| AuthorizationDetail | One entry in the OAuth 2.0 Rich Authorization Requests authorization_details array (RFC 9396 §2), wrapped over a System.Text.Json.Nodes.JsonNode which is the source of truth for the entry's content. The wrapper exposes the RFC 9396 §2.2 common-data members as strongly-typed accessors that read from and write to the underlying Json directly — the same shape JsonWebTokenPayload uses over its System.Text.Json.Nodes.JsonObject. |
| ClaimExtensions | Provides extension methods for handling claims, particularly for converting between JWT claims and security claims. |
| CriticalHeaderContext | Per-call context passed to HandleAsync(CriticalHeaderContext, CancellationToken). Reference type with init-only properties so adding a future field is a non-breaking change for handler implementations. |
| EllipticCurveJsonWebKey | Represents an Elliptic Curve JSON Web Key (JWK) containing EC-specific cryptographic parameters. Supports both public and private EC keys per RFC 7518 Section 6.2. |
| EllipticCurveOids | ASN.1 object identifiers (OIDs) for NIST-recommended elliptic curves used in ECDSA cryptography. |
| EllipticCurveTypes | Elliptic curve identifiers for the JWK "crv" parameter, as defined in RFC 7518 Section 6.2.1.1. |
| EncryptionAlgorithms | JWE algorithm identifiers ("alg" and "enc" header values) defined in RFC 7516 (JWE) and RFC 7518 Sections 4 (key management) and 5 (content encryption). Constants on this class are recognized by the library; some are listed but not yet supported because their underlying primitives are not provided by .NET (see remarks on each member). |
| EncryptionAlgorithms.ContentEncryption | Content encryption algorithms ("enc" parameter in the JWE header). These encrypt the JWE payload using the Content Encryption Key produced by the key management algorithm. |
| EncryptionAlgorithms.KeyManagement | Key management algorithms ("alg" parameter in the JWE header). These wrap or derive the Content Encryption Key (CEK) that is then used by a content encryption algorithm. |
| IanaClaimTypes | Provides constants for various JWT and OpenID Connect claim types. Includes both registered claim types and public claim types as defined in various standards. This classification helps in ensuring interoperability across different systems and services by adhering to a common set of identifiers for claims. |
| IanaClaimTypes.ConfirmationMethods | Member names of the cnf confirmation-method JSON object (RFC 7800 §3.1 / IANA "JWT Confirmation Methods" registry). Each member encodes a different proof-of-possession binding scheme; multiple members can coexist when a deployment uses several schemes concurrently (e.g. mTLS for client authentication and DPoP for token binding). |
| JsonArrayExtensions | Conversion helpers between a raw System.Text.Json.Nodes.JsonArray wire form and a sequence of AuthorizationDetail wrappers. Parallels JsonObjectExtensions for object-shaped claims; here the shape is a JSON array and each element is a wrapper over its underlying System.Text.Json.Nodes.JsonNode. |
| JsonObjectExtensions | Provides extension methods for the System.Text.Json.Nodes.JsonObject class, enhancing its usability by simplifying the process of accessing and manipulating JSON properties. |
| JsonWebKey | Base class representing a JSON Web Key (JWK), a versatile structure for representing cryptographic keys using JSON. JWKs are crucial for digital signatures, encryption, and ensuring secure communication in web-based protocols. |
| JsonWebKeyConverter | Custom JSON converter for JsonWebKey that handles polymorphic serialization/deserialization based on the "kty" (key type) discriminator while ensuring the KeyType property is serialized in both polymorphic and direct serialization scenarios. |
| JsonWebKeyExtensions | Provides extension methods for the JsonWebKey model to simplify the process of populating its properties from different sources. These methods enable easy conversion between JsonWebKey and various cryptographic representations. |
| JsonWebKeyFactory | A factory for creating JsonWebKey objects for various cryptographic key types. Supports RSA, Elliptic Curve, and symmetric (HMAC) keys for JWT operations. |
| JsonWebKeyPropertyNames | JSON property names used in the JSON serialization of a JWK as defined in RFC 7517 Section 4 and RFC 7518 Section 6. These are the wire-level names; consumers normally interact with the strongly-typed properties on JsonWebKey and its subclasses. |
| JsonWebKeySet | A JSON Web Key Set (JWK Set) per RFC 7517 Section 5: a JSON document containing an array of JSON Web Keys. Authorization servers publish their JWK Set at the jwks_uri endpoint so that relying parties can discover the keys used to validate or encrypt tokens. |
| JsonWebKeyTypes | Values for the JWK "kty" parameter (RFC 7517 Section 4.1, RFC 7518 Section 6.1) identifying the cryptographic family a key belongs to. Used as the discriminator when deserializing a JsonWebKey into the correct concrete subtype. |
| JsonWebToken | Represents a JSON Web Token (JWT), a compact, URL-safe means of representing claims to be transferred between two parties. This record encapsulates the standard JWT structure, offering properties to access and manipulate the header, payload, and claims. |
| JsonWebTokenConfirmation | Typed wrapper over the cnf confirmation-method JSON object (RFC 7800 §3.1). Exposes the proof-of-possession binding members an issued JWT can carry: the mutual-TLS client certificate thumbprint (x5t#S256, RFC 8705 §3.1) and the DPoP proof-key JWK thumbprint (jkt, RFC 9449 §6.1). Symmetric with JsonWebTokenPayload: each member is a typed accessor over the underlying System.Text.Json.Nodes.JsonObject; constants live in ConfirmationMethods so adding a new member is a single-file edit. |
| JsonWebTokenExtensions | Provides extension methods for handling JSON data within JWTs. |
| JsonWebTokenHeader | Represents the header part of a JSON Web Token (JWT), containing metadata about the token such as the type and the algorithm used for signing. |
| JsonWebTokenPayload | Represents the payload part of a JSON Web Token (JWT), containing the claims or statements about the subject. |
| JwtClaimTypes | Names of the JWT claims and JOSE header parameters used by this library, including the registered claims from RFC 7519 Section 4.1, common OpenID Connect claims, and several extensions (token exchange, security event tokens, etc.). Use these constants whenever reading from or writing to a JsonWebTokenHeader or JsonWebTokenPayload by raw name. |
| JwtValidationError | Represents an error encountered during the validation of a JSON Web Token (JWT). |
| OctetJsonWebKey | Represents a Symmetric JSON Web Key (JWK) containing symmetric key material for algorithms like HMAC. Supports symmetric keys per RFC 7518 Section 6.4. |
| PublicKeyUsages | Values for the JWK "use" parameter (RFC 7517 Section 4.2), declaring whether a key is intended for signing or encryption. Lets clients pick the right key from a JWK Set when a JWKS contains keys for both purposes. |
| RsaJsonWebKey | Represents an RSA JSON Web Key (JWK) containing RSA-specific cryptographic parameters. Supports both public and private RSA keys per RFC 7518 Section 6.3. |
| ServiceCollectionExtensions | Provides extension methods for Microsoft.Extensions.DependencyInjection.IServiceCollection to register JwT-related services within the application. |
| SigningAlgorithms | JWS signing algorithm identifiers ("alg" header values) defined in RFC 7518 Section 3. Used to indicate how a JWT was signed and to look up the matching signer or verifier. |
| ValidationParameters | Defines parameters used during the validation of a JSON Web Token (JWT). |