Skip to main content

ServiceCollectionExtensions Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Features

ServiceCollectionExtensions Class

Provides extension methods to Microsoft.Extensions.DependencyInjection.IServiceCollection for configuring OpenID Connect (OIDC) server services.

public static class ServiceCollectionExtensions

Inheritance System.Object → ServiceCollectionExtensions

Methods

ServiceCollectionExtensions.AddAccessToken(this IServiceCollection) Method

This method adds a service responsible for generating, validating, and managing access tokens. Access tokens are crucial for securing API endpoints, as they provide a mechanism to verify that a request is authorized to access specific resources.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddAccessToken(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure with token-related services.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.

ServiceCollectionExtensions.AddAuthServiceJwt(this IServiceCollection) Method

Registers JWT formatting and validation services for authentication within the specified Microsoft.Extensions.DependencyInjection.IServiceCollection.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddAuthServiceJwt(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the JWT authentication services to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection for chaining further service registrations.

ServiceCollectionExtensions.AddBackChannelAuthentication(this IServiceCollection) Method

Opts the server into Client-Initiated Backchannel Authentication (CIBA). This single call registers the CIBA feature services, the CIBA grant handler, the backchannel endpoint services and re-enables the BackChannelAuthentication flag, which is off in the default EnabledEndpoints. A server that never calls this method exposes no backchannel endpoint and runs no CIBA grant.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddBackChannelAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The configured Microsoft.Extensions.DependencyInjection.IServiceCollection.

Remarks

Call this <b>before</b>AddOidcCore/AddOidcServices: the CIBA grant handler must be registered before AddAuthorizationGrants() composes the grant handlers at the end of AddOidcCore, otherwise it is registered beside the composite and the token endpoint resolves the wrong single IAuthorizationGrantHandler.

ServiceCollectionExtensions.AddBackChannelLogout(this IServiceCollection) Method

Adds the necessary services for back-channel logout functionality to the specified Microsoft.Extensions.DependencyInjection.IServiceCollection.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddBackChannelLogout(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection

ServiceCollectionExtensions.AddCheckSession(this IServiceCollection) Method

Opts the server into the OpenID Connect Session Management check-session endpoint. This single call registers the check-session handler and re-enables the CheckSession flag, which is off in the default EnabledEndpoints. Many SPAs do not use the session-management iframe, so it is opt-in: a server that never calls this method exposes no check-session endpoint and does not advertise it in discovery.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddCheckSession(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The configured Microsoft.Extensions.DependencyInjection.IServiceCollection.

ServiceCollectionExtensions.AddClientAuthentication(this IServiceCollection) Method

Registers client authentication services with the provided Microsoft.Extensions.DependencyInjection.IServiceCollection. This setup includes various authenticators for supporting different client authentication methods such as none, client secret post, client secret basic, private key JWT, and potentially others. It enables the application to handle client authentication according to the OAuth 2.0 and OpenID Connect standards.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddClientAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the client authentication services to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.

ServiceCollectionExtensions.AddClientInformation(this IServiceCollection) Method

Configures services related to client information management. This includes registering the client information storage mechanism, which serves as the provider and manager for client information, as well as the provider for client keys. This setup is crucial for the OIDC server to manage and validate client identities and their corresponding secrets or keys.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddClientInformation(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the services to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.

ServiceCollectionExtensions.AddClientJwt(this IServiceCollection) Method

Registers services for validating and formatting JWTs used in client authentication scenarios within the specified Microsoft.Extensions.DependencyInjection.IServiceCollection.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddClientJwt(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the client JWT validation and formatting services to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection for chaining further service registrations.

Remarks

This method adds services to the Microsoft.Extensions.DependencyInjection.IServiceCollection that are responsible for validating and formatting JWTs used specifically in client authentication. These services ensure that JWTs conform to the required standards, include all necessary claims, and are properly validated for client authentication processes.

ServiceCollectionExtensions.AddCommonServices(this IServiceCollection) Method

Registers common services required by the application, like system clock, hashing services, etc.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddCommonServices(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the services to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection with the common services registered.

