4 <name>Microsoft.IdentityModel.Tokens</name>
7 <member name="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey">
9 Base class for a Security Key that contains Asymmetric key material.
12 <member name="P:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey.HasPrivateKey">
14 This must be overridden to get a bool indicating if a private key exists.
16 <return>true if it has a private key; otherwise, false.</return>
18 <member name="T:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider">
20 Provides signing and verifying operations when working with an <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/>
23 <member name="F:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap">
25 Mapping from algorithm to minimum <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize when creating signatures.
28 <member name="F:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap">
30 Mapping from algorithm to minimum <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize when verifying signatures.
33 <member name="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
35 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider"/> class used to create and verify signatures.
37 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for signature operations.<see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/></param>
38 <param name="algorithm">The signature algorithm to apply.</param>
40 <member name="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String,System.Boolean)">
42 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider"/> class used to create and verify signatures.
44 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for signature operations.</param>
45 <param name="algorithm">The signature algorithm to apply.</param>
46 <param name="willCreateSignatures">Whether this <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider"/> is required to create signatures then set this to true.</param>
48 Creating signatures requires that the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> has access to a private key.
49 Verifying signatures (the default), does not require access to the private key.
51 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
52 <exception cref="T:System.ArgumentOutOfRangeException">
53 willCreateSignatures is true and <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.KeySize is less than the size corresponding to the given algorithm in <see cref="P:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForSigningMap"/>.
55 <exception cref="T:System.ArgumentOutOfRangeException">
56 <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.KeySize is less than the size corresponding to the algorithm in <see cref="P:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForVerifyingMap"/>. Note: this is always checked.
58 <exception cref="T:System.ArgumentException">If <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm pair are not supported.</exception>
59 <exception cref="T:System.ArgumentOutOfRangeException">If the runtime is unable to create a suitable cryptographic provider.</exception>
61 <member name="P:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForSigningMap">
63 Gets the mapping from algorithm to the minimum <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize for creating signatures.
66 <member name="P:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForVerifyingMap">
68 Gets the mapping from algorithm to the minimum <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize for verifying signatures.
71 <member name="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.GetHashAlgorithmString(System.String)">
73 Returns the algorithm name.
75 <param name="algorithm">The hash algorithm to use to create the hash value.</param>
77 <member name="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Sign(System.Byte[])">
79 Produces a signature over the 'input' using the <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/> and algorithm passed to <see cref="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String,System.Boolean)"/>.
81 <param name="input">The bytes to be signed.</param>
82 <returns>A signature over the input.</returns>
83 <exception cref="T:System.ArgumentNullException">'input' is null. </exception>
84 <exception cref="T:System.ArgumentException">'input.Length' == 0. </exception>
85 <exception cref="T:System.ObjectDisposedException">If <see cref="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called. </exception>
86 <exception cref="T:System.InvalidOperationException">If the internal <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider"/> is null. This can occur if the constructor parameter 'willBeUsedforSigning' was not 'true'.</exception>
87 <exception cref="T:System.InvalidOperationException">If the internal <see cref="T:System.Security.Cryptography.HashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
89 <member name="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(System.Byte[],System.Byte[])">
91 Verifies that a signature over the' input' matches the signature.
93 <param name="input">The bytes to generate the signature over.</param>
94 <param name="signature">The value to verify against.</param>
95 <returns>true if signature matches, false otherwise.</returns>
96 <exception cref="T:System.ArgumentNullException">'input' is null.</exception>
97 <exception cref="T:System.ArgumentNullException">'signature' is null.</exception>
98 <exception cref="T:System.ArgumentException">'input.Length' == 0.</exception>
99 <exception cref="T:System.ArgumentException">'signature.Length' == 0.</exception>
100 <exception cref="T:System.ObjectDisposedException">If <see cref="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called. </exception>
101 <exception cref="T:System.InvalidOperationException">If the internal <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider"/> is null. This can occur if a derived type does not call the base constructor.</exception>
102 <exception cref="T:System.InvalidOperationException">If the internal <see cref="T:System.Security.Cryptography.HashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
104 <member name="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.ValidateAsymmetricSecurityKeySize(Microsoft.IdentityModel.Tokens.SecurityKey,System.String,System.Boolean)">
106 Validates that the asymmetric key size is more than the allowed minimum
108 <param name="key">The asymmetric key to validate</param>
109 <param name="algorithm">Algorithm for which this key will be used</param>
110 <param name="willCreateSignatures">Whether they key will be used for creating signatures</param>
112 <member name="M:Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Dispose(System.Boolean)">
114 Calls <see cref="M:System.Security.Cryptography.HashAlgorithm.Dispose"/> to release this managed resources.
116 <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer.</param>
118 <member name="T:Microsoft.IdentityModel.Tokens.Base64UrlEncoder">
120 Encodes and Decodes strings as Base64Url encoding.
123 <member name="M:Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Encode(System.String)">
125 The following functions perform base64url encoding which differs from regular base64 encoding as follows
126 * padding is skipped so the pad character '=' doesn't have to be percent encoded
127 * the 62nd and 63rd regular base64 encoding characters ('+' and '/') are replace with ('-' and '_')
128 The changes make the encoding alphabet file and URL safe.
130 <param name="arg">string to encode.</param>
131 <returns>Base64Url encoding of the UTF8 bytes.</returns>
133 <member name="M:Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Encode(System.Byte[],System.Int32,System.Int32)">
135 Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
136 the subset as an offset in the input array, and the number of elements in the array to convert.
138 <param name="inArray">An array of 8-bit unsigned integers.</param>
139 <param name="length">An offset in inArray.</param>
140 <param name="offset">The number of elements of inArray to convert.</param>
141 <returns>The string representation in base 64 url encodingof length elements of inArray, starting at position offset.</returns>
142 <exception cref="T:System.ArgumentNullException">'inArray' is null.</exception>
143 <exception cref="T:System.ArgumentOutOfRangeException">offset or length is negative OR offset plus length is greater than the length of inArray.</exception>
145 <member name="M:Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Encode(System.Byte[])">
147 Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
148 the subset as an offset in the input array, and the number of elements in the array to convert.
150 <param name="inArray">An array of 8-bit unsigned integers.</param>
151 <returns>The string representation in base 64 url encodingof length elements of inArray, starting at position offset.</returns>
152 <exception cref="T:System.ArgumentNullException">'inArray' is null.</exception>
153 <exception cref="T:System.ArgumentOutOfRangeException">offset or length is negative OR offset plus length is greater than the length of inArray.</exception>
155 <member name="M:Microsoft.IdentityModel.Tokens.Base64UrlEncoder.DecodeBytes(System.String)">
157 Converts the specified string, which encodes binary data as base-64-url digits, to an equivalent 8-bit unsigned integer array.</summary>
158 <param name="str">base64Url encoded string.</param>
159 <returns>UTF8 bytes.</returns>
161 <member name="M:Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Decode(System.String)">
163 Decodes the string from Base64UrlEncoded to UTF8.
165 <param name="arg">string to decode.</param>
166 <returns>UTF8 string.</returns>
168 <member name="T:Microsoft.IdentityModel.Tokens.CryptoProviderFactory">
170 Creates <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/>s by specifying a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm.
171 <para>Supports both <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/> and <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/>.</para>
174 <member name="P:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.Default">
176 Returns the default <see cref="T:Microsoft.IdentityModel.Tokens.CryptoProviderFactory"/> instance.
179 <member name="P:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CustomCryptoProvider">
181 Extensibility point for custom crypto support application wide.
183 <remarks>By default, if set, <see cref="M:Microsoft.IdentityModel.Tokens.ICryptoProvider.IsSupportedAlgorithm(System.String,System.Object[])"/> will be called before crypto operations.
184 If true is returned, then this will be called for operations.</remarks>
186 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.#cctor">
188 Static constructor that initializes the default <see cref="T:Microsoft.IdentityModel.Tokens.CryptoProviderFactory"/>.
191 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.#ctor">
193 Default constructor for <see cref="T:Microsoft.IdentityModel.Tokens.CryptoProviderFactory"/>.
196 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.#ctor(Microsoft.IdentityModel.Tokens.CryptoProviderFactory)">
198 Constructor that creates a deep copy of given <see cref="T:Microsoft.IdentityModel.Tokens.CryptoProviderFactory"/> object.
200 <param name="other"><see cref="T:Microsoft.IdentityModel.Tokens.CryptoProviderFactory"/> to copy from.</param>
202 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.IsSupportedAlgorithm(System.String)">
204 Answers if an algorithm is supported
206 <param name="algorithm">the name of the crypto algorithm</param>
209 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.IsSupportedAlgorithm(System.String,Microsoft.IdentityModel.Tokens.SecurityKey)">
211 Checks if an 'algorithm, key' pair is supported.
213 <param name="algorithm">the algorithm to check.</param>
214 <param name="key">the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.</param>
215 <returns>true if 'algorithm, key' pair is supported.</returns>
217 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateAuthenticatedEncryptionProvider(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
219 Creates an instance of <see cref="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider"/> for a specific <SecurityKey, Algorithm>.
221 <param name="key">the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> to use.</param>
222 <param name="algorithm">the algorithm to use.</param>
223 <returns>an instance of <see cref="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider"/></returns>
224 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
225 <exception cref="T:System.ArgumentNullException">'algorithm' is null or empty.</exception>
226 <exception cref="T:System.ArgumentException">'key' is not a <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/>.</exception>
227 <exception cref="T:System.ArgumentException">'algorithm, key' pair is not supported.</exception>
229 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateKeyWrapProvider(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
231 Creates an instance of <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/> for a specific <SecurityKey, Algorithm>.
233 <param name="key">the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> to use.</param>
234 <param name="algorithm">the algorithm to use.</param>
235 <returns>an instance of <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/></returns>
236 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
237 <exception cref="T:System.ArgumentNullException">'algorithm' is null or empty.</exception>
238 <exception cref="T:System.ArgumentException">If <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm pair are not supported.</exception>
239 <exception cref="T:System.ArgumentException">'key' is not a <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/>.</exception>
241 <para>When finished with the <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/> call <see cref="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseKeyWrapProvider(Microsoft.IdentityModel.Tokens.KeyWrapProvider)"/>.</para>
244 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
246 Creates a <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/> that supports the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm.
248 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> to use for signing.</param>
249 <param name="algorithm">The algorithm to use for signing.</param>
250 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
251 <exception cref="T:System.ArgumentNullException">'algorithm' is null or empty.</exception>
252 <exception cref="T:System.ArgumentOutOfRangeException"><see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/>' is too small.</exception>
253 <exception cref="T:System.ArgumentOutOfRangeException"><see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> is too small.</exception>
254 <exception cref="T:System.ArgumentException"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> is not a <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/> or a <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/>.</exception>
256 AsymmetricSignatureProviders require access to a PrivateKey for Signing.
257 <para>When finished with the <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/> call <see cref="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseSignatureProvider(Microsoft.IdentityModel.Tokens.SignatureProvider)"/>.</para>
260 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
262 Returns a <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/> instance supports the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm.
