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions)">
|
|
<summary>
|
|
Adds Bearer token processing to an OWIN application pipeline. This middleware understands appropriately
|
|
formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
|
|
claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode
|
|
is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
|
|
any time to obtain the claims from the request's bearer token.
|
|
See also http://tools.ietf.org/html/rfc6749
|
|
</summary>
|
|
<param name="app">The web application builder</param>
|
|
<param name="options">Options which control the processing of the bearer header.</param>
|
|
<returns>The application builder</returns>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware">
|
|
<summary>
|
|
Bearer authentication middleware component which is added to an OWIN pipeline. This class is not
|
|
created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication
|
|
extension method.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware.#ctor(Microsoft.Owin.OwinMiddleware,Owin.IAppBuilder,Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions)">
|
|
<summary>
|
|
Bearer authentication component which is added to an OWIN pipeline. This constructor is not
|
|
called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication
|
|
extension method.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware.CreateHandler">
|
|
<summary>
|
|
Called by the AuthenticationMiddleware base class to create a per-request handler.
|
|
</summary>
|
|
<returns>A new instance of the request handler</returns>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions">
|
|
<summary>
|
|
Options class provides information needed to control Bearer Authentication middleware behavior
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions.#ctor">
|
|
<summary>
|
|
Creates an instance of bearer authentication options with default values.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions.Realm">
|
|
<summary>
|
|
Determines what realm value is included when the bearer middleware adds a response header to an unauthorized request.
|
|
If not assigned, the response header does not have a realm.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions.Provider">
|
|
<summary>
|
|
The object provided by the application to process events raised by the bearer authentication middleware.
|
|
The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider
|
|
and assign delegates only to the events it wants to process.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions.AccessTokenFormat">
|
|
<summary>
|
|
The data format used to unprotect the information contained in the access token.
|
|
If not provided by the application the default data protection provider depends on the host server.
|
|
The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted
|
|
servers will use DPAPI data protection. If a different access token
|
|
provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider
|
|
and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorizatoin server.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions.AccessTokenProvider">
|
|
<summary>
|
|
Receives the bearer token the client application will be providing to web application. If not provided the token
|
|
produced on the server's default data protection by using the AccessTokenFormat. If a different access token
|
|
provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider
|
|
and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorization server.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions.SystemClock">
|
|
<summary>
|
|
Used to know what the current clock time is when calculating or validaing token expiration. When not assigned default is based on
|
|
DateTimeOffset.UtcNow. This is typically needed only for unit testing.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthDefaults">
|
|
<summary>
|
|
Default values used by authorization server and bearer authentication.
|
|
</summary>
|
|
</member>
|
|
<member name="F:Microsoft.Owin.Security.OAuth.OAuthDefaults.AuthenticationType">
|
|
<summary>
|
|
Default value for AuthenticationType property in the OAuthBearerAuthenticationOptions and
|
|
OAuthAuthorizationServerOptions.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.BaseValidatingClientContext">
|
|
<summary>
|
|
Base class used for certain event contexts
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1">
|
|
<summary>
|
|
Base class used for certain event contexts
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.#ctor(Microsoft.Owin.IOwinContext,`0)">
|
|
<summary>
|
|
Initializes base class used for certain event contexts
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.Validated">
|
|
<summary>
|
|
Marks this context as validated by the application. IsValidated becomes true and HasError becomes false as a result of calling.
|
|
</summary>
|
|
<returns>True if the validation has taken effect.</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.Rejected">
|
|
<summary>
|
|
Marks this context as not validated by the application. IsValidated and HasError become false as a result of calling.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.SetError(System.String)">
|
|
<summary>
|
|
Marks this context as not validated by the application and assigns various error information properties.
|
|
HasError becomes true and IsValidated becomes false as a result of calling.
|
|
</summary>
|
|
<param name="error">Assigned to the Error property</param>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.SetError(System.String,System.String)">
|
|
<summary>
|
|
Marks this context as not validated by the application and assigns various error information properties.
|
|
HasError becomes true and IsValidated becomes false as a result of calling.
|
|
</summary>
|
|
<param name="error">Assigned to the Error property</param>
|
|
<param name="errorDescription">Assigned to the ErrorDescription property</param>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.SetError(System.String,System.String,System.String)">
|
|
<summary>
|
|
Marks this context as not validated by the application and assigns various error information properties.
