Microsoft.IdentityModel.Protocols.OpenIdConnect
Well known endpoints for AzureActiveDirectory
Contains OpenIdConnect configuration that can be populated from a json string.
Deserializes the json string into an object.
json string representing the configuration.
object representing the configuration.
If 'json' is null or empty.
If 'json' fails to deserialize.
Serializes the object to a json string.
object to serialize.
json string representing the configuration object.
If 'configuration' is null.
Initializes an new instance of .
Initializes an new instance of from a json string.
a json string containing the metadata
If 'json' is null or empty.
When deserializing from JSON any properties that are not defined will be placed here.
Gets the collection of 'acr_values_supported'
Gets or sets the 'authorization_endpoint'.
Gets or sets the 'check_session_iframe'.
Gets the collection of 'claims_supported'
Gets the collection of 'claims_locales_supported'
Gets or sets the 'claims_parameter_supported'
Gets the collection of 'claim_types_supported'
Gets the collection of 'display_values_supported'
Gets or sets the 'end_session_endpoint'.
Gets or sets the 'frontchannel_logout_session_supported'.
Gets or sets the 'frontchannel_logout_supported'.
Gets the collection of 'grant_types_supported'
Boolean value specifying whether the OP supports HTTP-based logout. Default is false.
Gets the collection of 'id_token_encryption_alg_values_supported'.
Gets the collection of 'id_token_encryption_enc_values_supported'.
Gets the collection of 'id_token_signing_alg_values_supported'.
Gets or sets the 'introspection_endpoint'.
Gets the collection of 'introspection_endpoint_auth_methods_supported'.
Gets the collection of 'introspection_endpoint_auth_signing_alg_values_supported'.
Gets or sets the 'issuer'.
Gets or sets the 'jwks_uri'
Gets or sets the
Boolean value specifying whether the OP can pass a sid (session ID) query parameter to identify the RP session at the OP when the logout_uri is used. Dafault Value is false.
Gets or sets the 'op_policy_uri'
Gets or sets the 'op_tos_uri'
Gets or sets the 'registration_endpoint'
Gets the collection of 'request_object_encryption_alg_values_supported'.
Gets the collection of 'request_object_encryption_enc_values_supported'.
Gets the collection of 'request_object_signing_alg_values_supported'.
Gets or sets the 'request_parameter_supported'
Gets or sets the 'request_uri_parameter_supported'
Gets or sets the 'require_request_uri_registration'
Gets the collection of 'response_modes_supported'.
Gets the collection of 'response_types_supported'.
Gets or sets the 'service_documentation'
Gets the collection of 'scopes_supported'
Gets the that the IdentityProvider indicates are to be used signing tokens.
Gets the collection of 'subject_types_supported'.
Gets or sets the 'token_endpoint'.
This base class property is not used in OpenIdConnect.
Gets the collection of 'token_endpoint_auth_methods_supported'.
Gets the collection of 'token_endpoint_auth_signing_alg_values_supported'.
Gets the collection of 'ui_locales_supported'
Gets or sets the 'user_info_endpoint'.
Gets the collection of 'userinfo_encryption_alg_values_supported'
Gets the collection of 'userinfo_encryption_enc_values_supported'
Gets the collection of 'userinfo_signing_alg_values_supported'
Gets a bool that determines if the 'acr_values_supported' (AcrValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'acr_values_supported' (AcrValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'claims_supported' (ClaimsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'claims_supported' (ClaimsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'claims_locales_supported' (ClaimsLocalesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'claims_locales_supported' (ClaimsLocalesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'claim_types_supported' (ClaimTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'claim_types_supported' (ClaimTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'display_values_supported' (DisplayValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'display_values_supported' (DisplayValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'grant_types_supported' (GrantTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'grant_types_supported' (GrantTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'id_token_encryption_alg_values_supported' (IdTokenEncryptionAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'id_token_encryption_alg_values_supported' (IdTokenEncryptionAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'id_token_encryption_enc_values_supported' (IdTokenEncryptionEncValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'id_token_encryption_enc_values_supported' (IdTokenEncryptionEncValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'id_token_signing_alg_values_supported' (IdTokenSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'id_token_signing_alg_values_supported' (IdTokenSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'introspection_endpoint_auth_methods_supported' (IntrospectionEndpointAuthMethodsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'introspection_endpoint_auth_methods_supported' (IntrospectionEndpointAuthMethodsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'introspection_endpoint_auth_signing_alg_values_supported' (IntrospectionEndpointAuthSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'introspection_endpoint_auth_signing_alg_values_supported' (IntrospectionEndpointAuthSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'request_object_encryption_alg_values_supported' (RequestObjectEncryptionAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'request_object_encryption_alg_values_supported' (RequestObjectEncryptionAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'request_object_encryption_enc_values_supported' (RequestObjectEncryptionEncValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'request_object_encryption_enc_values_supported' (RequestObjectEncryptionEncValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'request_object_signing_alg_values_supported' (RequestObjectSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'request_object_signing_alg_values_supported' (RequestObjectSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'response_modes_supported' (ResponseModesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'response_modes_supported' (ResponseModesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'response_types_supported' (ResponseTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'response_types_supported' (ResponseTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'SigningKeys' property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
This method always returns false.