264 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> to use for signing.</param>
265 <param name="algorithm">The algorithm to use for verifying.</param>
266 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
267 <exception cref="T:System.ArgumentNullException">'algorithm' is null or empty.</exception>
268 <exception cref="T:System.ArgumentOutOfRangeException"><see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/> is too small.</exception>
269 <exception cref="T:System.ArgumentOutOfRangeException"><see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> is too small.</exception>
270 <exception cref="T:System.ArgumentException"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>' is not a <see cref="T:Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey"/> or a <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/>.</exception>
271 <remarks>When finished with the <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/> call <see cref="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseSignatureProvider(Microsoft.IdentityModel.Tokens.SignatureProvider)"/>.</remarks>
273 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseSignatureProvider(Microsoft.IdentityModel.Tokens.SignatureProvider)">
275 When finished with a <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/> call this method for cleanup. The default behavior is to call <see cref="M:Microsoft.IdentityModel.Tokens.SignatureProvider.Dispose"/>
277 <param name="signatureProvider"><see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/> to be released.</param>
279 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseHashAlgorithm(System.Security.Cryptography.HashAlgorithm)">
281 When finished with a <see cref="T:System.Security.Cryptography.HashAlgorithm"/> call this method for cleanup. The default behavior is to call <see cref="M:System.Security.Cryptography.HashAlgorithm.Dispose"/>
283 <param name="hashAlgorithm"><see cref="T:System.Security.Cryptography.HashAlgorithm"/> to be released.</param>
285 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseKeyWrapProvider(Microsoft.IdentityModel.Tokens.KeyWrapProvider)">
287 When finished with a <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/> call this method for cleanup."/>
289 <param name="provider"><see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/> to be released.</param>
291 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseRsaKeyWrapProvider(Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider)">
293 When finished with a <see cref="T:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider"/> call this method for cleanup."/>
295 <param name="provider"><see cref="T:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider"/> to be released.</param>
297 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateHashAlgorithm(System.String)">
299 Returns a <see cref="T:System.Security.Cryptography.HashAlgorithm"/> for a specific algorithm.
301 <param name="algorithm">the name of the hash algorithm to create.</param>
302 <returns>A <see cref="T:System.Security.Cryptography.HashAlgorithm"/></returns>
303 <remarks>When finished with the <see cref="T:System.Security.Cryptography.HashAlgorithm"/> call <see cref="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseHashAlgorithm(System.Security.Cryptography.HashAlgorithm)"/>.</remarks>
304 <exception cref="T:System.ArgumentNullException">'algorithm' is null or empty.</exception>
305 <exception cref="T:System.InvalidOperationException">'algorithm' is not supported.</exception>
307 <member name="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateKeyedHashAlgorithm(System.Byte[],System.String)">
309 Returns a <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/> for a specific algorithm.
311 <param name="algorithm">the keyed hash algorithm to create.</param>
312 <param name="keyBytes">bytes to use to create the Keyed Hash</param>
313 <returns>A <see cref="T:System.Security.Cryptography.HashAlgorithm"/></returns>
314 <remarks>When finished with the <see cref="T:System.Security.Cryptography.HashAlgorithm"/> call <see cref="M:Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ReleaseHashAlgorithm(System.Security.Cryptography.HashAlgorithm)"/>.</remarks>
315 <exception cref="T:System.ArgumentNullException">'algorithm' is null or empty.</exception>
316 <exception cref="T:System.InvalidOperationException">'algorithm' is not supported.</exception>
318 <member name="T:Microsoft.IdentityModel.Tokens.DateTimeUtil">
320 Helper class for adding DateTimes and Timespans.
323 <member name="M:Microsoft.IdentityModel.Tokens.DateTimeUtil.Add(System.DateTime,System.TimeSpan)">
325 Add a DateTime and a TimeSpan.
326 The maximum time is DateTime.MaxTime. It is not an error if time + timespan > MaxTime.
329 <param name="time">Initial <see cref="T:System.DateTime"/> value.</param>
330 <param name="timespan"><see cref="T:System.TimeSpan"/> to add.</param>
331 <returns><see cref="T:System.DateTime"/> as the sum of time and timespan.</returns>
333 <member name="M:Microsoft.IdentityModel.Tokens.DateTimeUtil.GetMaxValue(System.DateTimeKind)">
335 Gets the Maximum value for a DateTime specifying kind.
337 <param name="kind">DateTimeKind to use.</param>
338 <returns>DateTime of specified kind.</returns>
340 <member name="M:Microsoft.IdentityModel.Tokens.DateTimeUtil.GetMinValue(System.DateTimeKind)">
342 Gets the Minimum value for a DateTime specifying kind.
344 <param name="kind">DateTimeKind to use.</param>
345 <returns>DateTime of specified kind.</returns>
347 <member name="T:Microsoft.IdentityModel.Tokens.ECDsaSecurityKey">
349 Represents a ECDsa security key.
352 <member name="M:Microsoft.IdentityModel.Tokens.ECDsaSecurityKey.#ctor(System.Security.Cryptography.ECDsa)">
354 Returns a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.ECDsaSecurityKey"/>.
356 <param name="ecdsa"><see cref="T:System.Security.Cryptography.ECDsa"/></param>
358 <member name="P:Microsoft.IdentityModel.Tokens.ECDsaSecurityKey.ECDsa">
360 <see cref="T:System.Security.Cryptography.ECDsa"/> instance used to initialize the key.
363 <member name="P:Microsoft.IdentityModel.Tokens.ECDsaSecurityKey.HasPrivateKey">
365 Gets a bool indicating if a private key exists.
367 <return>true if it has a private key; otherwise, false.</return>
369 <member name="P:Microsoft.IdentityModel.Tokens.ECDsaSecurityKey.KeySize">
371 Gets <see cref="T:System.Security.Cryptography.ECDsa"/> key size.
374 <member name="T:Microsoft.IdentityModel.Tokens.EncryptingCredentials">
376 A wrapper class for properties that are used for token encryption.
379 <member name="M:Microsoft.IdentityModel.Tokens.EncryptingCredentials.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String,System.String)">
381 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.EncryptingCredentials"/> class.
383 <param name="key"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/></param>
384 <param name="alg">The key encryption algorithm to apply.</param>
385 <param name="enc">The encryption algorithm to apply.</param>
387 <member name="P:Microsoft.IdentityModel.Tokens.EncryptingCredentials.Alg">
389 Gets the algorithm which used for token encryption.
392 <member name="P:Microsoft.IdentityModel.Tokens.EncryptingCredentials.Enc">
394 Gets the algorithm which used for token encryption.
397 <member name="P:Microsoft.IdentityModel.Tokens.EncryptingCredentials.CryptoProviderFactory">
399 Users can override the default <see cref="P:Microsoft.IdentityModel.Tokens.EncryptingCredentials.CryptoProviderFactory"/> with this property. This factory will be used for creating encryition providers.
402 <member name="P:Microsoft.IdentityModel.Tokens.EncryptingCredentials.Key">
404 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> which used for signature valdiation.
407 <member name="T:Microsoft.IdentityModel.Tokens.EpochTime">
409 Returns the absolute DateTime or the Seconds since Unix Epoch, where Epoch is UTC 1970-01-01T0:0:0Z.
412 <member name="F:Microsoft.IdentityModel.Tokens.EpochTime.UnixEpoch">
414 DateTime as UTV for UnixEpoch
417 <member name="M:Microsoft.IdentityModel.Tokens.EpochTime.GetIntDate(System.DateTime)">
420 Gets the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the desired date/time.
422 <param name="datetime">The DateTime to convert to seconds.</param>
423 <remarks>if dateTimeUtc less than UnixEpoch, return 0</remarks>
424 <returns>the number of seconds since Unix Epoch.</returns>
426 <member name="M:Microsoft.IdentityModel.Tokens.EpochTime.DateTime(System.Int64)">
428 Creates a DateTime from epoch time.
430 <param name="secondsSinceUnixEpoch">Number of seconds.</param>
431 <returns>The DateTime in UTC.</returns>
433 <member name="T:Microsoft.IdentityModel.Tokens.ICryptoProvider">
438 <member name="M:Microsoft.IdentityModel.Tokens.ICryptoProvider.IsSupportedAlgorithm(System.String,System.Object[])">
440 Called to determine if a cryptoType is supported.
442 <param name="algorithm">the algorithm that defines the crypto operator.</param>
443 <param name="args">the arguments required by the cryptoType. May be null.</param>
444 <returns>true if supported</returns>
446 <member name="M:Microsoft.IdentityModel.Tokens.ICryptoProvider.Create(System.String,System.Object[])">
448 returns an object of cryptoType.
450 <param name="algorithm">the algorithm that defines the crypto operator.</param>
451 <param name="args">the arguments required by the cryptoType. May be null.</param>
452 <remarks>call <see cref="M:Microsoft.IdentityModel.Tokens.ICryptoProvider.Release(System.Object)"/> when finished with the object.</remarks>
454 <member name="M:Microsoft.IdentityModel.Tokens.ICryptoProvider.Release(System.Object)">
456 called to release the object returned from <see cref="M:Microsoft.IdentityModel.Tokens.ICryptoProvider.Create(System.String,System.Object[])"/>
458 <param name="cryptoInstance">the object returned from <see cref="M:Microsoft.IdentityModel.Tokens.ICryptoProvider.Create(System.String,System.Object[])"/>.</param>
460 <member name="T:Microsoft.IdentityModel.Tokens.ISecurityTokenValidator">
462 ISecurityTokenValidator
465 <member name="M:Microsoft.IdentityModel.Tokens.ISecurityTokenValidator.CanReadToken(System.String)">
467 Returns true if the token can be read, false otherwise.
470 <member name="P:Microsoft.IdentityModel.Tokens.ISecurityTokenValidator.CanValidateToken">
472 Returns true if a token can be validated.
475 <member name="P:Microsoft.IdentityModel.Tokens.ISecurityTokenValidator.MaximumTokenSizeInBytes">
477 Gets and sets the maximum size in bytes, that a will be processed.
480 <member name="M:Microsoft.IdentityModel.Tokens.ISecurityTokenValidator.ValidateToken(System.String,Microsoft.IdentityModel.Tokens.TokenValidationParameters,Microsoft.IdentityModel.Tokens.SecurityToken@)">
482 Validates a token passed as a string using <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/>
485 <member name="T:Microsoft.IdentityModel.Tokens.ITokenReplayCache">
487 Interface that defines a simple cache for tacking replaying of security tokens.
490 <member name="M:Microsoft.IdentityModel.Tokens.ITokenReplayCache.TryAdd(System.String,System.DateTime)">
492 Try to add a securityToken.
494 <param name="securityToken">the security token to add.</param>
495 <param name="expiresOn">the time when security token expires.</param>
496 <returns>true if the security token was successfully added.</returns>
498 <member name="M:Microsoft.IdentityModel.Tokens.ITokenReplayCache.TryFind(System.String)">
500 Try to find securityToken
502 <param name="securityToken">the security token to find.</param>
503 <returns>true if the security token is found.</returns>
505 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebAlgorithmsKeyTypes">
507 Constants for JsonWebAlgorithms "kty" Key Type (sec 6.1)
508 http://tools.ietf.org/html/rfc7518#section-6.1
511 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebKey">
513 Represents a Json Web Key as defined in http://tools.ietf.org/html/rfc7517.
516 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebKey.KeyBlobMagicNumber">
518 Magic numbers identifying ECDSA blob types
521 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKey.Create(System.String)">