ServiceCollectionExtensions.AddDeviceAuthorization(this IServiceCollection) Method

Opts the server into the Device Authorization Grant (RFC 8628). This single call registers the device feature services, the device endpoint (handler, validators, options validator) and re-enables the DeviceAuthorization flag, which is off in the default EnabledEndpoints. A server that never calls this method exposes no device endpoint and runs no device options validation.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddDeviceAuthorization(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The configured Microsoft.Extensions.DependencyInjection.IServiceCollection.

Remarks

Call this <b>before</b>AddOidcCore/AddOidcServices: the device-code grant handler must be registered before AddAuthorizationGrants() composes the grant handlers at the end of AddOidcCore, otherwise it is registered beside the composite and the token endpoint resolves the wrong single IAuthorizationGrantHandler.

ServiceCollectionExtensions.AddDPoP(this IServiceCollection) Method

Registers the OAuth 2.0 DPoP (RFC 9449) infrastructure: the proof validator, the JWT replay cache it depends on (via defensive TryAdd so DPoP-only deployments do not need to enable JWT Bearer just to get the cache), and the shared nonce-service via AddNonces(this IServiceCollection).

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddDPoP(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so additional calls can be chained.

ServiceCollectionExtensions.AddDynamicClientRegistration(this IServiceCollection) Method

Opts the server into Dynamic Client Registration (RFC 7591 / RFC 7592). This single call registers the registration, read, update and remove handlers and their validators, and re-enables the RegisterClient flag, which is off in the default EnabledEndpoints. Open registration widens the attack surface, so it is opt-in: a server that never calls this method exposes no registration endpoint and does not advertise it in discovery. New-client defaults are taken from NewClientOptions.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddDynamicClientRegistration(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The configured Microsoft.Extensions.DependencyInjection.IServiceCollection.

ServiceCollectionExtensions.AddFrontChannelLogout(this IServiceCollection) Method

Adds the necessary services for front-channel logout functionality to the specified Microsoft.Extensions.DependencyInjection.IServiceCollection. Front-channel logout is typically used for web-based applications where the logout request is sent directly from the user's browser to the identity provider and other logged-in services.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddFrontChannelLogout(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection

ServiceCollectionExtensions.AddIdentityToken(this IServiceCollection) Method

This method adds a service that handles identity tokens, which are used to convey the identity of the authenticated user to the application. Identity tokens typically contain claims about the user, such as their name or role, which can be used for user interface customization and access control decisions.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddIdentityToken(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure with token-related services.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.

ServiceCollectionExtensions.AddIntrospection(this IServiceCollection) Method

Opts the server into the OAuth 2.0 Token Introspection endpoint (RFC 7662). This single call registers the introspection handler, validator and processor and re-enables the Introspection flag, which is off in the default EnabledEndpoints. Introspection is chiefly needed by resource servers validating opaque tokens; a server issuing self-contained JWTs often does not need it, so it is opt-in. A server that never calls this method exposes no introspection endpoint and does not advertise it in discovery.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddIntrospection(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The configured Microsoft.Extensions.DependencyInjection.IServiceCollection.

ServiceCollectionExtensions.AddIssuer(this IServiceCollection) Method

Configures the issuer provider service to dynamically determine the issuer URI based on application settings. If an issuer is preconfigured in the options, a preconfigured issuer provider is used. Otherwise, a request-based issuer provider is utilized to determine the issuer URI dynamically, allowing for flexible deployment scenarios.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddIssuer(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the issuer provider to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The modified Microsoft.Extensions.DependencyInjection.IServiceCollection with the issuer provider configured.

ServiceCollectionExtensions.AddLicense(this IServiceCollection, string) Method

Registers the license JWT provider using a provided static license JWT string.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddLicense(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, string licenseJwt);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the license provider to.

licenseJwt System.String

The license JWT string to be used for OIDC service configuration validation.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection for chaining further configurations.

Remarks

This method allows for direct specification of the license JWT, bypassing options configuration. It utilizes the StaticLicenseJwtProvider to supply the license JWT directly to the OIDC service. This approach is particularly useful in scenarios where the license JWT is obtained programmatically or from external sources not tied to the application's static configuration.

ServiceCollectionExtensions.AddLicenseFromOptions(this IServiceCollection) Method

Registers the license JWT provider using options configuration to obtain the license JWT.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddLicenseFromOptions(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the license provider to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection for chaining further configurations.