Gets a bool that determines if the 'scopes_supported' (ScopesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'scopes_supported' (ScopesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'subject_types_supported' (SubjectTypesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'subject_types_supported' (SubjectTypesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'token_endpoint_auth_methods_supported' (TokenEndpointAuthMethodsSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'token_endpoint_auth_methods_supported' (TokenEndpointAuthMethodsSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'token_endpoint_auth_signing_alg_values_supported' (TokenEndpointAuthSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'token_endpoint_auth_signing_alg_values_supported' (TokenEndpointAuthSigningAlgValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'ui_locales_supported' (UILocalesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'ui_locales_supported' (UILocalesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'userinfo_encryption_alg_values_supported' (UserInfoEndpointEncryptionAlgValuesSupported ) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'userinfo_encryption_alg_values_supported' (UserInfoEndpointEncryptionAlgValuesSupported ) is not empty; otherwise, false.
Gets a bool that determines if the 'userinfo_encryption_enc_values_supported' (UserInfoEndpointEncryptionEncValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'userinfo_encryption_enc_values_supported' (UserInfoEndpointEncryptionEncValuesSupported) is not empty; otherwise, false.
Gets a bool that determines if the 'userinfo_signing_alg_values_supported' (UserInfoEndpointSigningAlgValuesSupported) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'userinfo_signing_alg_values_supported' (UserInfoEndpointSigningAlgValuesSupported) is not empty; otherwise, false.
Retrieves a populated given an address.
Retrieves a populated given an address.
address of the discovery document.
.
A populated instance.
Retrieves a populated given an address and an .
address of the discovery document.
the to use to read the discovery document.
.
A populated instance.
Retrieves a populated given an address and an .
address of the discovery document.
the to use to read the discovery document
.
A populated instance.
Defines a class for validating the OpenIdConnectConfiguration by using default policy.
1 is the default minimum number of keys.
Validates a OpenIdConnectConfiguration by using current policy.
The OpenIdConnectConfiguration to validate.
A that contains validation result.
The minimum number of keys.
This exception is thrown when an OpenIdConnect protocol handler encounters a protocol error.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid at_hash.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid chash.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid nonce.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
This exception is thrown when an OpenIdConnect protocol handler encounters an invalid state.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Initializes a new instance of the class.
the that holds the serialized object data.
The contextual information about the source or destination.
Log messages and codes
Grant types for token requests. See https://datatracker.ietf.org/doc/html/rfc6749.
Provides access to common OpenIdConnect parameters.
Initializes a new instance of the class.
Initializes an instance of class with a json string.
Initializes a new instance of the class.
an to copy.
If 'other' is null.
Initializes a new instance of the class.
Collection of key value pairs.
Initializes a new instance of the class.
Enumeration of key value pairs.
Initializes a new instance of the class.
The JSON object from which the instance is created.
Returns a new instance of with values copied from this object.
A new object copied from this object
This is a shallow Clone.
Creates an OpenIdConnect message using the current contents of this .
The uri to use for a redirect.
Creates a query string using the current contents of this .
The uri to use for a redirect.
Adds telemetry values to the message parameters.
Gets or sets the value for the AuthorizationEndpoint
Gets or sets 'access_Token'.
Gets or sets 'acr_values'.
Gets or sets 'claims_Locales'.
Gets or sets 'client_assertion'.
Gets or sets 'client_assertion_type'.
Gets or sets 'client_id'.
Gets or sets 'client_secret'.
Gets or sets 'code'.
Gets or sets 'display'.
Gets or sets 'domain_hint'.
Gets or sets whether parameters for the library and version are sent on the query string for this instance.
This value is set to the value of EnableTelemetryParametersByDefault at message creation time.
Gets or sets whether parameters for the library and version are sent on the query string for all instances of .
Gets or sets 'error'.
Gets or sets 'error_description'.
Gets or sets 'error_uri'.
Gets or sets 'expires_in'.
Gets or sets 'grant_type'.
Gets or sets 'id_token'.