523 Returns a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/>.
525 <param name="json">A string that contains JSON Web Key parameters in JSON format.</param>
526 <returns><see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/></returns>
527 <exception cref="T:System.ArgumentNullException">If 'json' is null or empty.</exception>
528 <exception cref="T:System.ArgumentException">If 'json' fails to deserialize.</exception>
530 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKey.#ctor">
532 Initializes an new instance of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/>.
535 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKey.#ctor(System.String)">
537 Initializes an new instance of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/> from a json string.
539 <param name="json">A string that contains JSON Web Key parameters in JSON format.</param>
540 <exception cref="T:System.ArgumentNullException">If 'json' is null or empty.</exception>
541 <exception cref="T:System.ArgumentException">If 'json' fails to deserialize.</exception>
543 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.AdditionalData">
545 When deserializing from JSON any properties that are not defined will be placed here.
548 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Alg">
550 Gets or sets the 'alg' (KeyType)..
553 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Crv">
555 Gets or sets the 'crv' (ECC - Curve)..
558 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.D">
560 Gets or sets the 'd' (ECC - Private Key OR RSA - Private Exponent)..
562 <remarks>Value is formated as: Base64urlUInt</remarks>
564 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.DP">
566 Gets or sets the 'dp' (RSA - First Factor CRT Exponent)..
568 <remarks>Value is formated as: Base64urlUInt</remarks>
570 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.DQ">
572 Gets or sets the 'dq' (RSA - Second Factor CRT Exponent)..
574 <remarks>Value is formated as: Base64urlUInt</remarks>
576 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.E">
578 Gets or sets the 'e' (RSA - Exponent)..
581 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.K">
583 Gets or sets the 'k' (Symmetric - Key Value)..
587 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.KeyOps">
589 Gets the 'key_ops' (Key Operations)..
592 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Kid">
594 Gets or sets the 'kid' (Key ID)..
597 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Kty">
599 Gets or sets the 'kty' (Key Type)..
602 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.N">
604 Gets or sets the 'n' (RSA - Modulus)..
606 <remarks>Value is formated as: Base64urlEncoding</remarks>
608 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Oth">
610 Gets or sets the 'oth' (RSA - Other Primes Info)..
613 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.P">
615 Gets or sets the 'p' (RSA - First Prime Factor)..
617 <remarks>Value is formated as: Base64urlUInt</remarks>
619 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Q">
621 Gets or sets the 'q' (RSA - Second Prime Factor)..
623 <remarks>Value is formated as: Base64urlUInt</remarks>
625 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.QI">
627 Gets or sets the 'qi' (RSA - First CRT Coefficient)..
629 <remarks>Value is formated as: Base64urlUInt</remarks>
631 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Use">
633 Gets or sets the 'use' (Public Key Use)..
636 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.X">
638 Gets or sets the 'x' (ECC - X Coordinate)..
640 <remarks>Value is formated as: Base64urlEncoding</remarks>
642 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.X5c">
644 Gets the 'x5c' collection (X.509 Certificate Chain)..
647 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.X5t">
649 Gets or sets the 'x5t' (X.509 Certificate SHA-1 thumbprint)..
652 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.X5tS256">
654 Gets or sets the 'x5t#S256' (X.509 Certificate SHA-1 thumbprint)..
657 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.X5u">
659 Gets or sets the 'x5u' (X.509 URL)..
662 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Y">
664 Gets or sets the 'y' (ECC - Y Coordinate)..
666 <remarks>Value is formated as: Base64urlEncoding</remarks>
668 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.KeySize">
670 Gets the key size of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/>.
673 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKey.HasPrivateKey">
675 Gets a bool indicating if a private key exists.
677 <return>true if it has a private key; otherwise, false.</return>
679 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKey.GetKeyByteCount(System.String)">
681 Returns the size of key in bytes
683 <param name="curveId">Represents ecdsa curve -P256, P384, P521</param>
684 <returns>Size of the key in bytes</returns>
686 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKey.GetMagicValue(System.String,System.Boolean)">
688 Returns the magic value representing the curve corresponding to the curve id.
690 <param name="curveId">Represents ecdsa curve -P256, P384, P512</param>
691 <param name="willCreateSignatures">Whether the provider will create signatures or not</param>
692 <returns>Uint representing the magic number</returns>
694 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebKeyECTypes">
696 Constants for JsonWebKey Elliptical Curve Types
697 https://tools.ietf.org/html/rfc7518#section-6.2.1.1
700 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebKeyParameterNames">
702 Names for Json Web Key Values
705 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebKeySet">
707 Contains a collection of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/> that can be populated from a json string.
709 <remarks>provides support for http://tools.ietf.org/html/rfc7517.</remarks>
711 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKeySet.Create(System.String)">
713 Returns a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKeySet"/>.
715 <param name="json">a string that contains JSON Web Key parameters in JSON format.</param>
716 <returns><see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKeySet"/></returns>
717 <exception cref="T:System.ArgumentNullException">If 'json' is null or empty.</exception>
718 <exception cref="T:System.ArgumentException">If 'json' fails to deserialize.</exception>
720 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKeySet.#ctor">
722 Initializes an new instance of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKeySet"/>.
725 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKeySet.#ctor(System.String)">
727 Initializes an new instance of <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKeySet"/> from a json string.
729 <param name="json">a json string containing values.</param>
730 <exception cref="T:System.ArgumentNullException">If 'json' is null or empty.</exception>
731 <exception cref="T:System.ArgumentException">If 'json' fails to deserialize.</exception>
733 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKeySet.AdditionalData">
735 When deserializing from JSON any properties that are not defined will be placed here.
738 <member name="P:Microsoft.IdentityModel.Tokens.JsonWebKeySet.Keys">
740 Gets the <see cref="T:System.Collections.Generic.IList`1"/>.
743 <member name="M:Microsoft.IdentityModel.Tokens.JsonWebKeySet.GetSigningKeys">
745 Returns the JsonWebKeys as a <see cref="T:System.Collections.Generic.IList`1"/>.
748 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebKeySetParameterNames">
750 Names for Json Web Key Set Values
753 <member name="T:Microsoft.IdentityModel.Tokens.JsonWebKeyUseNames">
755 Constants for JsonWebKeyUse (sec 4.2)
756 http://tools.ietf.org/html/rfc7517#section-4
759 <member name="T:Microsoft.IdentityModel.Tokens.LogMessages">
761 Log messages and codes
764 <member name="T:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy">
766 The purpose of this class is to ensure that we obtain an RsaCryptoServiceProvider that supports SHA-256 signatures.
767 If the original RsaCryptoServiceProvider doesn't support SHA-256, we create a new one using the same KeyContainer.
770 <member name="M:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy.#ctor(System.Security.Cryptography.RSACryptoServiceProvider)">
772 Initializes an new instance of <see cref="T:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy"/>.
774 <param name="rsa"><see cref="T:System.Security.Cryptography.RSACryptoServiceProvider"/></param>
776 <member name="M:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy.Finalize">
778 Destructs the <see cref="T:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy"/> instance.
781 <member name="M:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy.Dispose">
783 Releases all resources used by the current instance of the <see cref="T:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy"/> class.
786 <member name="M:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy.Decrypt(System.Byte[],System.Boolean)">
788 Decrypts data with the System.Security.Cryptography.RSA algorithm.
790 <param name="input">The data to be decrypted.</param>
791 <param name="fOAEP">true to perform direct System.Security.Cryptography.RSA decryption using OAEP padding (only available on a computer running Microsoft Windows XP or later);o
792 therwise, false to use PKCS#1 v1.5 padding.</param>
795 <member name="M:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy.Encrypt(System.Byte[],System.Boolean)">
797 Encrypts data with the System.Security.Cryptography.RSA algorithm.
799 <param name="input">The data to be encrypted.</param>
800 <param name="fOAEP">true to perform direct System.Security.Cryptography.RSA encryption using OAEP padding (only available on a computer running Microsoft Windows XP or later);
801 otherwise, false to use PKCS#1 v1.5 padding.</param>
804 <member name="M:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy.SignData(System.Byte[],System.Object)">
806 Computes the hash value of the specified byte array using the specified hash algorithm, and signs the resulting hash value.
808 <param name="signingInput">The input byte array for which to compute the hash.</param>
809 <param name="hash">The hash algorithm to use to create the hash value. </param>
810 <returns>The <see cref="T:System.Security.Cryptography.RSA"/> Signature for the specified data.</returns>
812 <member name="M:Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy.VerifyData(System.Byte[],System.Object,System.Byte[])">
814 Verifies that a digital signature is valid by determining the hash value in the signature using the provided public key and comparing it to the hash value of the provided data.
816 <param name="signingInput">The input byte array.</param>
817 <param name="hash">The hash algorithm to use to create the hash value.</param>
818 <param name="signature">The signature byte array to be verified.</param>
819 <returns>true if the signature is valid; otherwise, false.</returns>
821 <member name="T:Microsoft.IdentityModel.Tokens.RsaSecurityKey">
823 Represents a Rsa security key.
826 <member name="M:Microsoft.IdentityModel.Tokens.RsaSecurityKey.#ctor(System.Security.Cryptography.RSAParameters)">
828 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.RsaSecurityKey"/> class.
830 <param name="rsaParameters"><see cref="T:System.Security.Cryptography.RSAParameters"/></param>
832 <member name="M:Microsoft.IdentityModel.Tokens.RsaSecurityKey.#ctor(System.Security.Cryptography.RSA)">
834 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.RsaSecurityKey"/> class.
836 <param name="rsa"><see cref="T:System.Security.Cryptography.RSA"/></param>
838 <member name="P:Microsoft.IdentityModel.Tokens.RsaSecurityKey.HasPrivateKey">
840 Gets a bool indicating if a private key exists.
842 <return>true if it has a private key; otherwise, false.</return>
844 <member name="P:Microsoft.IdentityModel.Tokens.RsaSecurityKey.KeySize">
849 <member name="P:Microsoft.IdentityModel.Tokens.RsaSecurityKey.Parameters">
851 <see cref="T:System.Security.Cryptography.RSAParameters"/> used to initialize the key.
854 <member name="P:Microsoft.IdentityModel.Tokens.RsaSecurityKey.Rsa">
856 <see cref="T:System.Security.Cryptography.RSA"/> instance used to initialize the key.
859 <member name="T:Microsoft.IdentityModel.Tokens.SecurityAlgorithms">
861 Constants for Security Algorithm.
864 <member name="F:Microsoft.IdentityModel.Tokens.SecurityAlgorithms.EcdsaSha256">
865 see: http://tools.ietf.org/html/rfc7518#section-3
867 <member name="F:Microsoft.IdentityModel.Tokens.SecurityAlgorithms.Aes128KW">
868 see: https://tools.ietf.org/html/rfc7518#section-4.1
870 <member name="T:Microsoft.IdentityModel.Tokens.SecurityKey">
872 Base class for Security Key.
875 <member name="P:Microsoft.IdentityModel.Tokens.SecurityKey.KeySize">
877 This must be overridden to get the size of this <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.
880 <member name="P:Microsoft.IdentityModel.Tokens.SecurityKey.KeyId">
882 Gets the key id of this <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.
885 <member name="P:Microsoft.IdentityModel.Tokens.SecurityKey.CryptoProviderFactory">
887 Gets or sets <see cref="T:Microsoft.IdentityModel.Tokens.CryptoProviderFactory"/>.
890 <member name="T:Microsoft.IdentityModel.Tokens.SecurityKeyIdentifierClause">
892 Contains information about the keys inside the tokens.
895 <member name="T:Microsoft.IdentityModel.Tokens.SecurityToken">
897 Base class for security token.
900 <member name="P:Microsoft.IdentityModel.Tokens.SecurityToken.Id">
902 This must be overridden to get the Id of this <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.
905 <member name="P:Microsoft.IdentityModel.Tokens.SecurityToken.Issuer">
907 This must be overridden to get the issuer of this <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.
910 <member name="P:Microsoft.IdentityModel.Tokens.SecurityToken.SecurityKey">
912 This must be overridden to get the <see cref="P:Microsoft.IdentityModel.Tokens.SecurityToken.SecurityKey"/>.
915 <member name="P:Microsoft.IdentityModel.Tokens.SecurityToken.SigningKey">
917 This must be overridden to get or set the <see cref="P:Microsoft.IdentityModel.Tokens.SecurityToken.SecurityKey"/> that signed this instance.