|
|
HasError becomes true and IsValidated becomes false as a result of calling.
|
|
</summary>
|
|
<param name="error">Assigned to the Error property</param>
|
|
<param name="errorDescription">Assigned to the ErrorDescription property</param>
|
|
<param name="errorUri">Assigned to the ErrorUri property</param>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.IsValidated">
|
|
<summary>
|
|
True if application code has called any of the Validate methods on this context.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.HasError">
|
|
<summary>
|
|
True if application code has called any of the SetError methods on this context.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.Error">
|
|
<summary>
|
|
The error argument provided when SetError was called on this context. This is eventually
|
|
returned to the client app as the OAuth "error" parameter.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.ErrorDescription">
|
|
<summary>
|
|
The optional errorDescription argument provided when SetError was called on this context. This is eventually
|
|
returned to the client app as the OAuth "error_description" parameter.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.BaseValidatingContext`1.ErrorUri">
|
|
<summary>
|
|
The optional errorUri argument provided when SetError was called on this context. This is eventually
|
|
returned to the client app as the OAuth "error_uri" parameter.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingClientContext.#ctor(Microsoft.Owin.IOwinContext,Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions,System.String)">
|
|
<summary>
|
|
Initializes base class used for certain event contexts
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.BaseValidatingClientContext.ClientId">
|
|
<summary>
|
|
The "client_id" parameter for the current request. The Authorization Server application is responsible for
|
|
validating this value identifies a registered client.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.BaseValidatingTicketContext`1">
|
|
<summary>
|
|
Base class used for certain event contexts
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingTicketContext`1.#ctor(Microsoft.Owin.IOwinContext,`0,Microsoft.Owin.Security.AuthenticationTicket)">
|
|
<summary>
|
|
Initializes base class used for certain event contexts
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingTicketContext`1.Validated(Microsoft.Owin.Security.AuthenticationTicket)">
|
|
<summary>
|
|
Replaces the ticket information on this context and marks it as as validated by the application.
|
|
IsValidated becomes true and HasError becomes false as a result of calling.
|
|
</summary>
|
|
<param name="ticket">Assigned to the Ticket property</param>
|
|
<returns>True if the validation has taken effect.</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.BaseValidatingTicketContext`1.Validated(System.Security.Claims.ClaimsIdentity)">
|
|
<summary>
|
|
Alters the ticket information on this context and marks it as as validated by the application.
|
|
IsValidated becomes true and HasError becomes false as a result of calling.
|
|
</summary>
|
|
<param name="identity">Assigned to the Ticket.Identity property</param>
|
|
<returns>True if the validation has taken effect.</returns>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.BaseValidatingTicketContext`1.Ticket">
|
|
<summary>
|
|
Contains the identity and properties for the application to authenticate. If the Validated method
|
|
is invoked with an AuthenticationTicket or ClaimsIdentity argument, that new value is assigned to
|
|
this property in addition to changing IsValidated to true.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthAuthorizeEndpointContext">
|
|
<summary>
|
|
An event raised after the Authorization Server has processed the request, but before it is passed on to the web application.
|
|
Calling RequestCompleted will prevent the request from passing on to the web application.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizeEndpointContext.#ctor(Microsoft.Owin.IOwinContext,Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions)">
|
|
<summary>
|
|
Creates an instance of this context
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider">
|
|
<summary>
|
|
Interface for OAuthAuthorizationServerOptions.Provider property used by Authorization
|
|
Server to communicate with the web application while processing requests.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.MatchEndpoint(Microsoft.Owin.Security.OAuth.OAuthMatchEndpointContext)">
|
|
<summary>
|
|
Called to determine if an incoming request is treated as an Authorize or Token
|
|
endpoint. If Options.AuthorizeEndpointPath or Options.TokenEndpointPath
|
|
are assigned values, then handling this event is optional and context.IsAuthorizeEndpoint and context.IsTokenEndpoint
|
|
will already be true if the request path matches.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.ValidateClientRedirectUri(Microsoft.Owin.Security.OAuth.OAuthValidateClientRedirectUriContext)">
|
|
<summary>
|
|
Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri"
|
|
registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this
|
|
call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called
|
|
with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI.
