Class PushedAuthorizationOptions
- Namespace
- Duende.IdentityServer.Configuration
- Assembly
- Duende.IdentityServer.dll
The Pushed Authorization Options.
public class PushedAuthorizationOptions- Inheritance
-
PushedAuthorizationOptions
- Inherited Members
Constructors
PushedAuthorizationOptions()
public PushedAuthorizationOptions()Properties
AllowUnregisteredPushedRedirectUris
Specifies whether clients may use redirect uris that were not previously registered. Defaults to false.
public bool AllowUnregisteredPushedRedirectUris { get; set; }Property Value
Lifetime
Lifetime of pushed authorization requests in seconds.
The pushed authorization request's lifetime begins when the request to the PAR endpoint is received, and is validated until the authorize endpoint returns a response to the client application. Note that user interaction, such as entering credentials or granting consent, may need to occur before the authorize endpoint can do so. Setting the lifetime too low will likely cause login failures for interactive users, if pushed authorization requests expire before those users complete authentication. Some security profiles, such as the FAPI 2.0 Security Profile recommend an expiration within 10 minutes to prevent attackers from pre-generating requests. To balance these constraints, the Lifetime defaults to 10 minutes.
public int Lifetime { get; set; }Property Value
Remarks
There is also a per-client configuration setting that takes precedence over this global configuration.
Required
Specifies whether pushed authorization requests are globally required. Defaults to false.
public bool Required { get; set; }Property Value
Remarks
There is also a per-client configuration flag in the Client configuration. Pushed authorization is required for a client if either this global configuration flag is enabled or if the flag is set for that client.