Share via


IdentityApplicationOptions Class

Definition

Options for configuring authentication in a web app, web API or daemon app.

This class contains configuration properties for any OAuth 2.0 identity provider. For Azure AD specific options see the derived class: MicrosoftIdentityApplicationOptions. This class and its derived class are usually used as options, that are deserialized from a configuration file like appsettings.json

public class IdentityApplicationOptions
type IdentityApplicationOptions = class
Public Class IdentityApplicationOptions
Inheritance
IdentityApplicationOptions
Derived

Constructors

IdentityApplicationOptions()

Properties

AllowWebApiToBeAuthorizedByACL

Web APIs called on behalf of a user can validate a token based on scopes (representing delegated permissions). Web APIs called by daemon applications can validate a token based on roles (representing app permissions). By default, the web API will validate the presence of roles and scopes. You can set this property to false to use the ACL-based authorization pattern for the client (daemon) to the web API. If using ACL-based authorization, the implementation will not throw if roles or scopes are not in the Claims. For details see https://aka.ms/ms-identity-web/daemon-ACL.

Audience

In a web API, audience of the tokens that will be accepted by the web API.

If your web API accepts several audiences, see Audiences.

Audiences

In a web API, accepted audiences for the tokens received by the web API.

See also Audience.

The audience is the intended recipient of the token. You can usually assume that the ApplicationID of your web API is a valid audience. It can, in general be any of the App ID URIs (or resource identitfier) you defined for your application during its registration in the Azure portal.
Authority

Gets or sets the authority to use when calling the identity provider. For AzureAD or Azure AD B2C, rather use Instance and TenantId. For Microsoft Entra External IDs, use the authority of the form https://subdomain.ciamlogin.com.

ClientCredentials

Description of the client credentials that the app provides to prove its identity to the IdP, See CredentialSource for the list of supported credential types.

ClientId

Gets or sets the 'client_id' (application ID) as it appears in the application registration. This is the string representation of a GUID.

EnablePiiLogging

Flag used to enable/disable logging of Personally Identifiable Information (PII). PII logs are never written to default outputs. Default is set to false, which ensures that your application is compliant with GDPR. You can set it to true for advanced debugging requiring PII.

ExtraQueryParameters

Sets query parameters for the query string in the HTTP request to the IdP. This parameter is useful if you want to send the request to a specific test slice, or a particular dc.

TokenDecryptionCredentials

Description of the credentials (usually certificates) used to decrypt an encrypted token in a web API.

Applies to