|
|
If context.Validated is not called the request will not proceed further.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.ValidateClientAuthentication(Microsoft.Owin.Security.OAuth.OAuthValidateClientAuthenticationContext)">
|
|
<summary>
|
|
Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are
|
|
present on the request. If the web application accepts Basic authentication credentials,
|
|
context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web
|
|
application accepts "client_id" and "client_secret" as form encoded POST parameters,
|
|
context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body.
|
|
If context.Validated is not called the request will not proceed further.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.ValidateAuthorizeRequest(Microsoft.Owin.Security.OAuth.OAuthValidateAuthorizeRequestContext)">
|
|
<summary>
|
|
Called for each request to the Authorize endpoint to determine if the request is valid and should continue.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
|
|
validated client redirect URI, should continue processing. An application may add any additional constraints.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.ValidateTokenRequest(Microsoft.Owin.Security.OAuth.OAuthValidateTokenRequestContext)">
|
|
<summary>
|
|
Called for each request to the Authorize endpoint to determine if the request is valid and should continue.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
|
|
validated client credentials, should continue processing. An application may add any additional constraints.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.GrantAuthorizationCode(Microsoft.Owin.Security.OAuth.OAuthGrantAuthorizationCodeContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize
|
|
endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token".
|
|
The claims and properties
|
|
associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization
|
|
Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different
|
|
AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to
|
|
the access token unmodified.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.1.3
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.GrantRefreshToken(Microsoft.Owin.Security.OAuth.OAuthGrantRefreshTokenContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token"
|
|
along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token".
|
|
To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties
|
|
associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the
|
|
Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may
|
|
be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to
|
|
the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to
|
|
the access token unmodified.
|
|
See also http://tools.ietf.org/html/rfc6749#section-6
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password
|
|
credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and
|
|
optional "refresh_token". If the web application supports the
|
|
resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an
|
|
access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated
|
|
with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. .
|
|
The default behavior is to reject this grant type.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.3.2
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.GrantClientCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantClientCredentialsContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client
|
|
application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user.
|
|
If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call.
|
|
To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated
|
|
with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
|
|
The default behavior is to reject this grant type.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.4.2
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.GrantCustomExtension(Microsoft.Owin.Security.OAuth.OAuthGrantCustomExtensionContext)">
|
|
<summary>
|
|
Called when a request to the Token andpoint arrives with a "grant_type" of any other value. If the application supports custom grant types
|
|
it is entirely responsible for determining if the request should result in an access_token. If context.Validated is called with ticket
|
|
information the response body is produced in the same way as the other standard grant types. If additional response parameters must be
|
|
included they may be added in the final TokenEndpoint call.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.5
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.AuthorizeEndpoint(Microsoft.Owin.Security.OAuth.OAuthAuthorizeEndpointContext)">
|
|
<summary>
|
|
Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component
|
|
responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the
|
|
response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the
|
|
Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the
|
|
context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes
|
|
to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the
|
|
appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthAuthorizationServerProvider.TokenEndpoint(Microsoft.Owin.Security.OAuth.OAuthTokenEndpointContext)">
|
|
<summary>
|
|
Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final
|
|
modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional
|
|
response parameters to the Token endpoint's json response body.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider">
|
|
<summary>
|
|
Default implementation of IOAuthAuthorizationServerProvider used by Authorization
|
|
Server to communicate with the web application while processing requests. OAuthAuthorizationServerProvider provides some default behavior,
|
|
may be used as a virtual base class, and offers delegate properties which may be used to
|
|
handle individual calls without declaring a new class type.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.#ctor">
|
|
<summary>
|
|
Creates new instance of default provider behavior
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.MatchEndpoint(Microsoft.Owin.Security.OAuth.OAuthMatchEndpointContext)">
|
|
<summary>
|
|
Called to determine if an incoming request is treated as an Authorize or Token
|
|
endpoint. If Options.AuthorizeEndpointPath or Options.TokenEndpointPath
|
|
are assigned values, then handling this event is optional and context.IsAuthorizeEndpoint and context.IsTokenEndpoint
|
|
will already be true if the request path matches.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.ValidateClientRedirectUri(Microsoft.Owin.Security.OAuth.OAuthValidateClientRedirectUriContext)">
|
|
<summary>
|
|
Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri"
|
|
registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this
|
|
call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called
|
|
with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI.