Remarks

This method configures the OIDC service's licensing by using the OptionsLicenseJwtProvider, which retrieves the license JWT from application settings or options. It's suitable for scenarios where the license JWT is configured through application settings (e.g., appsettings.json or environment variables).

ServiceCollectionExtensions.AddLogoutNotification(this IServiceCollection) Method

Configures services for logout notification mechanisms within the application. This method sets up both front-channel and back-channel logout capabilities, allowing the application to notify clients about logout events through direct user agent redirection or server-to-server communication, respectively. It integrates a composite logout notifier that aggregates both mechanisms to provide a unified approach to logout notifications.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddLogoutNotification(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add the logout notification services to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.

ServiceCollectionExtensions.AddNonces(this IServiceCollection) Method

Registers the generic stateless-nonce service. The default RollingHmacNonceService implementation is shared across any feature that needs server-issued, time-bounded opaque tokens (DPoP-Nonce per RFC 9449 §8 / §9 is the current consumer; future candidates include state-parameter validation and challenge-response patterns). Idempotent via TryAdd so feature-level Add* methods can declare the dependency without contention.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddNonces(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so additional calls can be chained.

ServiceCollectionExtensions.AddPairwiseSubjectIdentifiers(this IServiceCollection, PairwiseSubjectSettings) Method

Registers pairwise subject identifier settings, enabling HMAC-based subject conversion for clients with SubjectType=pairwise. The salt and hash algorithm are used to compute stable, non-reversible per-client subject identifiers per OpenID Connect Core Section 8.1.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddPairwiseSubjectIdentifiers(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, Abblix.Oidc.Server.Features.UserInfo.PairwiseSubjectSettings settings);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The service collection to register settings into.

settings PairwiseSubjectSettings

The pairwise subject settings containing the HMAC salt and algorithm.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection

ServiceCollectionExtensions.AddRandomGenerators(this IServiceCollection) Method

Adds singleton services for generating random client IDs, client secrets, token IDs, and session IDs to the specified Microsoft.Extensions.DependencyInjection.IServiceCollection.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddRandomGenerators(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection

ServiceCollectionExtensions.AddRefreshToken(this IServiceCollection) Method

This method adds a service that manages the lifecycle of refresh tokens, including their creation, validation, and revocation. Refresh tokens are used to obtain new access tokens without requiring the user to re-authenticate, enhancing the user experience by providing seamless session continuity.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddRefreshToken(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure with token-related services.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.

ServiceCollectionExtensions.AddRequestObject(this IServiceCollection) Method

Adds request object fetching capabilities to the dependency injection container. Registers services required for processing JWT request objects, including their validation and binding to the appropriate request properties.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddRequestObject(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to which the user claims provider services will be added. This collection is a mechanism for adding and retrieving dependencies in .NET applications, often used to configure dependency injection in ASP.NET Core applications.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The updated Microsoft.Extensions.DependencyInjection.IServiceCollection after adding the services, allowing for further modifications and additions to be chained.

ServiceCollectionExtensions.AddRevocation(this IServiceCollection) Method

Opts the server into the OAuth 2.0 Token Revocation endpoint (RFC 7009). This single call registers the revocation handler, validator and processor and re-enables the Revocation flag, which is off in the default EnabledEndpoints. This governs only the public /revoke endpoint; the internal token-revocation machinery that refresh-token rotation, logout and initial-access-token invalidation depend on is always registered and is unaffected. A server that never calls this method exposes no revocation endpoint and does not advertise it in discovery.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddRevocation(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The configured Microsoft.Extensions.DependencyInjection.IServiceCollection.

ServiceCollectionExtensions.AddSecureHttpFetch(this IServiceCollection, Action<SecureHttpFetchOptions>) Method

Registers secure HTTP fetching services with SSRF (Server-Side Request Forgery) protection. This method configures the HTTP client for fetching external content (such as sector identifier URIs and request URIs) and decorates it with validation to prevent SSRF attacks.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddSecureHttpFetch(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Abblix.Oidc.Server.Features.SecureHttpFetch.SecureHttpFetchOptions>? configure=null);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure.

configure System.Action<SecureHttpFetchOptions>

Optional configuration action to customize SecureHttpFetchOptions.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The configured Microsoft.Extensions.DependencyInjection.IServiceCollection.

