Attributes
AbsoluteRefreshTokenLifetime
Maximum lifetime of a refresh token in seconds. Defaults to 2592000 seconds / 30 days
Data Type
INT
Default Values
| Default Value |
|---|
| 2592000 |
AccessFailedCount
The number of failed login attempts for the current user.
Data Type
INT
Default Values
| Default Value |
|---|
| 0 |
AccessTokenLifetime
Lifetime of access token in seconds (defaults to 3600 seconds / 1 hour)
Data Type
INT
Default Values
| Default Value |
|---|
| 3600 |
AccessTokenType
Specifies whether the access token is a reference token or a self contained JWT token (defaults to Jwt).
Data Type
ENUM: System.Identity/TokenType
Default Values
| Default Value |
|---|
| 0 |
AllowAccessTokensViaBrowser
Controls whether access tokens are transmitted via the browser for this client
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
AllowOfflineAccess
Specifies whether this client can request refresh tokens (defaults to false)
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
AllowPlainTextPkce
Specifies whether a proof key can be sent using plain method (not recommended and defaults to false).
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
AllowRememberConsent
Specifies whether user can choose to store consent decisions (defaults to true)
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
AllowedAccessTokenSigningAlgorithms
Signing algorithm for access token. If empty, will use the server default signing algorithm.
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
AllowedCorsOrigins
Gets or sets the allowed CORS origins for JavaScript clients.
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
AllowedGrantTypes
Specifies the allowed grant types (legal combinations of AuthorizationCode, Implicit, Hybrid, ResourceOwner, ClientCredentials). Defaults to Implicit.
Data Type
STRING_ARRAY
AllowedIdentityTokenSigningAlgorithms
Signing algorithm for identity token. If empty, will use the server default signing algorithm.
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
AllowedScopes
Specifies the api scopes that the client is allowed to request. If empty, the client can't access any scope
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
AlwaysIncludeUserClaimsInIdToken
When requesting both an id token and access token, should the user claims always be added to the id token instead of requiring the client to use the userinfo endpoint.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
AlwaysSendClientClaims
Gets or sets a value indicating whether client claims should be always included in the access tokens - or only for client credentials flow.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
Authority
Gets or sets the URI of the provider, or discovery endpoint for OpenID Connect discovery.
Data Type
STRING
AuthorizationCodeLifetime
Lifetime of authorization code in seconds (defaults to 300 seconds / 5 minutes)
Data Type
INT
Default Values
| Default Value |
|---|
| 300 |
BackChannelLogoutSessionRequired
Specifies if the user's session id should be sent to the BackChannelLogoutUri. Defaults to true.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
BackChannelLogoutUri
Specifies logout URI at client for HTTP back-channel based logout.
Data Type
STRING
CibaLifetime
The backchannel authentication request lifetime in seconds.
Data Type
INT
ClaimType
The type of the claim.
Data Type
STRING
ClaimValue
The value of the claim.
Data Type
STRING
ClaimValueType
The value type of the claim.
Data Type
STRING
ClientClaims
Gets or sets the client claims to be sent to the user info endpoint.
Data Type
Array of RECORD_ARRAY: System.Identity/ClientClaim
Default Values
| Default Value |
|---|
ClientClaimsPrefix
Gets or sets a value to prefix it on client claim types. Defaults to client_.
Data Type
STRING
Default Values
| Default Value |
|---|
| client_ |
ClientId
Data Type
STRING
ClientSecret
Gets or sets the client secret of the application.
Data Type
STRING
Default Values
| Default Value |
|---|
ClientUri
URI to further information about client (used on consent screen)
Data Type
STRING
ConsentLifetime
Lifetime of a user consent in seconds. Defaults to null (no expiration)
Data Type
INT
ConsumedDateTime
Data Type
DATE_TIME
CoordinateLifetimeWithUserSession
When enabled, the client's token lifetimes (e.g. refresh tokens) will be tied to the user's session lifetime.
Data Type
BOOLEAN
CreationDateTime
Data Type
DATE_TIME
DPoPClockSkew
Clock skew used in validating the client's DPoP proof token 'iat' claim value. Defaults to 5 minutes.
Data Type
TIME_SPAN
Default Values
| Default Value |
|---|
| 00:05:00 |
DPoPValidationMode
Enum setting to control validation for the DPoP proof token expiration.
Data Type
INT
Default Values
| Default Value |
|---|
| 1 |
Data
Data Type
STRING
DeviceCodeLifetime
Specifies the lifetime (in seconds) of the device code. Defaults to 300 seconds / 5 minutes.
Data Type
INT
Default Values
| Default Value |
|---|
| 300 |
Email
The email address of the user.
Data Type
STRING
EmailConfirmed
Indicates if the email address of the user has been confirmed.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
EnableLocalLogin
Specifies if this client can use local accounts. Defaults to true.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
ExpirationDateTime
Data Type
DATE_TIME
FirstName
The first name of the user.