919 <remarks><see cref="T:Microsoft.IdentityModel.Tokens.ISecurityTokenValidator"/>.ValidateToken(...) can this value when a <see cref="P:Microsoft.IdentityModel.Tokens.SecurityToken.SecurityKey"/> is used to successfully validate a signature.</remarks>
921 <member name="P:Microsoft.IdentityModel.Tokens.SecurityToken.ValidFrom">
923 This must be overridden to get the time when this <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> was Valid.
926 <member name="P:Microsoft.IdentityModel.Tokens.SecurityToken.ValidTo">
928 This must be overridden to get the time when this <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> is no longer Valid.
931 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor">
933 Contains some information which used to create a security token.
936 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.Audience">
938 Gets or sets the value of the 'audience' claim.
941 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.EncryptingCredentials">
943 Gets or sets the <see cref="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.EncryptingCredentials"/> used to create a encrypted security token.
946 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.Expires">
948 Gets or sets the value of the 'expiration' claim.
951 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.Issuer">
953 Gets or sets the issuer of this <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor"/>.
956 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.IssuedAt">
958 Gets or sets the time the security token was issued.
961 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.NotBefore">
963 Gets or sets the notbefore time for the security token.
966 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.SigningCredentials">
968 Gets or sets the <see cref="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.SigningCredentials"/> used to create a security token.
971 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.Subject">
973 Gets or sets the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
976 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenHandler">
978 Defines the interface for a Security Token Handler.
981 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.#ctor">
983 Creates an instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenHandler"/>
986 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.CreateSecurityTokenReference(Microsoft.IdentityModel.Tokens.SecurityToken,System.Boolean)">
988 Returns <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKeyIdentifierClause"/>.
990 <param name="token"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/></param>
991 <param name="attached">true if attached; otherwise, false.</param>
993 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.CreateToken(Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor)">
995 Returns <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.
997 <param name="tokenDescriptor"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor"/></param>
999 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.CanValidateToken">
1001 Gets a value indicating whether this handler supports validation of tokens
1002 handled by this instance.
1004 <returns>'True' if the instance is capable of SecurityToken
1005 validation.</returns>
1007 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.CanWriteToken">
1009 Gets a value indicating whether the class provides serialization functionality to serialize token handled
1012 <returns>true if the WriteToken method can serialize this token.</returns>
1014 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.TokenType">
1016 This must be overridden to get the System.Type of the SecurityToken this instance handles.
1019 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.CanReadToken(System.String)">
1021 Indicates whether the current token string can be read as a token
1022 of the type handled by this instance.
1024 <param name="tokenString">The token string thats needs to be read.</param>
1025 <returns>'True' if the ReadToken method can parse the token string.</returns>
1027 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.ReadToken(System.String)">
1029 Deserializes from string a token of the type handled by this instance.
1031 <param name="tokenString">The string to be deserialized.</param>
1032 <returns>SecurityToken instance which represents the serialized token.</returns>
1034 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.ReadToken(System.Xml.XmlReader)">
1036 Gets security token.
1038 <param name="reader"><see cref="T:System.Xml.XmlReader"/>.</param>
1039 <remarks>SecurityToken instance which represents the serialized token.</remarks>
1041 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.WriteToken(Microsoft.IdentityModel.Tokens.SecurityToken)">
1043 Serializes to string a token of the type handled by this instance.
1045 <param name="token">A token of type TokenType.</param>
1046 <returns>The serialized token.</returns>
1048 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.WriteToken(System.Xml.XmlWriter,Microsoft.IdentityModel.Tokens.SecurityToken)">
1050 This must be overridden to serialize to XML a token of the type handled by this instance.
1052 <param name="writer">The XML writer.</param>
1053 <param name="token">A token of type <see cref="P:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.TokenType"/>.</param>
1055 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenHandler.ReadToken(System.Xml.XmlReader,Microsoft.IdentityModel.Tokens.TokenValidationParameters)">
1057 This must be overridden to deserialize token with the provided <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/>.
1059 <param name="reader"><see cref="T:System.Xml.XmlReader"/>.</param>
1060 <param name="validationParameters">the current <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/>.</param>
1061 <remarks>SecurityToken instance which represents the serialized token.</remarks>
1063 <member name="T:Microsoft.IdentityModel.Tokens.SignatureProvider">
1065 Provides signature services, signing and verifying.
1068 <member name="M:Microsoft.IdentityModel.Tokens.SignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
1070 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/> class used to create and verify signatures.
1072 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for signature operations.</param>
1073 <param name="algorithm">The signature algorithm to apply.</param>
1074 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
1076 <member name="P:Microsoft.IdentityModel.Tokens.SignatureProvider.Context">
1078 Gets or sets a user context for a <see cref="T:Microsoft.IdentityModel.Tokens.SignatureProvider"/>.
1081 <member name="P:Microsoft.IdentityModel.Tokens.SignatureProvider.Key">
1083 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.
1086 <member name="P:Microsoft.IdentityModel.Tokens.SignatureProvider.Algorithm">
1088 Gets the signature algorithm.
1091 <member name="M:Microsoft.IdentityModel.Tokens.SignatureProvider.Sign(System.Byte[])">
1093 This must be overridden to produce a signature over the 'input'.
1095 <param name="input">bytes to sign.</param>
1096 <returns>signed bytes</returns>
1098 <member name="M:Microsoft.IdentityModel.Tokens.SignatureProvider.Verify(System.Byte[],System.Byte[])">
1100 This must be overridden to verify a signature created over the 'input'.
1102 <param name="input">bytes to verify.</param>
1103 <param name="signature">signature to compare against.</param>
1104 <returns>true if the computed signature matches the signature parameter, false otherwise.</returns>
1106 <member name="M:Microsoft.IdentityModel.Tokens.SignatureProvider.Dispose">
1108 Calls <see cref="M:Microsoft.IdentityModel.Tokens.SignatureProvider.Dispose(System.Boolean)"/> and <see cref="M:System.GC.SuppressFinalize(System.Object)"/>
1111 <member name="M:Microsoft.IdentityModel.Tokens.SignatureProvider.Dispose(System.Boolean)">
1113 Can be over written in descendants to dispose of internal components.
1115 <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer</param>
1117 <member name="T:Microsoft.IdentityModel.Tokens.SigningCredentials">
1119 A wrapper class for properties that are used for signature valdiation.
1122 <member name="M:Microsoft.IdentityModel.Tokens.SigningCredentials.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
1124 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SigningCredentials"/> class.
1126 <param name="key"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/></param>
1127 <param name="algorithm">The signature algorithm to apply.</param>
1129 <member name="P:Microsoft.IdentityModel.Tokens.SigningCredentials.Algorithm">
1131 Gets the algorithm which used for signature valdiation.
1134 <member name="P:Microsoft.IdentityModel.Tokens.SigningCredentials.CryptoProviderFactory">
1136 Users can override the default <see cref="P:Microsoft.IdentityModel.Tokens.SigningCredentials.CryptoProviderFactory"/> with this property. This factory will be used for creating signature providers.
1139 <member name="P:Microsoft.IdentityModel.Tokens.SigningCredentials.Key">
1141 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> which used for signature valdiation.
1144 <member name="P:Microsoft.IdentityModel.Tokens.SigningCredentials.Kid">
1146 Gets the key id which used for signature valdiation.
1149 <member name="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey">
1151 Represents a symmetric security key.
1154 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey.#ctor(System.Byte[])">
1156 Returns a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> instance.
1158 <param name="key">The byte array of the key.</param>
1160 <member name="P:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey.KeySize">
1165 <member name="P:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey.Key">
1167 Gets the byte array of the key.
1170 <member name="T:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider">
1172 Provides signing and verifying operations using a <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> and specifying an algorithm.
1175 <member name="F:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.DefaultMinimumSymmetricKeySizeInBits">
1177 This is the minimum <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/>.KeySize when creating and verifying signatures.
1180 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
1182 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider"/> class that uses an <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> to create and / or verify signatures over a array of bytes.
1184 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for signature operations.</param>
1185 <param name="algorithm">The signature algorithm to use.</param>
1186 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
1187 <exception cref="T:System.ArgumentException">If <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm pair are not supported.</exception>
1188 <exception cref="T:System.ArgumentOutOfRangeException">'<see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.KeySize' is smaller than <see cref="P:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.MinimumSymmetricKeySizeInBits"/>.</exception>
1189 <exception cref="T:System.InvalidOperationException"><see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyedHashAlgorithm(System.Byte[],System.String)"/> throws.</exception>
1190 <exception cref="T:System.InvalidOperationException"><see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyedHashAlgorithm(System.Byte[],System.String)"/> returns null.</exception>
1192 <member name="P:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.MinimumSymmetricKeySizeInBits">
1194 Gets or sets the minimum <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/>.KeySize"/>.
1196 <exception cref="T:System.ArgumentOutOfRangeException">'value' is smaller than <see cref="F:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.DefaultMinimumSymmetricKeySizeInBits"/>.</exception>
1198 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyBytes(Microsoft.IdentityModel.Tokens.SecurityKey)">
1200 Called to obtain the byte[] needed to create a <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/>
1202 <param name="key"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>that will be used to obtain the byte[].</param>
1203 <returns><see cref="T:System.Byte"/>[] that is used to populated the KeyedHashAlgorithm.</returns>
1204 <exception cref="T:System.ArgumentNullException">if key is null.</exception>
1205 <exception cref="T:System.ArgumentException">if a byte[] can not be obtained from SecurityKey.</exception>
1206 <remarks><see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> and <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/> are supported.
1207 <para>For a <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> .Key is returned</para>
1208 <para>For a <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/>Base64UrlEncoder.DecodeBytes is called with <see cref="P:Microsoft.IdentityModel.Tokens.JsonWebKey.K"/> if <see cref="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Kty"/> == JsonWebAlgorithmsKeyTypes.Octet</para>
1211 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyedHashAlgorithm(System.Byte[],System.String)">
1213 Returns the <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/>.
1215 <param name="algorithm">The hash algorithm to use to create the hash value.</param>
1216 <param name="keyBytes">The byte array of the key.</param>
1219 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Sign(System.Byte[])">
1221 Produces a signature over the 'input' using the <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> and 'algorithm' passed to <see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)"/>.