Remarks

The registered services include: - A typed HTTP client (SecureHttpFetcher) for making secure HTTP requests - A custom message handler (SsrfValidatingHttpMessageHandler) that provides comprehensive SSRF protection

The SSRF protection includes: - Blocking requests to internal hostnames (localhost, internal, etc.) - Blocking requests to internal TLDs (.local, .internal, etc.) - DNS resolution and blocking of private/reserved IP address ranges - Re-validation of DNS before HTTP request to prevent DNS rebinding attacks (TOCTOU) - HTTP redirect disabling to prevent redirect-based SSRF bypass - Response size and timeout limits (configurable via SecureHttpFetchOptions)

The multi-layered protection strategy follows OWASP SSRF Prevention guidelines and provides defense-in-depth against various SSRF attack vectors including DNS rebinding and redirect-based bypasses.

ServiceCollectionExtensions.AddSessionManagement(this IServiceCollection) Method

Adds services related to session management and decorates the authorization request processor within the specified Microsoft.Extensions.DependencyInjection.IServiceCollection.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddSessionManagement(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection

ServiceCollectionExtensions.AddStorages(this IServiceCollection) Method

Registers services for various storage functionalities related to the OAuth 2.0 and OpenID Connect flows within the application. This method configures essential storage services that manage authorization codes and authorization requests, ensuring their persistence and accessibility across the application.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddStorages(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to which the storage services will be added. This collection is crucial for configuring dependency injection in ASP.NET Core applications, allowing services to be added, managed, and retrieved throughout the application lifecycle.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The modified Microsoft.Extensions.DependencyInjection.IServiceCollection after adding the storage services, permitting additional configurations to be chained.

ServiceCollectionExtensions.AddTokenRevocation(this IServiceCollection) Method

Decorates the JSON Web Token validator service with a token status validator to support token revocation within the specified Microsoft.Extensions.DependencyInjection.IServiceCollection.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddTokenRevocation(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to add token revocation support to.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection for chaining further service registrations.

Remarks

This method enhances the application's security by decorating the IJsonWebTokenValidator service with TokenStatusValidatorDecorator. This decoration adds the capability to check the revocation status of tokens, allowing the application to reject tokens that have been revoked. This is crucial for maintaining the integrity and security of the application's authentication system, particularly in response to security incidents or user logout events.

ServiceCollectionExtensions.AddTokenServices(this IServiceCollection) Method

Configures token services including token creation, authentication, client-specific JWT handling, and token revocation within the specified Microsoft.Extensions.DependencyInjection.IServiceCollection.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddTokenServices(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to configure with token-related services.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.

Remarks

This method aggregates the setup of multiple services related to tokens, enhancing the application's security infrastructure by providing comprehensive support for JWT (JSON Web Tokens) and token lifecycle management.

It includes the configuration of: - General token services for managing the creation and validation of tokens. - Authentication services that leverage JWT for securing user authentication processes. - Client JWT services, tailored for handling JWTs in client-specific contexts. - Token revocation services to facilitate the process of invalidating tokens when necessary, such as during logout or when a security breach is detected.

The integration of these services ensures a robust and scalable approach to handling tokens, which are critical for secure communication and access control within modern web applications.

ServiceCollectionExtensions.AddUserInfo(this IServiceCollection) Method

Registers services related to user claims management into the provided Microsoft.Extensions.DependencyInjection.IServiceCollection. This method sets up essential services required for processing and handling user claims based on authentication sessions and authorization requests, facilitating the integration of user-specific data into tokens or responses.

public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddUserInfo(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);

Parameters

services Microsoft.Extensions.DependencyInjection.IServiceCollection

The Microsoft.Extensions.DependencyInjection.IServiceCollection to which the user claims provider services will be added. This collection is a mechanism for adding and retrieving dependencies in .NET applications, often used to configure dependency injection in ASP.NET Core applications.

Returns

Microsoft.Extensions.DependencyInjection.IServiceCollection
The updated Microsoft.Extensions.DependencyInjection.IServiceCollection after adding the services, allowing for further modifications and additions to be chained.