|
|
If context.Validated is not called the request will not proceed further.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.ValidateClientAuthentication(Microsoft.Owin.Security.OAuth.OAuthValidateClientAuthenticationContext)">
|
|
<summary>
|
|
Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are
|
|
present on the request. If the web application accepts Basic authentication credentials,
|
|
context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web
|
|
application accepts "client_id" and "client_secret" as form encoded POST parameters,
|
|
context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body.
|
|
If context.Validated is not called the request will not proceed further.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.ValidateAuthorizeRequest(Microsoft.Owin.Security.OAuth.OAuthValidateAuthorizeRequestContext)">
|
|
<summary>
|
|
Called for each request to the Authorize endpoint to determine if the request is valid and should continue.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
|
|
validated client redirect URI, should continue processing. An application may add any additional constraints.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.ValidateTokenRequest(Microsoft.Owin.Security.OAuth.OAuthValidateTokenRequestContext)">
|
|
<summary>
|
|
Called for each request to the Authorize endpoint to determine if the request is valid and should continue.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
|
|
validated client credentials, should continue processing. An application may add any additional constraints.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.GrantAuthorizationCode(Microsoft.Owin.Security.OAuth.OAuthGrantAuthorizationCodeContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize
|
|
endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token".
|
|
The claims and properties
|
|
associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization
|
|
Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different
|
|
AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to
|
|
the access token unmodified.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.1.3
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.GrantRefreshToken(Microsoft.Owin.Security.OAuth.OAuthGrantRefreshTokenContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token"
|
|
along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token".
|
|
To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties
|
|
associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the
|
|
Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may
|
|
be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to
|
|
the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to
|
|
the access token unmodified.
|
|
See also http://tools.ietf.org/html/rfc6749#section-6
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password
|
|
credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and
|
|
optional "refresh_token". If the web application supports the
|
|
resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an
|
|
access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated
|
|
with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
|
|
The default behavior is to reject this grant type.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.3.2
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.GrantClientCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantClientCredentialsContext)">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client
|
|
application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user.
|
|
If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call.
|
|
To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated
|
|
with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
|
|
The default behavior is to reject this grant type.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.4.2
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.GrantCustomExtension(Microsoft.Owin.Security.OAuth.OAuthGrantCustomExtensionContext)">
|
|
<summary>
|
|
Called when a request to the Token andpoint arrives with a "grant_type" of any other value. If the application supports custom grant types
|
|
it is entirely responsible for determining if the request should result in an access_token. If context.Validated is called with ticket
|
|
information the response body is produced in the same way as the other standard grant types. If additional response parameters must be
|
|
included they may be added in the final TokenEndpoint call.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.5
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.AuthorizeEndpoint(Microsoft.Owin.Security.OAuth.OAuthAuthorizeEndpointContext)">
|
|
<summary>
|
|
Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component
|
|
responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the
|
|
response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the
|
|
Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the
|
|
context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes
|
|
to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the
|
|
appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.TokenEndpoint(Microsoft.Owin.Security.OAuth.OAuthTokenEndpointContext)">
|
|
<summary>
|
|
Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final
|
|
modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional
|
|
response parameters to the Token endpoint's json response body.
|
|
</summary>
|
|
<param name="context">The context of the event carries information in and results out.</param>
|
|
<returns>Task to enable asynchronous execution</returns>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnMatchEndpoint">
|
|
<summary>
|
|
Called to determine if an incoming request is treated as an Authorize or Token
|
|
endpoint. If Options.AuthorizeEndpointPath or Options.TokenEndpointPath
|
|
are assigned values, then handling this event is optional and context.IsAuthorizeEndpoint and context.IsTokenEndpoint
|
|
will already be true if the request path matches.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnValidateClientRedirectUri">
|
|
<summary>
|
|
Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri"
|
|
registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this
|
|
call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called
|
|
with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI.
|
|
If context.Validated is not called the request will not proceed further.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnValidateClientAuthentication">
|
|
<summary>
|
|
Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are
|
|
present on the request. If the web application accepts Basic authentication credentials,
|
|
context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web
|
|
application accepts "client_id" and "client_secret" as form encoded POST parameters,
|
|
context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body.