1223 <param name="input">The bytes to sign.</param>
1224 <returns>Signed bytes</returns>
1225 <exception cref="T:System.ArgumentNullException">'input' is null. </exception>
1226 <exception cref="T:System.ArgumentException">'input.Length' == 0. </exception>
1227 <exception cref="T:System.ObjectDisposedException"><see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called.</exception>
1228 <exception cref="T:System.InvalidOperationException"><see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
1230 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Verify(System.Byte[],System.Byte[])">
1232 Verifies that a signature created over the 'input' matches the signature. Using <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> and 'algorithm' passed to <see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)"/>.
1234 <param name="input">The bytes to verify.</param>
1235 <param name="signature">signature to compare against.</param>
1236 <returns>true if computed signature matches the signature parameter, false otherwise.</returns>
1237 <exception cref="T:System.ArgumentNullException">'input' is null.</exception>
1238 <exception cref="T:System.ArgumentNullException">'signature' is null.</exception>
1239 <exception cref="T:System.ArgumentException">'input.Length' == 0.</exception>
1240 <exception cref="T:System.ArgumentException">'signature.Length' == 0. </exception>
1241 <exception cref="T:System.ObjectDisposedException"><see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called.</exception>
1242 <exception cref="T:System.InvalidOperationException">If the internal <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
1244 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Verify(System.Byte[],System.Byte[],System.Int32)">
1246 Verifies that a signature created over the 'input' matches the signature. Using <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> and 'algorithm' passed to <see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)"/>.
1248 <param name="input">The bytes to verify.</param>
1249 <param name="signature">signature to compare against.</param>
1250 <param name="length">number of bytes of signature to use.</param>
1251 <returns>true if computed signature matches the signature parameter, false otherwise.</returns>
1252 <exception cref="T:System.ArgumentNullException">'input' is null.</exception>
1253 <exception cref="T:System.ArgumentNullException">'signature' is null.</exception>
1254 <exception cref="T:System.ArgumentException">'input.Length' == 0.</exception>
1255 <exception cref="T:System.ArgumentException">'signature.Length' == 0. </exception>
1256 <exception cref="T:System.ArgumentException">'length < 1'</exception>
1257 <exception cref="T:System.ObjectDisposedException"><see cref="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called.</exception>
1258 <exception cref="T:System.InvalidOperationException">If the internal <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
1260 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Dispose(System.Boolean)">
1262 Disposes of internal components.
1264 <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer.</param>
1266 <member name="T:Microsoft.IdentityModel.Tokens.AudienceValidator">
1268 Definition for AudienceValidator.
1270 <param name="audiences">The audiences found in the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1271 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
1272 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1273 <returns>true if the audience is considered valid.</returns>
1275 <member name="T:Microsoft.IdentityModel.Tokens.IssuerSigningKeyResolver">
1277 Definition for IssuerSigningKeyResolver.
1279 <param name="token">The <see cref="T:System.String"/> representation of the token that is being validated.</param>
1280 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> that is being validated. It may be null.</param>
1281 <param name="kid">A key identifier. It may be null.</param>
1282 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1283 <returns>A <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> to use when validating a signature.</returns>
1285 <member name="T:Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidator">
1287 Definition for IssuerSigningKeyValidator.
1289 <param name="securityKey">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that signed the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1290 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
1291 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1293 <member name="T:Microsoft.IdentityModel.Tokens.IssuerValidator">
1295 Definition for IssuerValidator.
1297 <param name="issuer">The issuer to validate.</param>
1298 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> that is being validated.</param>
1299 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1300 <returns>The issuer to use when creating the "Claim"(s) in a "ClaimsIdentity".</returns>
1301 <remarks>The delegate should return a non null string that represents the 'issuer'. If null a default value will be used.</remarks>
1303 <member name="T:Microsoft.IdentityModel.Tokens.LifetimeValidator">
1305 Definition for LifetimeValidator.
1307 <param name="notBefore">The 'notBefore' time found in the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1308 <param name="expires">The 'expiration' time found in the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1309 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
1310 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1312 <member name="T:Microsoft.IdentityModel.Tokens.SignatureValidator">
1314 Definition for SignatureValidator.
1316 <param name="token">A securityToken with a signature.</param>
1317 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1319 <member name="T:Microsoft.IdentityModel.Tokens.TokenDecryptionKeyResolver">
1321 Definition for TokenDecryptionKeyResolver.
1323 <param name="token">The <see cref="T:System.String"/> representation of the token to be decrypted.</param>
1324 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> to be decrypted. The runtime by default passes null.</param>
1325 <param name="kid">A key identifier. It may be null.</param>
1326 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1327 <returns>A <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> to use when decrypting the token.</returns>
1329 <member name="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters">
1331 Contains a set of parameters that are used by a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenHandler"/> when validating a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.
1334 <member name="F:Microsoft.IdentityModel.Tokens.TokenValidationParameters.DefaultAuthenticationType">
1336 This is the fallback authenticationtype that a <see cref="T:Microsoft.IdentityModel.Tokens.ISecurityTokenValidator"/> will use if nothing is set.
1339 <member name="F:Microsoft.IdentityModel.Tokens.TokenValidationParameters.DefaultClockSkew">
1341 Default for the clock skew.
1343 <remarks>300 seconds (5 minutes).</remarks>
1345 <member name="F:Microsoft.IdentityModel.Tokens.TokenValidationParameters.DefaultMaximumTokenSizeInBytes">
1347 Default for the maximm token size.
1349 <remarks>2 MB (mega bytes).</remarks>
1351 <member name="M:Microsoft.IdentityModel.Tokens.TokenValidationParameters.#ctor(Microsoft.IdentityModel.Tokens.TokenValidationParameters)">
1353 Copy constructor for <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/>.
1356 <member name="M:Microsoft.IdentityModel.Tokens.TokenValidationParameters.#ctor">
1358 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> class.
1361 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ActorValidationParameters">
1363 Gets or sets <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/>.
1366 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator">
1368 Gets or sets a delegate that will be used to validate the audience.
1371 If set, this delegate will be called to validate the 'audience' instead of normal processing.
1372 If <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateAudience"/> is false, this delegate will not be called.
1375 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.AuthenticationType">
1377 Gets or sets the AuthenticationType when creating a <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
1379 <exception cref="T:System.ArgumentNullException">If 'value' is null or whitespace.</exception>
1381 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ClockSkew">
1383 Gets or sets the clock skew to apply when validating a time.
1385 <exception cref="T:System.ArgumentOutOfRangeException">If 'value' is less than 0.</exception>
1387 <member name="M:Microsoft.IdentityModel.Tokens.TokenValidationParameters.Clone">
1389 Returns a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> with values copied from this object.
1391 <returns>A new <see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> object copied from this object</returns>
1392 <remarks>This is a shallow Clone.</remarks>
1394 <member name="M:Microsoft.IdentityModel.Tokens.TokenValidationParameters.CreateClaimsIdentity(Microsoft.IdentityModel.Tokens.SecurityToken,System.String)">
1396 Creates a <see cref="T:System.Security.Claims.ClaimsIdentity"/> using:
1397 <para><see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.AuthenticationType"/></para>
1398 <para>'NameClaimType': If NameClaimTypeRetriever is set, call delegate, else call NameClaimType. If the result is a null or empty string, use <see cref="F:System.Security.Claims.ClaimsIdentity.DefaultNameClaimType"/></para>.
1399 <para>'RoleClaimType': If RoleClaimTypeRetriever is set, call delegate, else call RoleClaimType. If the result is a null or empty string, use <see cref="F:System.Security.Claims.ClaimsIdentity.DefaultRoleClaimType"/></para>.
1401 <returns>A <see cref="T:System.Security.Claims.ClaimsIdentity"/> with Authentication, NameClaimType and RoleClaimType set.</returns>
1403 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.CryptoProviderFactory">
1405 Users can override the default <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.CryptoProviderFactory"/> with this property. This factory will be used for creating signature providers.
1408 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.TokenDecryptionKey">
1410 Gets or sets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that is to be used for decryption.
1413 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.TokenDecryptionKeyResolver">
1415 Gets or sets a delegate that will be called to retreive a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> used for decryption.
1418 This <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> will be used to decrypt the token. This can be helpful when the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> does not contain a key identifier.
1421 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKeyValidator">
1423 Gets or sets a delegate for validating the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that signed the token.
1426 If set, this delegate will be called to validate the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that signed the token, instead of normal processing.
1429 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKey">
1431 Gets or sets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that is to be used for signature validation.
1434 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKeyResolver">
1436 Gets or sets a delegate that will be called to retreive a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> used for signature validation.
1439 This <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> will be used to check the signature. This can be helpful when the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> does not contain a key identifier.
1442 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKeys">
1444 Gets or sets an <see cref="T:System.Collections.Generic.IEnumerable`1"/> used for signature validation.
1447 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.IssuerValidator">
1449 Gets or sets a delegate that will be used to validate the issuer of the token.
1452 If set, this delegate will be called to validate the 'issuer' of the token, instead of normal processing.
1453 If <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateIssuer"/> is false, this delegate will not be called.
1456 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.LifetimeValidator">
1458 Gets or sets a delegate that will be used to validate the lifetime of the token
1461 If set, this delegate will be called to validate the lifetime of the token, instead of normal processing.
1462 If <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateLifetime"/> is false, this delegate will not be called.
1465 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.NameClaimType">
1467 Gets or sets a <see cref="T:System.String"/> that defines the <see cref="P:System.Security.Claims.ClaimsIdentity.NameClaimType"/>.
1470 Controls the value <see cref="P:System.Security.Claims.ClaimsIdentity.Name"/> returns. It will return the first <see cref="P:System.Security.Claims.Claim.Value"/> where the <see cref="P:System.Security.Claims.Claim.Type"/> equals <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.NameClaimType"/>.
1473 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.RoleClaimType">
1475 Gets or sets the <see cref="T:System.String"/> that defines the <see cref="P:System.Security.Claims.ClaimsIdentity.RoleClaimType"/>.
1478 <para>Controls the results of <see cref="M:System.Security.Claims.ClaimsPrincipal.IsInRole(System.String)"/>.</para>
1479 <para>Each <see cref="T:System.Security.Claims.Claim"/> where <see cref="P:System.Security.Claims.Claim.Type"/> == <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.RoleClaimType"/> will be checked for a match against the 'string' passed to <see cref="M:System.Security.Claims.ClaimsPrincipal.IsInRole(System.String)"/>.</para>
1482 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.NameClaimTypeRetriever">
1484 Gets or sets a delegate that will be called to obtain the NameClaimType to use when creating a ClaimsIdentity
1485 after validating a token.
1488 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.RequireExpirationTime">
1490 Gets or sets a value indicating whether tokens must have an 'expiration' value.
1493 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.RequireSignedTokens">
1495 Gets or sets a value indicating whether a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> can be considered valid if not signed.
1498 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.RoleClaimTypeRetriever">
1500 Gets or sets a delegate that will be called to obtain the RoleClaimType to use when creating a ClaimsIdentity
1501 after validating a token.
1504 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.SaveSigninToken">
1506 Gets or sets a boolean to control if the original token should be saved after the security token is validated.
1508 <remarks>The runtime will consult this value and save the orginal token that was validated.</remarks>
1510 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.SignatureValidator">
1512 Gets or sets a delegate that will be used to validate the signature of the token.
1515 If set, this delegate will be called to signature of the token, instead of normal processing.
1518 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.TokenDecryptionKeys">
1520 Gets or sets the <see cref="T:System.Collections.Generic.IEnumerable`1"/> that is to be used for decrypting inbound tokens.
1523 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.TokenReplayCache">
1525 Gets or set the <see cref="T:Microsoft.IdentityModel.Tokens.ITokenReplayCache"/> that store tokens that can be checked to help detect token replay.
1527 <remarks>If set, then tokens must have an expriation time or the runtime will fault.</remarks>
1529 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateActor">
1531 Gets or sets a value indicating if an actor token is detected, whether it should be validated.
1534 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateAudience">
1536 Gets or sets a boolean to control if the audience will be validated during token validation.
1538 <remarks>Validation of the audience, mitigates forwarding attacks. For example, a site that receives a token, could not replay it to another side.
1539 A forwarded token would contain the audience of the original site.</remarks>
1541 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateIssuer">
1543 Gets or sets a boolean to control if the issuer will be validated during token validation.
1546 Validation of the issuer mitigates forwarding attacks that can occur when an
1547 IdentityProvider represents multiple tenants and signs tokens with the same keys.
1548 It is possible that a token issued for the same audience could be from a different tenant. For example an application could accept users from
1549 contoso.onmicrosoft.com but not fabrikam.onmicrosoft.com, both valid tenants. A application that accepts tokens from fabrikam could forward them
1550 to the application that accepts tokens for contoso.
1553 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateLifetime">
1555 Gets or sets a boolean to control if the lifetime will be validated during token validation.
1558 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateIssuerSigningKey">
1560 Gets or sets a boolean that controls if validation of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that signed the securityToken is called.
1562 <remarks>It is possible for tokens to contain the public key needed to check the signature. For example, X509Data can be hydrated into an X509Certificate,
1563 which can be used to validate the signature. In these cases it is important to validate the SigningKey that was used to validate the signature. </remarks>
1565 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidAudience">
1567 Gets or sets a string that represents a valid audience that will be used to check against the token's audience.
1570 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidAudiences">
1572 Gets or sets the <see cref="T:System.Collections.Generic.IEnumerable`1"/> that contains valid audiences that will be used to check against the token's audience.
1575 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidIssuer">
1577 Gets or sets a <see cref="T:System.String"/> that represents a valid issuer that will be used to check against the token's issuer.
1580 <member name="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidIssuers">
1582 Gets or sets the <see cref="T:System.Collections.Generic.IEnumerable`1"/> that contains valid issuers that will be used to check against the token's issuer.
1585 <member name="T:Microsoft.IdentityModel.Tokens.Utility">
1587 Contains some utility methods.
1590 <member name="F:Microsoft.IdentityModel.Tokens.Utility.Empty">
1592 A string with "empty" value.
1595 <member name="F:Microsoft.IdentityModel.Tokens.Utility.Null">
1597 A string with "null" value.
1600 <member name="M:Microsoft.IdentityModel.Tokens.Utility.CloneByteArray(System.Byte[])">
1602 Creates a copy of the byte array.
1604 <param name="src">The resource array.</param>
1605 <returns>A copy of the byte array.</returns>
1607 <member name="M:Microsoft.IdentityModel.Tokens.Utility.SerializeAsSingleCommaDelimitedString(System.Collections.Generic.IEnumerable{System.String})">
1609 Serializes the list of strings into string as follows:
1610 'str1','str2','str3' ...
1612 <param name="strings">
1613 The strings used to build a comma delimited string.
1616 The single <see cref="T:System.String"/>.
1619 <member name="M:Microsoft.IdentityModel.Tokens.Utility.IsHttps(System.String)">
1621 Returns whether the input string is https.
1623 <param name="address">The input string.</param>
1624 <remarks>true if the input string is https; otherwise, false.</remarks>
1626 <member name="M:Microsoft.IdentityModel.Tokens.Utility.IsHttps(System.Uri)">
1628 Returns whether the input uri is https.
1630 <param name="uri"><see cref="T:System.Uri"/>.</param>
1631 <returns>true if the input uri is https; otherwise, false.</returns>
1633 <member name="M:Microsoft.IdentityModel.Tokens.Utility.AreEqual(System.Byte[],System.Byte[])">
1635 Compares two byte arrays for equality. Hash size is fixed normally it is 32 bytes.
1636 The attempt here is to take the same time if an attacker shortens the signature OR changes some of the signed contents.
1639 One set of bytes to compare.
1642 The other set of bytes to compare with.
1645 true if the bytes are equal, false otherwise.
1648 <member name="M:Microsoft.IdentityModel.Tokens.Utility.AreEqual(System.Byte[],System.Byte[],System.Int32)">
1650 Compares two byte arrays for equality. Hash size is fixed normally it is 32 bytes.
1651 The attempt here is to take the same time if an attacker shortens the signature OR changes some of the signed contents.
1654 One set of bytes to compare.
1657 The other set of bytes to compare with.
1659 <param name="length">length of array to check</param>
1661 true if the bytes are equal, false otherwise.
1664 <member name="T:Microsoft.IdentityModel.Tokens.Validators">
1669 <member name="M:Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(System.Collections.Generic.IEnumerable{System.String},Microsoft.IdentityModel.Tokens.SecurityToken,Microsoft.IdentityModel.Tokens.TokenValidationParameters)">
1671 Determines if the audiences found in a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> are valid.
1673 <param name="audiences">The audiences found in the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1674 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
1675 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1676 <exception cref="T:System.ArgumentNullException">If 'vaidationParameters' is null.</exception>
1677 <exception cref="T:System.ArgumentNullException">If 'audiences' is null and <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateAudience"/> is true.</exception>
1678 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException">If <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidAudience"/> is null or whitespace and <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidAudiences"/> is null.</exception>
1679 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException">If none of the 'audiences' matched either <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidAudience"/> or one of <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidAudiences"/>.</exception>
1680 <remarks>An EXACT match is required.</remarks>
1682 <member name="M:Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(System.String,Microsoft.IdentityModel.Tokens.SecurityToken,Microsoft.IdentityModel.Tokens.TokenValidationParameters)">
1684 Determines if an issuer found in a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> is valid.
1686 <param name="issuer">The issuer to validate</param>
1687 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> that is being validated.</param>
1688 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1689 <returns>The issuer to use when creating the "Claim"(s) in a "ClaimsIdentity".</returns>
1690 <exception cref="T:System.ArgumentNullException">If 'vaidationParameters' is null.</exception>
1691 <exception cref="T:System.ArgumentNullException">If 'issuer' is null or whitespace and <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidateIssuer"/> is true.</exception>
1692 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException">If <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidIssuer"/> is null or whitespace and <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidIssuers"/> is null.</exception>
1693 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException">If 'issuer' failed to matched either <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidIssuer"/> or one of <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ValidIssuers"/>.</exception>
1694 <remarks>An EXACT match is required.</remarks>
1696 <member name="M:Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerSecurityKey(Microsoft.IdentityModel.Tokens.SecurityKey,Microsoft.IdentityModel.Tokens.SecurityToken,Microsoft.IdentityModel.Tokens.TokenValidationParameters)">
1698 Validates the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that signed a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.
1700 <param name="securityKey">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that signed the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1701 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
1702 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1703 <exception cref="T:System.ArgumentNullException"> if 'securityKey' is null and ValidateIssuerSigningKey is true.</exception>
1704 <exception cref="T:System.ArgumentNullException"> if 'securityToken' is null and ValidateIssuerSigningKey is true.</exception>
1705 <exception cref="T:System.ArgumentNullException"> if 'vaidationParameters' is null.</exception>
1707 <member name="M:Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(System.Nullable{System.DateTime},System.Nullable{System.DateTime},Microsoft.IdentityModel.Tokens.SecurityToken,Microsoft.IdentityModel.Tokens.TokenValidationParameters)">
1709 Validates the lifetime of a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.
1711 <param name="notBefore">The 'notBefore' time found in the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1712 <param name="expires">The 'expiration' time found in the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/>.</param>
1713 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
1714 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1715 <exception cref="T:System.ArgumentNullException">If 'vaidationParameters' is null.</exception>
1716 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException">If 'expires.HasValue' is false and <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.RequireExpirationTime"/> is true.</exception>
1717 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException">If 'notBefore' is > 'expires'.</exception>
1718 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException">If 'notBefore' is > DateTime.UtcNow.</exception>
1719 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException">If 'expires' is < DateTime.UtcNow.</exception>
1720 <remarks>All time comparisons apply <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.ClockSkew"/>.</remarks>
1722 <member name="M:Microsoft.IdentityModel.Tokens.Validators.ValidateTokenReplay(System.String,System.Nullable{System.DateTime},Microsoft.IdentityModel.Tokens.TokenValidationParameters)">
1724 Validates if a token has been replayed.
1726 <param name="securityToken">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
1727 <param name="expirationTime">When does the security token expire.</param>
1728 <param name="validationParameters"><see cref="T:Microsoft.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
1729 <exception cref="T:System.ArgumentNullException">If 'securityToken' is null or whitespace.</exception>
1730 <exception cref="T:System.ArgumentNullException">If 'validationParameters' is null or whitespace.</exception>
1731 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException">If <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.TokenReplayCache"/> is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.</exception>
1732 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException">If the 'securityToken' is found in the cache.</exception>
1733 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException">If the 'securityToken' could not be added to the <see cref="P:Microsoft.IdentityModel.Tokens.TokenValidationParameters.TokenReplayCache"/>.</exception>
1735 <member name="T:Microsoft.IdentityModel.Tokens.X509SecurityKey">
1737 Security key that allows access to cert
1740 <member name="M:Microsoft.IdentityModel.Tokens.X509SecurityKey.#ctor(System.Security.Cryptography.X509Certificates.X509Certificate2)">
1742 Instantiates a <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> using a <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2"/>
1744 <param name="certificate">The cert to use.</param>
1746 <member name="P:Microsoft.IdentityModel.Tokens.X509SecurityKey.KeySize">
1751 <member name="P:Microsoft.IdentityModel.Tokens.X509SecurityKey.X5t">
1753 Gets the X5t of this <see cref="T:Microsoft.IdentityModel.Tokens.X509SecurityKey"/>.
1756 <member name="P:Microsoft.IdentityModel.Tokens.X509SecurityKey.PrivateKey">
1758 Returns the private key from the <see cref="T:Microsoft.IdentityModel.Tokens.X509SecurityKey"/>.
1761 <member name="P:Microsoft.IdentityModel.Tokens.X509SecurityKey.PublicKey">
1763 Gets the public key from the <see cref="T:Microsoft.IdentityModel.Tokens.X509SecurityKey"/>.
1766 <member name="P:Microsoft.IdentityModel.Tokens.X509SecurityKey.HasPrivateKey">
1768 Gets a bool indicating if a private key exists.
1770 <return>true if it has a private key; otherwise, false.</return>
1772 <member name="P:Microsoft.IdentityModel.Tokens.X509SecurityKey.Certificate">
1774 Gets the <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2"/>.
1777 <member name="M:Microsoft.IdentityModel.Tokens.X509SecurityKey.Equals(System.Object)">
1779 Returns a bool indicating if this key is equivalent to another key.
1781 <return>true if the keys are equal; otherwise, false.</return>
1783 <member name="M:Microsoft.IdentityModel.Tokens.X509SecurityKey.GetHashCode">
1785 Returns an int hash code.
1787 <return>An int hash code</return>
1789 <member name="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider">
1791 Provides authenticated encryption and decryption services.
1794 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
1796 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider"/> class used for encryption and decryption.
1797 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for crypto operations.</param>
1798 <param name="algorithm">The encryption algorithm to apply.</param>
1799 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
1800 <exception cref="T:System.ArgumentNullException">'algorithm' is null or whitespace.</exception>
1801 <exception cref="T:System.ArgumentOutOfRangeException">key size is not large enough.</exception>
1802 <exception cref="T:System.ArgumentException">'algorithm' is not supported.</exception>
1803 <exception cref="T:System.ArgumentException">a symmetricSignatureProvider is not created.</exception>
1806 <member name="P:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Algorithm">
1808 Gets the encryption algorithm that is being used.
1811 <member name="P:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Context">
1813 Gets or sets a user context for a <see cref="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider"/>.
1815 <remarks>This is null by default. This can be used by runtimes or for extensibility scenarios.</remarks>
1817 <member name="P:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Key">
1819 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that is being used.
1822 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Encrypt(System.Byte[],System.Byte[])">
1824 Encrypts the 'plaintext'
1826 <param name="plaintext">the data to be encrypted.</param>
1827 <param name="authenticatedData">will be combined with iv and ciphertext to create an authenticationtag.</param>
1828 <returns><see cref="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult"/>containing ciphertext, iv, authenticationtag.</returns>
1829 <exception cref="T:System.ArgumentNullException">plaintext is null or empty.</exception>
1830 <exception cref="T:System.ArgumentNullException">authenticationData is null or empty.</exception>
1831 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException">AES crypto operation threw. See inner exception for details.</exception>
1833 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Encrypt(System.Byte[],System.Byte[],System.Byte[])">
1835 Encrypts the 'plaintext'
1837 <param name="plaintext">the data to be encrypted.</param>
1838 <param name="authenticatedData">will be combined with iv and ciphertext to create an authenticationtag.</param>
1839 <param name="iv">initialization vector for encryption.</param>
1840 <returns><see cref="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult"/>containing ciphertext, iv, authenticationtag.</returns>
1841 <exception cref="T:System.ArgumentNullException">plaintext is null or empty.</exception>
1842 <exception cref="T:System.ArgumentNullException">authenticationData is null or empty.</exception>
1843 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException">AES crypto operation threw. See inner exception for details.</exception>
1845 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Decrypt(System.Byte[],System.Byte[],System.Byte[],System.Byte[])">
1847 Decrypts ciphertext into plaintext
1849 <param name="ciphertext">the encrypted text to decrypt.</param>
1850 <param name="authenticatedData">the authenticateData that is used in verification.</param>
1851 <param name="iv">the initialization vector used when creating the ciphertext.</param>
1852 <param name="authenticationTag">the authenticationTag that was created during the encyption.</param>
1853 <returns>decrypted ciphertext</returns>
1854 <exception cref="T:System.ArgumentNullException">'ciphertext' is null or empty.</exception>
1855 <exception cref="T:System.ArgumentNullException">'authenticatedData' is null or empty.</exception>
1856 <exception cref="T:System.ArgumentNullException">'iv' is null or empty.</exception>
1857 <exception cref="T:System.ArgumentNullException">'authenticationTag' is null or empty.</exception>
1858 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException">signature over authenticationTag fails to verify.</exception>
1859 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException">AES crypto operation threw. See inner exception.</exception>
1861 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.IsSupportedAlgorithm(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
1863 Checks if an 'key, algorithm' pair is supported
1865 <param name="key">the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/></param>
1866 <param name="algorithm">the algorithm to check.</param>
1867 <returns>true if 'key, algorithm' pair is supported.</returns>
1869 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.GetKeyBytes(Microsoft.IdentityModel.Tokens.SecurityKey)">
1871 Called to obtain the byte[] needed to create a <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/>
1873 <param name="key"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>that will be used to obtain the byte[].</param>
1874 <returns><see cref="T:System.Byte"/>[] that is used to populated the KeyedHashAlgorithm.</returns>
1875 <exception cref="T:System.ArgumentNullException">if key is null.</exception>
1876 <exception cref="T:System.ArgumentException">if a byte[] can not be obtained from SecurityKey.</exception>
1877 <remarks><see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> and <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/> are supported.
1878 <para>For a <see cref="T:Microsoft.IdentityModel.Tokens.SymmetricSecurityKey"/> .Key is returned</para>
1879 <para>For a <see cref="T:Microsoft.IdentityModel.Tokens.JsonWebKey"/>Base64UrlEncoder.DecodeBytes is called with <see cref="P:Microsoft.IdentityModel.Tokens.JsonWebKey.K"/> if <see cref="P:Microsoft.IdentityModel.Tokens.JsonWebKey.Kty"/> == JsonWebAlgorithmsKeyTypes.Octet</para>
1882 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.ValidateKeySize(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
1884 Checks that the key has sufficient length
1886 <param name="key"><see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that contains bytes.</param>
1887 <param name="algorithm">the algorithm to apply.</param>
1888 <exception cref="T:System.ArgumentNullException">if 'key' is null.</exception>
1889 <exception cref="T:System.ArgumentNullException">if 'algorithm' is null or empty.</exception>
1891 <member name="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult">
1893 Contains the results of <see cref="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Encrypt(System.Byte[],System.Byte[])"/> operation.
1896 <member name="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.Byte[],System.Byte[],System.Byte[])">
1898 Initializes a new <see cref="T:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult"/>
1900 <param name="key">the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> used during <see cref="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Encrypt(System.Byte[],System.Byte[])"/></param>
1901 <param name="ciphertext">protected text.</param>
1902 <param name="iv">the initialization vector used.</param>
1903 <param name="authenticationTag">the bytes that need be passed to <see cref="M:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Decrypt(System.Byte[],System.Byte[],System.Byte[],System.Byte[])"/>.</param>
1905 <member name="P:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult.Key">
1907 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/>.
1910 <member name="P:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult.Ciphertext">
1912 Gets the Ciphertext.
1915 <member name="P:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult.IV">
1917 Gets the initialization vector.
1920 <member name="P:Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionResult.AuthenticationTag">
1922 Gets the authentication tag
1925 <member name="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider">
1927 Provides Wrap key and Unwrap key services.
1930 <member name="P:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Algorithm">
1932 Gets the KeyWrap algorithm that is being used.
1935 <member name="P:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Context">
1937 Gets or sets a user context for a <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/>.
1939 <remarks>This is null by default. This can be used by runtimes or for extensibility scenarios.</remarks>
1941 <member name="P:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Key">
1943 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that is being used.
1946 <member name="M:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Dispose">
1948 Calls <see cref="M:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Dispose(System.Boolean)"/> and <see cref="M:System.GC.SuppressFinalize(System.Object)"/>
1951 <member name="M:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Dispose(System.Boolean)">
1953 Can be over written in descendants to dispose of internal components.
1955 <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer</param>
1957 <member name="M:Microsoft.IdentityModel.Tokens.KeyWrapProvider.UnwrapKey(System.Byte[])">
1961 <param name="keyBytes">key to unwrap.</param>
1962 <returns>Unwrapped key.</returns>
1964 <member name="M:Microsoft.IdentityModel.Tokens.KeyWrapProvider.WrapKey(System.Byte[])">
1968 <param name="keyBytes">the key to be wrapped</param>
1969 <returns>wrapped key.</returns>
1971 <member name="T:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider">
1973 Provides RSA Wrap key and Unwrap key services.
1976 <member name="M:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String,System.Boolean)">
1978 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider"/> class used for wrap key and unwrap key.
1979 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for crypto operations.</param>
1980 <param name="algorithm">The KeyWrap algorithm to apply.</param>
1981 <param name="willUnwrap">Whether this <see cref="T:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider"/> is required to create decrypts then set this to true.</param>
1982 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
1983 <exception cref="T:System.ArgumentNullException">'algorithm' is null.</exception>
1984 <exception cref="T:System.ArgumentException">The keysize doesn't match the algorithm.</exception>
1985 <exception cref="T:System.ArgumentException">If <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm pair are not supported.</exception>
1986 <exception cref="T:System.InvalidOperationException">Failed to create RSA algorithm with provided key and algorithm.</exception>
1989 <member name="P:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.Algorithm">
1991 Gets the KeyWrap algorithm that is being used.
1994 <member name="P:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.Context">
1996 Gets or sets a user context for a <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/>.
1998 <remarks>This is null by default. This can be used by runtimes or for extensibility scenarios.</remarks>
2000 <member name="P:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.Key">
2002 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that is being used.
2005 <member name="M:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.Dispose(System.Boolean)">
2007 Disposes of internal components.
2009 <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer.</param>
2011 <member name="M:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.IsSupportedAlgorithm(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
2013 Checks if an algorithm is supported.
2015 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for crypto operations.</param>
2016 <param name="algorithm">The KeyWrap algorithm to apply.</param>
2017 <returns>true if the algorithm is supported; otherwise, false.</returns>
2019 <member name="M:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.UnwrapKey(System.Byte[])">
2021 Unwrap a key using RSA decryption.
2023 <param name="keyBytes">the bytes to unwrap.</param>
2024 <returns>Unwrapped key</returns>
2025 <exception cref="T:System.ArgumentNullException">'keyBytes' is null or length == 0.</exception>
2026 <exception cref="T:System.ObjectDisposedException">If <see cref="M:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.Dispose(System.Boolean)"/> has been called.</exception>
2027 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException">Failed to unwrap the wrappedKey.</exception>
2028 <exception cref="T:System.InvalidOperationException">If the internal RSA algorithm is null.</exception>
2030 <member name="M:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.WrapKey(System.Byte[])">
2032 Wrap a key using RSA encryption.
2034 <param name="keyBytes">the key to be wrapped</param>
2035 <returns>A wrapped key</returns>
2036 <exception cref="T:System.ArgumentNullException">'keyBytes' is null or has length == 0.</exception>
2037 <exception cref="T:System.ObjectDisposedException">If <see cref="M:Microsoft.IdentityModel.Tokens.RsaKeyWrapProvider.Dispose(System.Boolean)"/> has been called.</exception>
2038 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException">Failed to wrap the 'keyBytes'.</exception>
2039 <exception cref="T:System.InvalidOperationException">If the internal RSA algorithm is null.</exception>
2041 <member name="T:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider">
2043 Provides Wrap key and Unwrap key services.
2046 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.#ctor(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
2048 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/> class used for wrap key and unwrap key.
2049 <param name="key">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that will be used for crypto operations.</param>
2050 <param name="algorithm">The KeyWrap algorithm to apply.</param>
2051 <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
2052 <exception cref="T:System.ArgumentNullException">'algorithm' is null.</exception>
2053 <exception cref="T:System.ArgumentException">If <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> and algorithm pair are not supported.</exception>
2054 <exception cref="T:System.ArgumentException">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> cannot be converted to byte array</exception>
2055 <exception cref="T:System.ArgumentOutOfRangeException">The keysize doesn't match the algorithm.</exception>
2056 <exception cref="T:System.InvalidOperationException">Failed to create symmetric algorithm with provided key and algorithm.</exception>
2059 <member name="P:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.Algorithm">
2061 Gets the KeyWrap algorithm that is being used.
2064 <member name="P:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.Context">
2066 Gets or sets a user context for a <see cref="T:Microsoft.IdentityModel.Tokens.KeyWrapProvider"/>.
2068 <remarks>This is null by default. This can be used by runtimes or for extensibility scenarios.</remarks>
2070 <member name="P:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.Key">
2072 Gets the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> that is being used.
2075 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.Dispose(System.Boolean)">
2077 Disposes of internal components.
2079 <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer.</param>
2081 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.GetSymmetricAlgorithm(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
2083 Returns the <see cref="T:System.Security.Cryptography.SymmetricAlgorithm"/>.
2086 <exception cref="T:System.ArgumentException">The <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/> cannot be converted to byte array</exception>
2087 <exception cref="T:System.ArgumentOutOfRangeException">The keysize doesn't match the algorithm.</exception>
2088 <exception cref="T:System.InvalidOperationException">Failed to create symmetric algorithm with provided key and algorithm.</exception>
2090 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.IsSupportedAlgorithm(Microsoft.IdentityModel.Tokens.SecurityKey,System.String)">
2092 Answers if an algorithm is supported
2094 <param name="key">the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityKey"/></param>
2095 <param name="algorithm">the algorithm to use</param>
2096 <returns>true if the algorithm is supported; otherwise, false.</returns>
2098 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.UnwrapKey(System.Byte[])">
2100 Unwrap a key using Symmmetric decryption.
2102 <param name="keyBytes">bytes to unwrap</param>
2103 <returns>Unwraped key</returns>
2104 <exception cref="T:System.ArgumentNullException">'keyBytes' is null or length == 0.</exception>
2105 <exception cref="T:System.ArgumentException">'keyBytes' is not a multiple of 8.</exception>
2106 <exception cref="T:System.ObjectDisposedException">If <see cref="M:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Dispose(System.Boolean)"/> has been called.</exception>
2107 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException">Failed to unwrap the wrappedKey.</exception>
2109 <member name="M:Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.WrapKey(System.Byte[])">
2111 Wrap a key using Symmetric encryption.
2113 <param name="keyBytes">the key to be wrapped</param>
2114 <returns>The wrapped key result</returns>
2115 <exception cref="T:System.ArgumentNullException">'keyBytes' is null or has length 0.</exception>
2116 <exception cref="T:System.ArgumentException">'keyBytes' is not a multiple of 8.</exception>
2117 <exception cref="T:System.ObjectDisposedException">If <see cref="M:Microsoft.IdentityModel.Tokens.KeyWrapProvider.Dispose(System.Boolean)"/> has been called.</exception>
2118 <exception cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException">Failed to wrap 'keyBytes'.</exception>
2120 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException">
2122 Represents a security token exception when decryption failed.
2125 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException.#ctor">
2127 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException"/> class.
2130 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException.#ctor(System.String)">
2132 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException"/> class with a specified error message.
2134 <param name="message">The error message that explains the reason for the exception.</param>
2136 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException.#ctor(System.String,System.Exception)">
2138 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenDecryptionFailedException"/> class with a specified error message
2139 and a reference to the inner exception that is the cause of this exception.
2141 <param name="message">The error message that explains the reason for the exception.</param>
2142 <param name="innerException">The <see cref="T:System.Exception"/> that is the cause of the current exception, or a null reference if no inner exception is specified.</param>
2144 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException">
2146 Represents a security token exception when encryption failed.
2149 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException.#ctor">
2151 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException"/> class.
2154 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException.#ctor(System.String)">
2156 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException"/> class with a specified error message.
2158 <param name="message">The error message that explains the reason for the exception.</param>
2160 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException.#ctor(System.String,System.Exception)">
2162 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionFailedException"/> class with a specified error message
2163 and a reference to the inner exception that is the cause of this exception.
2165 <param name="message">The error message that explains the reason for the exception.</param>
2166 <param name="innerException">The <see cref="T:System.Exception"/> that is the cause of the current exception, or a null reference if no inner exception is specified.</param>
2168 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionKeyNotFoundException">
2170 This exception is thrown when a security token contained a key identifier but the key was not found by the runtime
2171 when decrypting a token.
2174 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionKeyNotFoundException.#ctor">
2176 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionKeyNotFoundException"/> class.
2179 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionKeyNotFoundException.#ctor(System.String)">
2181 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionKeyNotFoundException"/> class.
2183 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2185 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionKeyNotFoundException.#ctor(System.String,System.Exception)">
2187 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenEncryptionKeyNotFoundException"/> class.
2189 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2190 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2192 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenException">
2194 Represents a security token exception.
2197 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenException.#ctor">
2199 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenException"/> class.
2202 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenException.#ctor(System.String)">
2204 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenException"/> class with a specified error message.
2206 <param name="message">The error message that explains the reason for the exception.</param>
2208 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenException.#ctor(System.String,System.Exception)">
2210 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenException"/> class with a specified error message
2211 and a reference to the inner exception that is the cause of this exception.
2213 <param name="message">The error message that explains the reason for the exception.</param>
2214 <param name="innerException">The <see cref="T:System.Exception"/> that is the cause of the current exception, or a null reference if no inner exception is specified.</param>
2216 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException">
2218 Throw this exception when a received Security Token has expiration time in the past.
2221 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException.Expires">
2223 Gets or sets the Expires value that created the validation exception.
2226 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException.#ctor">
2228 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException"/>
2231 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException.#ctor(System.String)">
2233 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException"/>
2236 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException.#ctor(System.String,System.Exception)">
2238 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException"/>
2241 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException">
2243 This exception is thrown when 'audience' of a token was not valid.
2246 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.InvalidAudience">
2248 Gets or sets the InvalidAudience that created the validation exception.
2251 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.#ctor">
2253 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"/> class.
2256 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.#ctor(System.String)">
2258 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"/> class.
2260 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2262 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.#ctor(System.String,System.Exception)">
2264 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"/> class.
2266 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2267 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2269 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException">
2271 This exception is thrown when 'issuer' of a token was not valid.
2274 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.InvalidIssuer">
2276 Gets or sets the InvalidIssuer that created the validation exception.
2279 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.#ctor">
2281 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"/> class.
2284 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.#ctor(System.String)">
2286 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"/> class.
2288 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2290 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.#ctor(System.String,System.Exception)">
2292 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"/> class.
2294 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2295 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2297 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException">
2299 This exception is thrown when 'lifetime' of a token was not valid.
2302 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.NotBefore">
2304 Gets or sets the NotBefore value that created the validation exception.
2307 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.Expires">
2309 Gets or sets the Expires value that created the validation exception.
2312 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.#ctor">
2314 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"/> class.
2317 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.#ctor(System.String)">
2319 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"/> class.
2321 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2323 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.#ctor(System.String,System.Exception)">
2325 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"/> class.
2327 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2328 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2330 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException">
2332 This exception is thrown when 'signature' of a token was not valid.
2335 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException.#ctor">
2337 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException"/> class.
2340 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException.#ctor(System.String)">
2342 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException"/> class.
2344 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2346 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException.#ctor(System.String,System.Exception)">
2348 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException"/> class.
2350 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2351 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2353 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException">
2355 Throw this exception when a received Security Token has an invalid issuer signing key.
2358 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException.SigningKey">
2360 Gets or sets the SigningKey that was found invalid.
2363 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException.#ctor">
2365 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException"/>
2368 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException.#ctor(System.String)">
2370 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException"/>
2373 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException.#ctor(System.String,System.Exception)">
2375 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSigningKeyException"/>
2378 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException">
2380 Represents a key wrap exception when encryption failed.
2383 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException.#ctor">
2385 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException"/> class.
2388 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException.#ctor(System.String)">
2390 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException"/> class with a specified error message.
2392 <param name="message">The error message that explains the reason for the exception.</param>
2394 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException.#ctor(System.String,System.Exception)">
2396 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException"/> class with a specified error message
2397 and a reference to the inner exception that is the cause of this exception.
2399 <param name="message">The error message that explains the reason for the exception.</param>
2400 <param name="innerException">The <see cref="T:System.Exception"/> that is the cause of the current exception, or a null reference if no inner exception is specified.</param>
2402 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException">
2404 This exception is thrown when a security is missing an ExpirationTime.
2407 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException.#ctor">
2409 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException"/> class.
2412 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException.#ctor(System.String)">
2414 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException"/> class.
2416 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2418 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException.#ctor(System.String,System.Exception)">
2420 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException"/> class.
2422 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2423 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2425 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException">
2427 Throw this exception when a received Security token has an effective time
2431 <member name="P:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException.NotBefore">
2433 Gets or sets the NotBefore value that created the validation exception.
2436 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException.#ctor">
2438 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException"/>
2441 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException.#ctor(System.String)">
2443 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException"/>
2446 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException.#ctor(System.String,System.Exception)">
2448 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenNotYetValidException"/>
2451 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException">
2453 This exception is thrown when an add to the TokenReplayCache fails.
2456 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException.#ctor">
2458 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException"/> class.
2461 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException.#ctor(System.String)">
2463 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException"/> class.
2465 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2467 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException.#ctor(System.String,System.Exception)">
2469 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayAddFailedException"/> class.
2471 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2472 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2474 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException">
2476 Throw this exception when a received Security Token has been replayed.
2479 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException.#ctor">
2481 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException"/>
2484 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException.#ctor(System.String)">
2486 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException"/>
2489 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException.#ctor(System.String,System.Exception)">
2491 Initializes a new instance of <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenReplayDetectedException"/>
2494 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException">
2496 This exception is thrown when a security token contained a key identifier but the key was not found by the runtime.
2499 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException.#ctor">
2501 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"/> class.
2504 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException.#ctor(System.String)">
2506 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"/> class.
2508 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2510 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException.#ctor(System.String,System.Exception)">
2512 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"/> class.
2514 <param name="message">Addtional information to be included in the exception and displayed to user.</param>
2515 <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
2517 <member name="T:Microsoft.IdentityModel.Tokens.SecurityTokenValidationException">
2519 Represents a security token validation exception.
2522 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenValidationException.#ctor">
2524 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenValidationException"/> class.
2527 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenValidationException.#ctor(System.String)">
2529 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenValidationException"/> class with a specified error message.
2531 <param name="message">The error message that explains the reason for the exception.</param>
2533 <member name="M:Microsoft.IdentityModel.Tokens.SecurityTokenValidationException.#ctor(System.String,System.Exception)">
2535 Initializes a new instance of the <see cref="T:Microsoft.IdentityModel.Tokens.SecurityTokenValidationException"/> class with a specified error message
2536 and a reference to the inner exception that is the cause of this exception.
2538 <param name="message">The error message that explains the reason for the exception.</param>
2539 <param name="innerException">The <see cref="T:System.Exception"/> that is the cause of the current exception, or a null reference if no inner exception is specified.</param>