Gets or sets 'id_token_hint'.
Gets or sets 'identity_provider'.
Gets or sets 'iss'.
Gets or sets 'login_hint'.
Gets or sets 'max_age'.
Gets or sets 'nonce'.
Gets or sets 'password'.
Gets or sets 'post_logout_redirect_uri'.
Gets or sets 'prompt'.
Gets or sets 'redirect_uri'.
Gets or sets 'refresh_token'.
Gets or set the request type for this message
This is helpful when sending different messages through a common routine, when extra parameters need to be set or checked.
Gets or sets 'request_uri'.
Gets or sets 'response_mode'.
Gets or sets 'response_type'.
Gets or sets 'resource'
Gets or sets 'scope'.
Gets or sets 'session_state'.
Gets or sets 'sid'.
Gets the string that is sent as telemetry data in an OpenIdConnectMessage.
Gets or sets 'state'.
Gets or sets 'target_link_uri'.
Gets or sets the value for the token endpoint.
Gets or sets 'token_type'.
Gets or sets 'ui_locales'.
Gets or sets 'user_id'.
Gets or sets 'username'.
Parameter names for OpenIdConnect.
Prompt types for OpenIdConnect.
Indicates 'none' prompt type see: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
Indicates 'login' prompt type see: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
Indicates 'consent' prompt type see: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
Indicates 'select_account' prompt type see: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
A context that is used by a when validating an OpenIdConnect Response
to ensure it compliant with http://openid.net/specs/openid-connect-core-1_0.html.
Creates an instance of
Gets or sets the 'client_id'.
Gets or sets the 'nonce' that was sent with the 'Request'.
Gets or sets the that represents the 'Response'.
Gets or sets the state that was sent with the 'Request'.
Gets or sets the response received from userinfo_endpoint.
This id_token is assumed to have audience, issuer, lifetime and signature validated.
Delegate for validating additional claims in 'id_token'
to validate
used for validation
is used to ensure that an
obtained using OpenIdConnect is compliant with http://openid.net/specs/openid-connect-core-1_0.html .
Default for the how long the nonce is valid.
default: 1 hour.
Creates a new instance of ,
Generates a value suitable to use as a nonce.
a nonce
if is true then the 'nonce' will contain the Epoch time as the prefix, seperated by a '.'.
for example: 635410359229176103.MjQxMzU0ODUtMTdiNi00NzAwLWE4MjYtNTE4NGExYmMxNTNlZmRkOGU4NjctZjQ5OS00MWIyLTljNTEtMjg3NmM0NzI4ZTc5
Gets the algorithm mapping between OpenIdConnect and .Net for Hash algorithms.
a that contains mappings from the JWT namespace https://datatracker.ietf.org/doc/html/rfc7518 to .Net.
Gets or set the defining how long a nonce is valid.
If 'value' is less than or equal to 'TimeSpan.Zero'.
If is true, then the nonce timestamp is bound by DateTime.UtcNow + NonceLifetime.
Gets or sets a value indicating if an 'acr' claim is required.
Gets or sets a value indicating if an 'amr' claim is required.
Gets or sets a value indicating if an 'auth_time' claim is required.
Gets or sets a value indicating if an 'azp' claim is required.
Get or sets if a nonce is required.
Gets or sets a value indicating if a 'state' is required.
Gets or sets a value indicating if validation of 'state' is turned on or off.
Gets or sets a value indicating if a 'sub' claim is required.
Gets or sets a value for default RequreSub.
default: true.
Gets or set logic to control if a nonce is prefixed with a timestamp.
if is true then:
will return a 'nonce' with the Epoch time as the prefix, delimited with a '.'.
will require that the 'nonce' has a valid time as the prefix.
Gets or sets the delegate for validating 'id_token'
Validates that an OpenIdConnect Response from 'authorization_endpoint" is valid as per http://openid.net/specs/openid-connect-core-1_0.html
the that contains expected values.
If 'validationContext' is null.
If the response is not spec compliant.
It is assumed that the IdToken had ('aud', 'iss', 'signature', 'lifetime') validated.
Validates that an OpenIdConnect Response from "token_endpoint" is valid as per http://openid.net/specs/openid-connect-core-1_0.html
the that contains expected values.
If 'validationContext' is null.
If the response is not spec compliant.
It is assumed that the IdToken had ('aud', 'iss', 'signature', 'lifetime') validated.
Validates that an OpenIdConnect Response from "useinfo_endpoint" is valid as per http://openid.net/specs/openid-connect-core-1_0.html
the that contains expected values.
If 'validationContext' is null.
If the response is not spec compliant.
