File: BearerTokenOptions.cs
Web Access
Project: src\src\Security\Authentication\BearerToken\src\Microsoft.AspNetCore.Authentication.BearerToken.csproj (Microsoft.AspNetCore.Authentication.BearerToken)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using Microsoft.AspNetCore.DataProtection;
 
namespace Microsoft.AspNetCore.Authentication.BearerToken;
 
/// <summary>
/// Contains the options used to authenticate using opaque bearer tokens.
/// </summary>
public sealed class BearerTokenOptions : AuthenticationSchemeOptions
{
    private ISecureDataFormat<AuthenticationTicket>? _bearerTokenProtector;
    private ISecureDataFormat<AuthenticationTicket>? _refreshTokenProtector;
 
    /// <summary>
    /// Constructs the options used to authenticate using opaque bearer tokens.
    /// </summary>
    public BearerTokenOptions()
    {
        Events = new();
    }
 
    /// <summary>
    /// Controls how much time the bearer token will remain valid from the point it is created.
    /// The expiration information is stored in the protected token. Because of that, an expired token will be rejected
    /// even if it is passed to the server after the client should have purged it.
    /// </summary>
    /// <remarks>
    /// Defaults to 1 hour.
    /// </remarks>
    public TimeSpan BearerTokenExpiration { get; set; } = TimeSpan.FromHours(1);
 
    /// <summary>
    /// Controls how much time the refresh token will remain valid from the point it is created.
    /// The expiration information is stored in the protected token.
    /// </summary>
    /// <remarks>
    /// Defaults to 14 days.
    /// </remarks>
    public TimeSpan RefreshTokenExpiration { get; set; } = TimeSpan.FromDays(14);
 
    /// <summary>
    /// If set, the <see cref="BearerTokenProtector"/> is used to protect and unprotect the identity and other properties which are stored in the
    /// bearer token. If not provided, one will be created using <see cref="TicketDataFormat"/> and the <see cref="IDataProtectionProvider"/>
    /// from the application <see cref="IServiceProvider"/>.
    /// </summary>
    public ISecureDataFormat<AuthenticationTicket> BearerTokenProtector
    {
        get => _bearerTokenProtector ?? throw new InvalidOperationException($"{nameof(BearerTokenProtector)} was not set.");
        set => _bearerTokenProtector = value;
    }
 
    /// <summary>
    /// If set, the <see cref="RefreshTokenProtector"/> is used to protect and unprotect the identity and other properties which are stored in the
    /// refresh token. If not provided, one will be created using <see cref="TicketDataFormat"/> and the <see cref="IDataProtectionProvider"/>
    /// from the application <see cref="IServiceProvider"/>.
    /// </summary>
    public ISecureDataFormat<AuthenticationTicket> RefreshTokenProtector
    {
        get => _refreshTokenProtector ?? throw new InvalidOperationException($"{nameof(RefreshTokenProtector)} was not set.");
        set => _refreshTokenProtector = value;
    }
 
    /// <summary>
    /// The object provided by the application to process events raised by the bearer token authentication handler.
    /// The application may implement the interface fully, or it may create an instance of <see cref="BearerTokenEvents"/>
    /// and assign delegates only to the events it wants to process.
    /// </summary>
    public new BearerTokenEvents Events
    {
        get { return (BearerTokenEvents)base.Events!; }
        set { base.Events = value; }
    }
}