|
|
If context.Validated is not called the request will not proceed further.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnValidateAuthorizeRequest">
|
|
<summary>
|
|
Called for each request to the Authorize endpoint to determine if the request is valid and should continue.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
|
|
validated client redirect URI, should continue processing. An application may add any additional constraints.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnValidateTokenRequest">
|
|
<summary>
|
|
Called for each request to the Authorize endpoint to determine if the request is valid and should continue.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
|
|
validated client credentials, should continue processing. An application may add any additional constraints.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnGrantAuthorizationCode">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize
|
|
endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token".
|
|
The claims and properties
|
|
associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization
|
|
Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different
|
|
AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token.
|
|
The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to
|
|
the access token unmodified.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.1.3
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnGrantResourceOwnerCredentials">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password
|
|
credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and
|
|
optional "refresh_token". If the web application supports the
|
|
resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an
|
|
access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated
|
|
with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
|
|
The default behavior is to reject this grant type.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.3.2
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnGrantClientCredentials">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client
|
|
application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user.
|
|
If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call.
|
|
To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated
|
|
with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
|
|
The default behavior is to reject this grant type.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.4.2
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnGrantRefreshToken">
|
|
<summary>
|
|
Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token"
|
|
along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token".
|
|
To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties
|
|
associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the
|
|
Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may
|
|
be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to
|
|
the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to
|
|
the access token unmodified.
|
|
See also http://tools.ietf.org/html/rfc6749#section-6
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnGrantCustomExtension">
|
|
<summary>
|
|
Called when a request to the Token andpoint arrives with a "grant_type" of any other value. If the application supports custom grant types
|
|
it is entirely responsible for determining if the request should result in an access_token. If context.Validated is called with ticket
|
|
information the response body is produced in the same way as the other standard grant types. If additional response parameters must be
|
|
included they may be added in the final TokenEndpoint call.
|
|
See also http://tools.ietf.org/html/rfc6749#section-4.5
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnAuthorizeEndpoint">
|
|
<summary>
|
|
Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component
|
|
responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the
|
|
response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the
|
|
Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the
|
|
context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes
|
|
to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the
|
|
appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing.
|
|
</summary>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider.OnTokenEndpoint">
|
|
<summary>
|
|
Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final
|
|
modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional
|
|
response parameters to the Token endpoint's json response body.
|
|
</summary>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.IOAuthBearerAuthenticationProvider">
|
|
<summary>
|
|
Specifies callback methods which the <see cref="T:Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthBearerAuthenticationProvider.RequestToken(Microsoft.Owin.Security.OAuth.OAuthRequestTokenContext)">
|
|
<summary>
|
|
Invoked before the <see cref="T:System.Security.Claims.ClaimsIdentity"/> is created. Gives the application an
|
|
opportinity to find the identity from a different location, adjust, or reject the token.
|
|
</summary>
|
|
<param name="context">Contains the token string.</param>
|
|
<returns>A <see cref="T:System.Threading.Tasks.Task"/> representing the completed operation.</returns>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.IOAuthBearerAuthenticationProvider.ValidateIdentity(Microsoft.Owin.Security.OAuth.OAuthValidateIdentityContext)">
|
|
<summary>
|
|
Called each time a request identity has been validated by the middleware. By implementing this method the
|
|
application may alter or reject the identity which has arrived with the request.
|
|
</summary>
|
|
<param name="context">Contains information about the login session as well as the user <see cref="T:System.Security.Claims.ClaimsIdentity"/>.</param>
|
|
<returns>A <see cref="T:System.Threading.Tasks.Task"/> representing the completed operation.</returns>
|
|
</member>
|
|
<member name="T:Microsoft.Owin.Security.OAuth.OAuthRequestTokenContext">
|
|
<summary>
|
|
Specifies the HTTP header for the bearer authentication scheme.
|
|
</summary>
|
|
</member>
|
|
<member name="M:Microsoft.Owin.Security.OAuth.OAuthRequestTokenContext.#ctor(Microsoft.Owin.IOwinContext,System.String)">
|
|
<summary>
|
|
Initializes a new <see cref="T:Microsoft.Owin.Security.OAuth.OAuthRequestTokenContext"/>
|
|
</summary>
|
|
<param name="context">OWIN environment</param>
|
|
<param name="token">The authorization header value.</param>
|
|
</member>
|
|
<member name="P:Microsoft.Owin.Security.OAuth.OAuthRequestTokenContext.Token">
|
|
<summary>
|
|
The authorization header value
|
|
</summary>
|
|
</member>
|
|
</members>
|
|
</doc>
|