Validates the claims in the 'id_token' as per http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
the that contains expected values.
Returns a corresponding to string 'algorithm' after translation using .
string representing the hash algorithm
A .
Gets or sets the that will be used for crypto operations.
Validates the 'token' or 'code' see: http://openid.net/specs/openid-connect-core-1_0.html
The expected value of the hash. normally the c_hash or at_hash claim.
Item to be hashed per oidc spec.
Algorithm for computing hash over hashItem.
If expected value does not equal the hashed value.
Validates the 'code' according to http://openid.net/specs/openid-connect-core-1_0.html
A that contains the protocol message to validate.
If 'validationContext' is null.
If 'validationContext.ValidatedIdToken' is null.
If the validationContext contains a 'code' and there is no 'c_hash' claim in the 'id_token'.
If the validationContext contains a 'code' and the 'c_hash' claim is not a string in the 'id_token'.
If the 'c_hash' claim in the 'id_token' does not correspond to the 'code' in the response.
Validates the 'token' according to http://openid.net/specs/openid-connect-core-1_0.html
A that contains the protocol message to validate.
If 'validationContext' is null.
If 'validationContext.ValidatedIdToken' is null.
If the validationContext contains a 'token' and there is no 'at_hash' claim in the id_token.
If the validationContext contains a 'token' and the 'at_hash' claim is not a string in the 'id_token'.
If the 'at_hash' claim in the 'id_token' does not correspond to the 'access_token' in the response.
Validates that the contains the nonce.
A that contains the 'nonce' to validate.
If 'validationContext' is null.
If 'validationContext.ValidatedIdToken' is null.
If is null and RequireNonce is true.
If the 'nonce' found in the 'id_token' does not match .
If is true and a timestamp is not: found, well formed, negatire or expired.
The timestamp is only validated if is true.
If is not-null, then a matching 'nonce' must exist in the 'id_token'.
Validates that the 'state' in message is valid.
A that contains the 'state' to validate.
If 'validationContext' is null.
If 'validationContext.ProtocolMessage ' is null.
If 'validationContext.State' is present in but either or its state property is null.
If 'state' in the context does not match the state in the message.
RequestTypes for OpenIdConnect.
Can be used to determine the message type by consumers of an .
For example: sets
to .
Indicates an Authentication Request see: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
Indicates a Logout Request see:http://openid.net/specs/openid-connect-frontchannel-1_0.html#RPLogout.
Indicates a Token Request see: http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest.
Response modes for OpenIdConnect.
Can be used to determine the response mode by consumers of an .
For example: OpenIdConnectMessageTests.Publics() sets
to .
Indicates a Query Response see: http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse.
Indicates a Form Post Response see: http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse.
Indicates a Fragment Response see: http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse.
Response types for OpenIdConnect.
Can be used to determine the message type by consumers of an .
For example: OpenIdConnectMessageTests.Publics() sets
to .
Indicates 'code' type see: http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth.
For Example: http://openid.net/specs/openid-connect-core-1_0.html#codeExample.
Indicates 'code id_token' type see: http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest.
For Example: http://openid.net/specs/openid-connect-core-1_0.html#code-id_tokenExample.
Indicates 'code id_token token' type see: http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest.
For Example: http://openid.net/specs/openid-connect-core-1_0.html#code-id_token-tokenExample.
Indicates 'code token' type see: http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest.
For Example: http://openid.net/specs/openid-connect-core-1_0.html#code-tokenExample.
Indicates 'id_token' type see: http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest.
For Example: http://openid.net/specs/openid-connect-core-1_0.html#id_tokenExample.
Indicates 'id_token token' type see: http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth.
For Example: http://openid.net/specs/openid-connect-core-1_0.html#id_token-tokenExample.
Defined in OAuth v2 multiple response types 1.0 spec, included for completion.
See: http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#OAuthResponseTypesReg.
Defined in OAuth 2.0 spec, included for completion.
See: https://datatracker.ietf.org/doc/html/rfc6749#section-11.3.2.
Specific scope values that are interesting to OpenID Connect. See https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
Can be used to determine the scope by consumers of an .
For example: OpenIdConnectMessageTests.Publics() sets
to .
Indicates address scope see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims.
Indicates email scope see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims.
Indicates offline_access scope see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims.
Indicates openid scope see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims.
Indicates openid and profile scope see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims.
Indicates phone profile scope see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims.
Indicates user_impersonation scope for Azure Active Directory.
Defines a set of properties names
Property defined for 'check_session_iframe'.
Property defined for 'redirect_uri' set in the request for a 'code'
Property defined for 'session state'
OpenIdProviderConfiguration Names
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata