### Example JWE Compact Serialization Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) This is an example of a JWE in Compact Serialization format. Line breaks are for display purposes only. ```text eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUnNhU2VjdXJpdHlLZXlfMjA0OCIsInR5cCI6IkpXVCJ9. QkA3lz1JdtgurjXd_Qi0wZhIRicqF6Hy1tFcm8ASQaI379pD-dNPHpehxJfz5WqRrV7p0xfsBkTvXyqzHnQnCrDVY2hD50p1dEDGUsKw48In5kghWwXscWmmbNwKt1QG8XYX9H42pBiuIkOuWiwMhAh8gMLvTaKg-Mg6p0-DdbmQGjCU9Di2rZo-gdm7lguWiTVwj1tI6D1MGJbiTa8f5XLwb26_G-ShDcHhE4LykfRayK-ohxa2_YI1Eyj0HYmfEYhVZK2hnXJGzgFsR048HiUj9pnW_9l7aUlyc5ZPzd7APzvPLzEAGAbpUWrxlMp350bG6Hd_90HxGxdcqCMESw. BAYsl8n-cwhuS6ykkGTJEQ. frYtdApw1pTtK-budjPCd30RJqegqz1-B0my9zMfue5OrJLLxipxrSeZ3QiNWZ4bwW0FzfHXGi_EoeHiph6hFEln7wdwAOdnd-mXW2LylwMQH0QBitc4e77gZ1G77SbhY2glses57fWW_v4J4JobYFP0GQh18LK-g9spQFK6og2o5M3VV1s0f_dyOnjh0_WrLAWOOnuLzGUxK3-GWwPNCFSkECGoOjNvCxy5FeewwWKfMc_gc3xnVkieRWGP1bbHFDLzDy3_eDDdRzhI3kPGZnSbxx9Fi-JVzq4UncfIrl4hyBJz3fMooqIlg_AR1QUctl-a19yGX1p77stzvOu0aXIehju7V1STkXM31jYi4eBm0K50-1weCHAbKrBtuk8yFfuqPLefcMghHq3-ATAVGoaoY-KS6ODRJDL8jC4ALcoFySD3uxYvmg4bCAHTF7ezYWrhzWYddWRTK8SMf-tOPZgLZ-bA4rU5OvPsNC3yQpZFg8nxcUJ1JcakFD2eToZ4QNpXysOZwzSUvMT9Hx3uTHtlOC5M_uvZkp-zotuGMoJHmsV1lwnoSQ0CLFqUiIBA. JEduKaavj1noos2cLuP9Ig ``` -------------------------------- ### API Change Examples Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/agents.md Illustrates the format for documenting API changes, including adding new APIs and removing existing ones. ```yaml api_change_format: | # Adding new API +Microsoft.IdentityModel.Tokens.TokenValidationResult.Clone() -> Microsoft.IdentityModel.Tokens.TokenValidationResult +Microsoft.IdentityModel.Tokens.SecurityKey.KeySize.get -> int # Removing API (requires careful consideration) -Microsoft.IdentityModel.Tokens.ObsoleteTokenValidationMethod() -> void ``` -------------------------------- ### Workflow Automation Examples Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/agents.md Outlines typical workflows for automation, including code review, testing, and documentation processes. ```yaml automation_workflows: code_review: - pattern_analysis - style_verification - test_coverage_check - api_compatibility_verification testing: - unit_test_execution - integration_test_execution - performance_benchmark_validation documentation: - api_documentation_generation - changelog_updates - security_documentation_updates ``` -------------------------------- ### Add KeyVaultExtensions Packages Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Keyvault-extensions Install the necessary NuGet packages for Key Vault extensions and Azure identity. ```sh dotnet add package Microsoft.IdentityModel.KeyVaultExtensions dotnet add package Azure.Identity ``` -------------------------------- ### JWE Protected Header Example Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) This is an example of a JWE Protected Header. It contains the key wrapping algorithm ('alg') and content encryption algorithm ('enc'). ```text eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUnNhU2VjdXJpdHlLZXlfMjA0OCIsInR5cCI6IkpXVCJ9. ``` -------------------------------- ### Run Crank Benchmark with External Configurations Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Benchmarking-in-Wilson Executes a Crank benchmark using external configuration files for framework, scenario, and profile. This example demonstrates using raw GitHub content for configurations. ```Shell crank --config https://github.com/aspnet/Benchmarks/blob/main/build/azure.profile.yml?raw=true --application.framework net8.0 --config https://raw.githubusercontent.com/aspnet/Benchmarks/main/src/BenchmarksApps/Mvc/benchmarks.jwtapi.yml --scenario NoMvcAuth --profile aspnet-citrine-win ``` -------------------------------- ### Example Custom Lifetime Validation Delegate Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/ValidatingTokens Provides an example implementation of a custom lifetime validator. This delegate should return true if the token's lifetime is valid, and false otherwise. ```csharp public static bool CustomLifetimeValidator(DateTime? notBefore, DateTime? expires, SecurityToken token, TokenValidationParameters validationParameters) { if (...) return true; else (...) return false; } ``` -------------------------------- ### Correct DateTimeOffset and DateTime Usage for JwtSecurityToken Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/How-are-DateTime-values-treated? These examples show the correct ways to instantiate JwtSecurityToken using DateTimeOffset.DateTime, DateTime.UtcNow, and DateTime.Now to ensure proper UTC handling. ```cs JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(expires: DateTimeOffset.DateTime.AddMinutes(15)); ``` ```cs JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(expires: DateTime.UtcNow.AddMinutes(15)); ``` ```cs JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(expires: DateTime.Now.AddMinutes(15)); ``` -------------------------------- ### Create a JWE with Symmetric Signing Credentials Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) Use this snippet to create a JWE by defining the payload, handler, signing credentials, and encrypting credentials. Ensure the `Microsoft.IdentityModel.JsonWebTokens` library is installed. ```csharp var payload = new JObject() { { JwtRegisteredClaimNames.Email, "Bob@contoso.com" }, { JwtRegisteredClaimNames.GivenName, "Bob" }, { JwtRegisteredClaimNames.Iss, "http://Default.Issuer.com" }, { JwtRegisteredClaimNames.Aud, "http://Default.Audience.com" }, { JwtRegisteredClaimNames.Iat, EpochTime.GetIntDate(DateTime.Parse("2017-03-17T18:33:37.095Z")).ToString() }, { JwtRegisteredClaimNames.Nbf, EpochTime.GetIntDate(DateTime.Parse("2017-03-17T18:33:37.080Z")).ToString() }, { JwtRegisteredClaimNames.Exp, EpochTime.GetIntDate(DateTime.Parse("2021-03-17T18:33:37.080Z")).ToString() }, }.ToString(); var jsonWebTokenHandler = new JsonWebTokenHandler(); var signingCredentials = Default.SymmetricSigningCredentials; var encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaPKCS1, SecurityAlgorithms.Aes128CbcHmacSha256); var jwe = jsonWebTokenHandler.CreateToken(payload, signingCredentials, encryptingCredentials); ``` -------------------------------- ### Build and Run Tests Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/Contributing.md Execute the 'build' command to build the project and run tests. Failures will be indicated in the console. ```Shell >build ``` -------------------------------- ### Use KeyVaultSignatureProvider for Signing and Verifying Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Keyvault-extensions Demonstrates creating a KeyVaultSignatureProvider and using its Sign and Verify methods. Requires Azure.Identity and Microsoft.IdentityModel.KeyVaultExtensions packages. ```csharp using Azure.Core; using Azure.Identity; using Microsoft.IdentityModel.KeyVaultExtensions; using Microsoft.IdentityModel.Tokens; using System.Text; namespace KeyVaultExtensionE2E { internal class Program { static void Main(string[] args) { // Create a KeyVaultSecurityKey from a key identifier string keyIdentifier = "https://mykeyvault.vault.azure.net/keys/mykey/01234567890123456789012345678901"; var key = new KeyVaultSecurityKey(keyIdentifier, async (authority, resource, scope) => { // Use your preferred authentication method to get an access token var credential = new DefaultAzureCredential(); var token = await credential.GetTokenAsync(new TokenRequestContext(new[] { resource + "/.default" })); return token.Token; }); // Create a KeyVaultSignatureProvider with the key, the algorithm, and the flag var provider = new KeyVaultSignatureProvider(key, SecurityAlgorithms.RsaSha256, true); // Sign some data using the provider var data = Encoding.UTF8.GetBytes("Hello, world!"); var signature = provider.Sign(data); // Verify the signature using the provider var result = provider.Verify(data, signature); } } } ``` -------------------------------- ### SecurityKey.InternalId Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt Gets the internal identifier for the SecurityKey. ```APIDOC ## InternalId ### Description Gets the internal identifier for the SecurityKey. ### Property `virtual InternalId : string` ``` -------------------------------- ### RsaKeyWrapProvider Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Initializes a new instance of the RsaKeyWrapProvider class. ```APIDOC ## RsaKeyWrapProvider.RsaKeyWrapProvider() ### Description Initializes a new instance of the `RsaKeyWrapProvider` class. ### Method `RsaKeyWrapProvider(SecurityKey key, string algorithm, bool willUnwrap)` ``` -------------------------------- ### SignatureProvider.ObjectPoolSize Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt Gets the size of the object pool for SignatureProvider. ```APIDOC ## ObjectPoolSize ### Description Gets the size of the object pool used by the SignatureProvider. ### Property `virtual ObjectPoolSize : int` ``` -------------------------------- ### Restore and List Packages Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/IdentityModel-8x Use these commands to restore project dependencies and list all package dependencies, including transitive ones, to ensure consistent versions. ```shell dotnet restore yourProject.csproj ``` ```shell dotnet list yourProject.csproj package --include-transitive ``` -------------------------------- ### ECDsaSecurityKey.PrivateKeyStatus Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Gets the private key status for an ECDsaSecurityKey. ```APIDOC ## ECDsaSecurityKey.PrivateKeyStatus ### Description Gets the status of the private key associated with an ECDsaSecurityKey. ### Property - **PrivateKeyStatus** (Microsoft.IdentityModel.Tokens.PrivateKeyStatus) - Read-only property indicating the status of the private key. ``` -------------------------------- ### TokenHandler.TokenLifetimeInMinutes Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Gets or sets the lifetime of a token in minutes. ```APIDOC ## TokenHandler.TokenLifetimeInMinutes ### Description Gets or sets the default lifetime, in minutes, for tokens created by this handler. ### Property * **TokenLifetimeInMinutes** (int) - The token lifetime in minutes. ``` -------------------------------- ### EcdhKeyExchangeProvider.KeyDataLen Property Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/PublicAPI.Shipped.txt Gets or sets the length of the key data. ```APIDOC ## EcdhKeyExchangeProvider.KeyDataLen Property ### Description Gets or sets the length of the key data for the ECDH key exchange. ### Accessors - **get**: Returns the length of the key data. - **set**: Sets the length of the key data. ``` -------------------------------- ### SymmetricSignatureProvider.MinimumSymmetricKeySizeInBits Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Gets or sets the minimum size in bits for a symmetric key. ```APIDOC ## SymmetricSignatureProvider.MinimumSymmetricKeySizeInBits ### Description Gets or sets the minimum size in bits that a symmetric key must have for this provider. ### Property * **MinimumSymmetricKeySizeInBits** (int) - The minimum key size in bits. ``` -------------------------------- ### OpenIdConnectConfiguration Constructors Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/PublicAPI.Shipped.txt Provides information on how to instantiate the OpenIdConnectConfiguration class. ```APIDOC ## OpenIdConnectConfiguration() ### Description Initializes a new instance of the `OpenIdConnectConfiguration` class. ### Method `OpenIdConnectConfiguration()` ``` ```APIDOC ## OpenIdConnectConfiguration(string json) ### Description Initializes a new instance of the `OpenIdConnectConfiguration` class with the specified JSON string. ### Method `OpenIdConnectConfiguration(string json)` ### Parameters #### Path Parameters - **json** (string) - Required - The JSON string representing the OpenID Connect configuration. ``` -------------------------------- ### SymmetricKeyWrapProvider Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Initializes a new instance of the SymmetricKeyWrapProvider class. ```APIDOC ## SymmetricKeyWrapProvider Constructor ### Description Initializes a new instance of the SymmetricKeyWrapProvider class with the specified security key and algorithm. ### Method new SymmetricKeyWrapProvider(SecurityKey key, string algorithm) ### Parameters * **key** (SecurityKey) - The security key to use for wrapping. * **algorithm** (string) - The algorithm to use for wrapping. ``` -------------------------------- ### EcdhKeyExchangeProvider.KeyDataLen Property Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/PublicAPI.Shipped.txt Gets or sets the length of the key data for the EcdhKeyExchangeProvider. ```APIDOC ## EcdhKeyExchangeProvider.KeyDataLen Property ### Description Gets or sets the length of the key data associated with the ECDH key exchange provider. This property is typically used to specify the desired length of the derived key. ### Getter ```csharp public int KeyDataLen { get; } ``` ### Setter ```csharp public void KeyDataLen { set; } ``` ``` -------------------------------- ### EcdhKeyExchangeProvider.KeyDataLen Property Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net10.0/PublicAPI.Shipped.txt Gets or sets the length of the key data for the EcdhKeyExchangeProvider. ```APIDOC ## EcdhKeyExchangeProvider.KeyDataLen Property ### Description Gets or sets the length of the key data. ### Parameters - **value** (int) - The length of the key data. ### Returns int - The length of the key data. ``` -------------------------------- ### KeyWrapProvider Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Initializes a new instance of the KeyWrapProvider class. ```APIDOC ## KeyWrapProvider() ### Description Initializes a new instance of the `KeyWrapProvider` class. ### Method `KeyWrapProvider()` ``` -------------------------------- ### TestStubTests Implementation in C# Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/How-We-Test Demonstrates the structure of a unit test using XUnit's Theory and MemberData, including exception handling and object comparison. ```csharp public class TestStubTests { [Theory, MemberData(nameof(TestStubTheoryData))] public void TestStubTest1(TestStubTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.TestStubTest1", theoryData); try { var obj = new object(); theoryData.ExpectedException.ProcessNoException(context); if (theoryData.CompareTo != null) IdentityComparer.AreEqual(obj, theoryData.CompareTo, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); } public static TheoryData TestStubTheoryData { get { return new TheoryData { new TestStubTheoryData { First = true, ExpectedException = ExpectedException.SecurityTokenInvalidLifetimeException("IDX10230:"), TestId = "TestStub1" } }; } } } public class TestStubTheoryData : TheoryDataBase { public object CompareTo { get; set; } } ``` -------------------------------- ### TokenValidationParameters.TimeProvider Property Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt Gets or sets the time provider used for time-sensitive operations. ```APIDOC ## TokenValidationParameters.TimeProvider Property ### Description Gets or sets the `System.TimeProvider` to use for time-sensitive operations. This allows for testability by injecting a controllable time source. ### Property Type System.TimeProvider ``` -------------------------------- ### TokenValidationParameters.IssuerValidatorAsync Property Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt Gets or sets the asynchronous delegate used to validate the issuer. ```APIDOC ## TokenValidationParameters.IssuerValidatorAsync Property ### Description Gets or sets the asynchronous delegate that will be used to validate the issuer of a token. ### Property Type Microsoft.IdentityModel.Tokens.IssuerValidatorAsync ``` -------------------------------- ### AI Assistant Implementation Workflow Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/agents.md Details the workflow for the implementation phase, focusing on incremental changes, step-by-step verification, pattern adherence, test coverage, and feedback handling. ```yaml implementation_workflow: change_strategy: "incremental" verification: "each_step" pattern_following: "discovered_during_planning" coverage_focus: "maintain_test_coverage" feedback_handling: "use_linter_errors_for_guidance" ``` -------------------------------- ### SecurityTokenException.ValidationError Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Shipped.txt Gets or sets the validation error associated with a security token exception. ```APIDOC ## SecurityTokenException.ValidationError Property Gets or sets the validation error associated with a security token exception. ```csharp ValidationError ValidationError { get; set; } ``` ``` -------------------------------- ### OpenIdConnectConfigurationRetriever Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/PublicAPI.Shipped.txt Initializes a new instance of the OpenIdConnectConfigurationRetriever class. ```APIDOC ## OpenIdConnectConfigurationRetriever Constructor ### OpenIdConnectConfigurationRetriever() - **Description**: Initializes a new instance of the `OpenIdConnectConfigurationRetriever` class. - **Returns**: `void` ``` -------------------------------- ### TokenHandler.SetDefaultTimesOnTokenCreation Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Gets or sets a value indicating whether to set default times on token creation. ```APIDOC ## TokenHandler.SetDefaultTimesOnTokenCreation ### Description Gets or sets a boolean value that determines if default creation and expiration times should be automatically set when a token is created. ### Property * **SetDefaultTimesOnTokenCreation** (bool) - True to set default times; otherwise, false. ``` -------------------------------- ### SecurityKey Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Initializes a new instance of the SecurityKey class. ```APIDOC ## SecurityKey() ### Description Initializes a new instance of the `SecurityKey` class. ### Method `SecurityKey()` ``` -------------------------------- ### JsonWebKeyConverter Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Initializes a new instance of the JsonWebKeyConverter class. ```APIDOC ## JsonWebKeyConverter() ### Description Initializes a new instance of the `JsonWebKeyConverter` class. ### Method `JsonWebKeyConverter()` ``` -------------------------------- ### Get Standard Claim Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/System.IdentityModel.Tokens.Jwt/InternalAPI.Shipped.txt Retrieves the standard claim type based on a given claim identifier. ```APIDOC ## Get Standard Claim ### Description This method returns the standard claim type (e.g., 'iss', 'exp') corresponding to a given claim identifier. ### Method Signature `string GetStandardClaim(string claimType)` ### Parameters - **claimType** (`string`) - The identifier for the claim (e.g., "issuer", "expiration"). ### Returns - `string` - The standard claim type identifier (e.g., "iss", "exp"). ``` -------------------------------- ### OpenIdConnectMessage.EnableTelemetryParametersByDefault Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/PublicAPI.Shipped.txt Gets or sets a value indicating whether telemetry parameters are enabled by default for OpenIdConnect messages. ```APIDOC ## OpenIdConnectMessage.EnableTelemetryParametersByDefault ### Description Gets or sets a value indicating whether telemetry parameters are enabled by default for OpenIdConnect messages. ### Property Type bool ### Accessors - **get**: Returns a boolean indicating if telemetry parameters are enabled by default. - **set**: Sets whether telemetry parameters are enabled by default. Accepts a void return. ``` -------------------------------- ### AI Assistant Command Execution Guidelines Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/agents.md Outlines guidelines for command execution by AI agents, emphasizing sparing usage, preference for built-in tools, clear explanations, and approval for impactful operations. ```yaml command_execution: usage: "sparingly" preference: "built_in_file_operation_tools" explanations: "always_provide_clear_explanations" approval: "set_requires_approval_for_impactful_operations" ``` -------------------------------- ### JwtHeaderUtf8Bytes Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.JsonWebTokens/InternalAPI.Shipped.txt Initializes a new instance of the JwtHeaderUtf8Bytes class. ```APIDOC ## Class: JwtHeaderUtf8Bytes ### Constructor #### JwtHeaderUtf8Bytes() ```csharp JwtHeaderUtf8Bytes() ``` **Description**: Initializes a new instance of the JwtHeaderUtf8Bytes class. ``` -------------------------------- ### Create KeyVaultSecurityKey Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Keyvault-extensions Instantiate KeyVaultSecurityKey with a key identifier and an authentication callback to retrieve an access token. ```csharp // Create a KeyVaultSecurityKey from a key identifier string keyIdentifier = "https://mykeyvault.vault.azure.net/keys/mykey/01234567890123456789012345678901"; var key = new KeyVaultSecurityKey(keyIdentifier, async (authority, resource, scope) => { // Use your preferred authentication method to get an access token var credential = new DefaultAzureCredential(); var token = await credential.GetTokenAsync(new TokenRequestContext(new[] { resource + "/.default" })); return token.Token; }); ``` -------------------------------- ### JWE Ciphertext Example Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) This is the JWE Ciphertext, which is the encrypted payload. After decryption and base64 decoding, it reveals the original JWS. ```text frYtdApw1pTtK-budjPCd30RJqegqz1-B0my9zMfue5OrJLLxipxrSeZ3QiNWZ4bwW0FzfHXGi_EoeHiph6hFEln7wdwAOdnd-mXW2LylwMQH0QBitc4e77gZ1G77SbhY2glses57fWW_v4J4JobYFP0GQh18LK-g9spQFK6og2o5M3VV1s0f_dyOnjh0_WrLAWOOnuLzGUxK3-GWwPNCFSkECGoOjNvCxy5FeewwWKfMc_gc3xnVkieRWGP1bbHFDLzDy3_eDDdRzhI3kPGZnSbxx9Fi-JVzq4UncfIrl4hyBJz3fMooqIlg_AR1QUctl-a19yGX1p77stzvOu0aXIehju7V1STkXM31jYi4eBm0K50-1weCHAbKrBtuk8yFfuqPLefcMghHq3-ATAVGoaoY-KS6ODRJDL8jC4ALcoFySD3uxYvmg4bCAHTF7ezYWrhzWYddWRTK8SMf-tOPZgLZ-bA4rU5OvPsNC3yQpZFg8nxcUJ1JcakFD2eToZ4QNpXysOZwzSUvMT9Hx3uTHtlOC5M_uvZkp-zotuGMoJHmsV1lwnoSQ0CLFqUiIBA. ``` -------------------------------- ### AI Assistant File Operations Guidelines Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/agents.md Provides guidelines for AI agents on using file operations, recommending specific tools for reading, replacing, writing, listing, searching, and defining code. ```yaml file_operations: read_file: "Use for examining file contents instead of shell commands like cat" replace_in_file: "Use for targeted, specific changes to existing files" write_to_file: "Use only for new files or complete file rewrites" list_files: "Use to explore directory structures" search_files: "Use with precise regex patterns to find code patterns" list_code_definition_names: "Use to understand code structure before modifications" ``` -------------------------------- ### TokenValidationParameters Properties Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt This section lists the properties of the TokenValidationParameters class, including their types and whether they are for getting or setting values. ```APIDOC ## TokenValidationParameters Properties This document outlines the properties available for configuring token validation. ### IssuerSigningKeys - **Get**: `IEnumerable` - Retrieves the collection of security keys used for signing. - **Set**: `void` - Sets the collection of security keys used for signing. ### IssuerSigningKeyValidator - **Get**: `IssuerSigningKeyValidator` - Retrieves the custom validator for issuer signing keys. - **Set**: `void` - Sets the custom validator for issuer signing keys. ### IssuerSigningKeyValidatorUsingConfiguration - **Get**: `IssuerSigningKeyValidatorUsingConfiguration` - Retrieves the custom validator for issuer signing keys using configuration. - **Set**: `void` - Sets the custom validator for issuer signing keys using configuration. ### IssuerValidator - **Get**: `IssuerValidator` - Retrieves the custom validator for issuers. - **Set**: `void` - Sets the custom validator for issuers. ### IssuerValidatorUsingConfiguration - **Get**: `IssuerValidatorUsingConfiguration` - Retrieves the custom validator for issuers using configuration. - **Set**: `void` - Sets the custom validator for issuers using configuration. ### LifetimeValidator - **Get**: `LifetimeValidator` - Retrieves the custom validator for token lifetimes. - **Set**: `void` - Sets the custom validator for token lifetimes. ### LogTokenId - **Get**: `bool` - Indicates whether the token ID should be logged. - **Set**: `void` - Sets whether the token ID should be logged. ### LogValidationExceptions - **Get**: `bool` - Indicates whether validation exceptions should be logged. - **Set**: `void` - Sets whether validation exceptions should be logged. ### NameClaimType - **Get**: `string` - Retrieves the claim type used for the name. - **Set**: `void` - Sets the claim type used for the name. ### NameClaimTypeRetriever - **Get**: `Func` - Retrieves the function to retrieve the name claim type. - **Set**: `void` - Sets the function to retrieve the name claim type. ### PropertyBag - **Get**: `IDictionary` - Retrieves the property bag for additional data. - **Set**: `void` - Sets the property bag for additional data. ### RefreshBeforeValidation - **Get**: `bool` - Indicates whether to refresh before validation. - **Set**: `void` - Sets whether to refresh before validation. ### RequireAudience - **Get**: `bool` - Indicates whether the audience is required. - **Set**: `void` - Sets whether the audience is required. ### RequireExpirationTime - **Get**: `bool` - Indicates whether the expiration time is required. - **Set**: `void` - Sets whether the expiration time is required. ### RequireSignedTokens - **Get**: `bool` - Indicates whether signed tokens are required. - **Set**: `void` - Sets whether signed tokens are required. ### RoleClaimType - **Get**: `string` - Retrieves the claim type used for roles. - **Set**: `void` - Sets the claim type used for roles. ### RoleClaimTypeRetriever - **Get**: `Func` - Retrieves the function to retrieve the role claim type. - **Set**: `void` - Sets the function to retrieve the role claim type. ### SaveSigninToken - **Get**: `bool` - Indicates whether the sign-in token should be saved. - **Set**: `void` - Sets whether the sign-in token should be saved. ### SignatureValidator - **Get**: `SignatureValidator` - Retrieves the custom validator for signatures. - **Set**: `void` - Sets the custom validator for signatures. ### SignatureValidatorUsingConfiguration - **Get**: `SignatureValidatorUsingConfiguration` - Retrieves the custom validator for signatures using configuration. - **Set**: `void` - Sets the custom validator for signatures using configuration. ### TokenDecryptionKey - **Get**: `SecurityKey` - Retrieves the security key used for token decryption. - **Set**: `void` - Sets the security key used for token decryption. ### TokenDecryptionKeyResolver - **Get**: `TokenDecryptionKeyResolver` - Retrieves the resolver for token decryption keys. - **Set**: `void` - Sets the resolver for token decryption keys. ### TokenDecryptionKeys - **Get**: `IEnumerable` - Retrieves the collection of security keys used for token decryption. - **Set**: `void` - Sets the collection of security keys used for token decryption. ``` -------------------------------- ### RSACryptoServiceProviderProxy Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/PublicAPI.Shipped.txt Initializes a new instance of the RSACryptoServiceProviderProxy class. ```APIDOC ## RSACryptoServiceProviderProxy(RSACryptoServiceProvider rsa) ### Description Initializes a new instance of the RSACryptoServiceProviderProxy class with the specified RSACryptoServiceProvider. ### Parameters - **rsa** (System.Security.Cryptography.RSACryptoServiceProvider) - The RSA crypto service provider to proxy. ``` -------------------------------- ### OpenIdConnectProtocolValidator.RequireSubByDefault Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/PublicAPI.Shipped.txt Gets or sets a value indicating whether the 'sub' (subject) claim is required by default in OpenIdConnect protocol validation. ```APIDOC ## OpenIdConnectProtocolValidator.RequireSubByDefault ### Description Gets or sets a value indicating whether the 'sub' (subject) claim is required by default in OpenIdConnect protocol validation. ### Property Type bool ### Accessors - **get**: Returns a boolean indicating if the 'sub' claim is required by default. - **set**: Sets whether the 'sub' claim is required by default. Accepts a void return. ``` -------------------------------- ### SymmetricSecurityKey Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Initializes a new instance of the SymmetricSecurityKey class with the specified key material. ```APIDOC ## SymmetricSecurityKey Constructor ### Description Initializes a new instance of the SymmetricSecurityKey class using the provided byte array as the key material. ### Method new SymmetricSecurityKey(byte[] key) ### Parameters * **key** (byte[]) - The byte array representing the symmetric key. ``` -------------------------------- ### EcdhKeyExchangeProvider Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/PublicAPI.Shipped.txt Initializes a new instance of the EcdhKeyExchangeProvider class. ```APIDOC ## EcdhKeyExchangeProvider Constructor ### Description Initializes a new instance of the EcdhKeyExchangeProvider class using the provided private key, public key, algorithm, and encryption details. ### Signature ```csharp public EcdhKeyExchangeProvider(SecurityKey privateKey, SecurityKey publicKey, string alg, string enc) ``` ### Parameters * **privateKey** (SecurityKey) - The private security key. * **publicKey** (SecurityKey) - The public security key. * **alg** (string) - The algorithm identifier. * **enc** (string) - The encryption identifier. ``` -------------------------------- ### JWE Authentication Tag Example Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) This is the JWE Authentication Tag, generated during encryption and used during decryption to ensure the integrity and authenticity of the ciphertext. ```text JEduKaavj1noos2cLuP9Ig ``` -------------------------------- ### HttpVersionPolicy Property Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols/PublicAPI/net6.0/PublicAPI.Shipped.txt The HttpVersionPolicy property allows you to configure the HTTP version used for requests made by the HttpDocumentRetriever. You can get or set this policy. ```APIDOC ## HttpDocumentRetriever.HttpVersionPolicy ### Description Gets or sets the HTTP version policy for requests made by the HttpDocumentRetriever. ### Property Type System.Net.Http.HttpVersionPolicy? ``` -------------------------------- ### Compare Crank Benchmark Results Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Benchmarking-in-Wilson Compares two Crank benchmark result JSON files, generating a table with combined results and percent changes for each metric. The output is printed to the console. ```Shell crank compare ``` -------------------------------- ### EcdhKeyExchangeProvider Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/PublicAPI.Shipped.txt Initializes a new instance of the EcdhKeyExchangeProvider class. ```APIDOC ## EcdhKeyExchangeProvider Constructor ### Description Initializes a new instance of the EcdhKeyExchangeProvider class using the provided private key, public key, algorithm, and encryption details. ### Parameters - **privateKey** (Microsoft.IdentityModel.Tokens.SecurityKey) - The private security key. - **publicKey** (Microsoft.IdentityModel.Tokens.SecurityKey) - The public security key. - **alg** (string) - The algorithm identifier. - **enc** (string) - The encryption identifier. ``` -------------------------------- ### HttpDocumentRetriever.HttpVersionPolicy Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols/PublicAPI/net9.0/PublicAPI.Shipped.txt Gets or sets the HTTP version policy for the HttpDocumentRetriever. This property determines the HTTP version used when making HTTP requests. ```APIDOC ## HttpDocumentRetriever.HttpVersionPolicy ### Description Gets or sets the HTTP version policy for the HttpDocumentRetriever. This property determines the HTTP version used when making HTTP requests. ### Property Type System.Net.Http.HttpVersionPolicy? ``` -------------------------------- ### JsonWebToken Constructors Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.JsonWebTokens/PublicAPI.Shipped.txt Demonstrates the various ways to construct a JsonWebToken object. ```APIDOC ## JsonWebToken Constructors ### Description Constructs a new instance of the `JsonWebToken` class. ### Constructors - **JsonWebToken(string header, string payload)** Initializes a new instance with the specified header and payload. - **JsonWebToken(string header, string payload, TryReadJwtClaim tryReadJwtClaim)** Initializes a new instance with the specified header, payload, and a custom claim reading function. - **JsonWebToken(string jwtEncodedString)** Initializes a new instance from an encoded JWT string. - **JsonWebToken(string jwtEncodedString, TryReadJwtClaim tryReadJwtClaim)** Initializes a new instance from an encoded JWT string with a custom claim reading function. - **JsonWebToken(ReadOnlyMemory encodedTokenMemory)** Initializes a new instance from an encoded JWT string represented as a character memory. - **JsonWebToken(ReadOnlyMemory encodedTokenMemory, TryReadJwtClaim tryReadJwtClaim)** Initializes a new instance from an encoded JWT string represented as a character memory, with a custom claim reading function. ``` -------------------------------- ### JWE Protected Header Decoded Example Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) The base64 decoded value of the JWE Protected Header, showing the encryption and key identification parameters. ```json { "alg": "RSA1_5", "enc": "A128CBC-HS256", "kid": "RsaSecurityKey_2048", "typ": "JWT" } ``` -------------------------------- ### Incorrect DateTimeOffset Usage for JwtSecurityToken Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/How-are-DateTime-values-treated? This example demonstrates an issue where DateTimeOffset.UtcNow.DateTime results in a DateTime with an unspecified Kind, which can cause problems when passed to JwtSecurityToken. ```cs JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(expires: DateTimeOffset.UtcNow.DateTime.AddMinutes(15)); ``` -------------------------------- ### JwtPayloadUtf8Bytes Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.JsonWebTokens/InternalAPI.Shipped.txt Initializes a new instance of the JwtPayloadUtf8Bytes class. ```APIDOC ## Class: JwtPayloadUtf8Bytes ### Constructor #### JwtPayloadUtf8Bytes() ```csharp JwtPayloadUtf8Bytes() ``` **Description**: Initializes a new instance of the JwtPayloadUtf8Bytes class. ``` -------------------------------- ### Example of Default Outbound Claim Type Mapping Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/OutboundClaimTypeMap Demonstrates the input claims and the resulting claims in a JWT created by JwtSecurityTokenHandler, showing the default mapping. ```csharp var claims = new List { new Claim(ClaimTypes.NameIdentifier, "myid") new Claim(ClaimTypes.Email, "myemail") }; // Input claims: // [0] { Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = "myid"} // [1] { Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = "myemail"} var handler = new JwtSecurityTokenHandler(); var token = handler.CreateJwtSecurityToken( issuer: issuer, audience: audience, subject: new ClaimsIdentity(claims), // claims are passed in here notBefore: notBefore, expires: expires, issuedAt: issuedAt, signingCredentials: signingCredentials, encryptingCredentials: encryptingCredentials); // Output token.Claims: // [0] { Type = "nameid", Value = "myid" } // [1] { Type = "email", Value = "myemail" } ``` -------------------------------- ### Run Crank Benchmark for CreateJWE Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Benchmarking-in-Wilson Executes a Crank benchmark for the CreateJWE scenario using .NET 6.0 framework and specific SDK/runtime versions. Results are saved to a JSON file. ```Shell crank --config ".\identitymodel.benchmarks.yml" --application.framework net6.0 --scenario CreateJWE --profile aspnet-perf-win --application.sdkVersion 8.0.100-rc.1.23463.5 --application.aspNetCoreVersion 8.0.0-rc.1.23421.29 --application.runtimeVersion 8.0.0-rc.1.23419.4 --application.buildArguments --json C:\temp\results0.json ``` -------------------------------- ### Decrypted JWE Ciphertext Example Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) The content of the JWE Ciphertext after decryption and base64 decoding, showing the structure of the original JWS including its header, payload, and signature. ```json { "alg": "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "kid": "DefaultSymmetricSecurityKey_256", "typ": "JWT" }.{ "email": "Bob@contoso.com", "given_name": "Bob", "iss": "http://Default.Issuer.com", "aud": "http://Default.Audience.com", "iat": "1489775617", "nbf": "1489775617", "exp": "1616006017" }.Signature ``` -------------------------------- ### EcdhKeyExchangeProvider Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI/net10.0/PublicAPI.Shipped.txt Initializes a new instance of the EcdhKeyExchangeProvider class with the specified private key, public key, algorithm, and encryption. ```APIDOC ## EcdhKeyExchangeProvider Constructor ### Description Initializes a new instance of the EcdhKeyExchangeProvider class. ### Parameters - **privateKey** (Microsoft.IdentityModel.Tokens.SecurityKey) - The private security key. - **publicKey** (Microsoft.IdentityModel.Tokens.SecurityKey) - The public security key. - **alg** (string) - The algorithm used for key exchange. - **enc** (string) - The encryption algorithm. ### Returns void ``` -------------------------------- ### JWE Encrypted Key Example Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) This is the JWE Encrypted Key, which is a symmetric key generated to encrypt the JWS. It is encrypted using the 'alg' from the header and the public key. ```text QkA3lz1JdtgurjXd_Qi0wZhIRicqF6Hy1tFcm8ASQaI379pD-dNPHpehxJfz5WqRrV7p0xfsBkTvXyqzHnQnCrDVY2hD50p1dEDGUsKw48In5kghWwXscWmmbNwKt1QG8XYX9H42pBiuIkOuWiwMhAh8gMLvTaKg-Mg6p0-DdbmQGjCU9Di2rZo-gdm7lguWiTVwj1tI6D1MGJbiTa8f5XLwb26_G-ShDcHhE4LykfRayK-ohxa2_YI1Eyj0HYmfEYhVZK2hnXJGzgFsR048HiUj9pnW_9l7aUlyc5ZPzd7APzvPLzEAGAbpUWrxlMp350bG6Hd_90HxGxdcqCMESw. ``` -------------------------------- ### AesGcm Constructor Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt Initializes a new instance of the AesGcm class with the specified key. ```APIDOC ## AesGcm(byte[] key) ### Description Initializes a new instance of the AesGcm class with the specified key. ### Method Signature `Microsoft.IdentityModel.Tokens.AesGcm.AesGcm(byte[] key) -> void` ``` -------------------------------- ### HttpVersionPolicy Property Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols/PublicAPI/net8.0/PublicAPI.Shipped.txt Gets or sets the HTTP version policy for requests made by the HttpDocumentRetriever. This property allows control over whether HTTP/1.1 or HTTP/2 is preferred or required. ```APIDOC ## HttpDocumentRetriever.HttpVersionPolicy ### Description Gets or sets the HTTP version policy for requests made by the HttpDocumentRetriever. This property allows control over whether HTTP/1.1 or HTTP/2 is preferred or required. ### Property Type System.Net.Http.HttpVersionPolicy? ``` -------------------------------- ### SymmetricSignatureProvider Constructors Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Initializes new instances of the SymmetricSignatureProvider class. ```APIDOC ## SymmetricSignatureProvider Constructors ### Description Initializes new instances of the SymmetricSignatureProvider class with different configurations for key, algorithm, and signature creation. ### Method new SymmetricSignatureProvider(SecurityKey key, string algorithm) ### Parameters * **key** (SecurityKey) - The security key to use for signing or verification. * **algorithm** (string) - The cryptographic algorithm to use. ### Method new SymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures) ### Parameters * **key** (SecurityKey) - The security key to use for signing or verification. * **algorithm** (string) - The cryptographic algorithm to use. * **willCreateSignatures** (bool) - A value indicating whether this provider will be used for creating signatures. ``` -------------------------------- ### JWE Initialization Vector Example Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Creating-and-Validating-JWEs-(Json-Web-Encryptions) This is the JWE Initialization Vector, a randomly generated value required for some content encryption algorithms, used here with the CEK to encrypt the inner JWS. ```text BAYsl8n-cwhuS6ykkGTJEQ. ``` -------------------------------- ### BaseConfigurationManager.GetValidLkgConfigurations Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt Retrieves the valid 'last known good' configurations. ```APIDOC ## GetValidLkgConfigurations() ### Description Retrieves the valid 'last known good' configurations from the cache. ### Method GET ### Endpoint /Microsoft.IdentityModel.Tokens.BaseConfigurationManager/GetValidLkgConfigurations ### Response #### Success Response (200) - **BaseConfiguration[]** (Array of BaseConfiguration) - An array of valid 'last known good' configurations. ``` -------------------------------- ### OpenIdConnectConfiguration Methods Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/PublicAPI.Shipped.txt Methods for creating, writing, and retrieving OpenIdConnectConfiguration. ```APIDOC ## OpenIdConnectConfiguration ### Description Represents the OpenID Connect configuration, including endpoints and security keys. ### Static Methods - **Create(string json)**: Creates an OpenIdConnectConfiguration instance from a JSON string. - **Write(OpenIdConnectConfiguration configuration)**: Writes the OpenIdConnectConfiguration to a string. - **Write(OpenIdConnectConfiguration configuration, Stream stream)**: Writes the OpenIdConnectConfiguration to a stream. ### Instance Properties - **ActiveTokenEndpoint** (string) - Gets or sets the active token endpoint. - **Issuer** (string) - Gets or sets the issuer. - **SigningKeys** (ICollection) - Gets the collection of signing keys. - **TokenEndpoint** (string) - Gets or sets the token endpoint. ``` -------------------------------- ### HttpDocumentRetriever.HttpVersionPolicy Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols/PublicAPI/net10.0/PublicAPI.Shipped.txt Gets or sets the HTTP version policy for requests made by the HttpDocumentRetriever. This property allows you to specify whether to use HTTP/1.1, HTTP/2, or allow the system to choose. ```APIDOC ## HttpDocumentRetriever.HttpVersionPolicy ### Description Gets or sets the HTTP version policy for requests made by the HttpDocumentRetriever. This property allows you to specify whether to use HTTP/1.1, HTTP/2, or allow the system to choose. ### Property Type System.Net.Http.HttpVersionPolicy? ``` -------------------------------- ### SupportedAlgorithms Utility Methods Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt Provides utility methods for checking and retrieving information about supported cryptographic algorithms. ```APIDOC ## SupportedAlgorithms Utility Methods Provides utility methods for checking and retrieving information about supported cryptographic algorithms. ### Methods - **SupportedAlgorithms.GetDigestFromSignatureAlgorithm(string algorithm)**: Returns the digest algorithm name for a given signature algorithm. - **SupportedAlgorithms.GetHashAlgorithmName(string algorithm)**: Returns the `HashAlgorithmName` for a given algorithm string. - **SupportedAlgorithms.GetMaxByteCount(string algorithm)**: Returns the maximum byte count for a given algorithm. - **SupportedAlgorithms.IsAesCbc(string algorithm)**: Checks if the algorithm is an AES-CBC algorithm. - **SupportedAlgorithms.IsAesGcm(string algorithm)**: Checks if the algorithm is an AES-GCM algorithm. - **SupportedAlgorithms.IsSupportedAlgorithm(string algorithm, Microsoft.IdentityModel.Tokens.SecurityKey key)**: Checks if an algorithm is supported for a given security key. - **SupportedAlgorithms.IsSupportedEncryptionAlgorithm(string algorithm, Microsoft.IdentityModel.Tokens.SecurityKey key)**: Checks if an encryption algorithm is supported for a given security key. - **SupportedAlgorithms.IsSupportedHashAlgorithm(string algorithm)**: Checks if a hash algorithm is supported. - **SupportedAlgorithms.IsSupportedRsaAlgorithm(string algorithm, Microsoft.IdentityModel.Tokens.SecurityKey key)**: Checks if an RSA algorithm is supported for a given security key. - **SupportedAlgorithms.IsSupportedRsaKeyWrap(string algorithm, Microsoft.IdentityModel.Tokens.SecurityKey key)**: Checks if an RSA key wrap algorithm is supported for a given security key. - **SupportedAlgorithms.IsSupportedSymmetricAlgorithm(string algorithm)**: Checks if a symmetric algorithm is supported. - **SupportedAlgorithms.IsSupportedSymmetricKeyWrap(string algorithm, Microsoft.IdentityModel.Tokens.SecurityKey key)**: Checks if a symmetric key wrap algorithm is supported for a given security key. ``` -------------------------------- ### CompressionProviderFactory Methods Source: https://github.com/azuread/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/PublicAPI.Shipped.txt Methods for checking algorithm support in compression providers. ```APIDOC ## CompressionProviderFactory Methods ### Description Methods for checking algorithm support in compression providers. ### Methods - **IsSupportedAlgorithm**(string algorithm) -> bool - Checks if the specified algorithm is supported by the compression provider. ```