Data Type
STRING
FrontChannelLogoutSessionRequired
Specifies if the user's session id should be sent to the FrontChannelLogoutUri. Defaults to true.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
FrontChannelLogoutUri
Specifies logout URI at client for HTTP front-channel based logout.
Data Type
STRING
GrantKey
Data Type
STRING
GrantType
Data Type
STRING
Host
Gets or sets the host address of the identity provider.
Data Type
STRING
IdentityProviderRestrictions
Specifies which external IdPs can be used with this client (if list is empty all IdPs are allowed). Defaults to empty.
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
IdentityRoleIds
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
IdentityTokenLifetime
Lifetime of identity token in seconds (defaults to 300 seconds / 5 minutes)
Data Type
INT
Default Values
| Default Value |
|---|
| 300 |
IncludeJwtId
Value indicating whether JWT access tokens should include an identifier. Defaults to true.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
InitiateLoginUri
Gets of sets a URI that can be used to initiate login from the IdentityServer host or a third party.
Data Type
STRING
IsEmphasized
Specifies whether the consent screen will emphasize this scope (if the consent screen wants to implement such a feature). Defaults to false.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
IsRequired
Specifies whether the user can de-select the scope on the consent screen (if the consent screen wants to implement such a feature). Defaults to false.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
LastName
The last name of the user.
Data Type
STRING
LockoutEnabled
Flag indicating if the user could be locked out.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
LockoutEnd
The date and time, in UTC, when any user lockout ends.
Data Type
DATE_TIME_OFFSET
LoginProvider
Data Type
STRING
LogoUri
URI to client logo (used on consent screen)
Data Type
STRING
NormalizedEmail
The normalized email address of the user.
Data Type
STRING
NormalizedName
The normalized name.
Data Type
STRING
NormalizedUserName
The normalized user name.
Data Type
STRING
PairWiseSubjectSalt
Gets or sets a salt value used in pair-wise subjectId generation for users of this client.
Data Type
STRING
PasswordHash
The salted and hashed representation of the password for this user.
Data Type
STRING
PermissionId
Data Type
STRING
PhoneNumber
The phone number of the user.
Data Type
STRING
PhoneNumberConfirmed
Indicates if the phone number of the user has been confirmed.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
PollingInterval
The backchannel authentication request polling interval in seconds.
Data Type
INT
Port
Gets or sets the host port of the identity provider.
Data Type
INT
Default Values
| Default Value |
|---|
| 636 |
PostLogoutRedirectUris
Specifies allowed URIs to redirect to after logout
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
ProtocolType
Data Type
STRING
Default Values
| Default Value |
|---|
| oidc |
ProviderDisplayName
Data Type
STRING
ProviderKey
Data Type
STRING
RedirectUris
Specifies allowed URIs to return tokens or authorization codes to.
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
RefreshTokenExpiration
Gets or sets a value indicating whether the access token (and its claims) should be updated on a refresh token request.
Data Type
ENUM: System.Identity/TokenExpiration
Default Values
| Default Value |
|---|
| 1 |
RefreshTokenUsage
Gets or sets a value indicating whether the refresh token should be updated on a refresh token request.
Data Type
ENUM: System.Identity/TokenUsage
RequireClientSecret
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
RequireConsent
Specifies whether a consent screen is required. Defaults to false.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
RequireDPoP
Specifies whether a DPoP (Demonstrating Proof-of-Possession) token is required to be used by this client (defaults to false)
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
RequirePkce
Specifies whether a proof key is required for authorization code based token requests (defaults to true).
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
RequireRequestObject
Specifies whether the client must use a request object on authorize requests (defaults to false).
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
RequireResourceIndicator
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
ResetPasswordOnLogin
Force the user to change the password after the next login.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
ResourceClaims
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
RoleClaims
The claims of a role.
Data Type
Array of RECORD_ARRAY: System.Identity/RoleClaim
RoleId
Data Type
STRING
RoleIds
The id of roles the user is a member of.
Data Type
STRING_ARRAY
Scopes
Models the scopes this API resource allows.
Data Type
STRING_ARRAY
SecretType
Data Type
STRING
Default Values
| Default Value |
|---|
| SharedSecret |
Secrets
Data Type
Array of RECORD_ARRAY: System.Identity/Secret
Default Values
| Default Value |
|---|
SecurityStamp
A random value that should change whenever a users credentials have been compromised.
Data Type
STRING
SessionId
Data Type
STRING
ShowInDiscoveryDocument
Gets or sets a value indicating whether the client will be shown in the discovery document. Defaults to true.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
SlidingRefreshTokenLifetime
Sliding lifetime of a refresh token in seconds. Defaults to 1296000 seconds / 15 days
Data Type
INT
Default Values
| Default Value |
|---|
| 1296000 |
SubjectId
Data Type
STRING
SubjectIds
Data Type
STRING_ARRAY
Default Values
| Default Value |
|---|
TwoFactorEnabled
Indicates if two factor authentication is enabled for the user.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
UpdateAccessTokenClaimsOnRefresh
Indicates whether the access token (and its claims) should be updated on a refresh token request.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| false |
UseTls
Gets or sets if the connection to the identity provider should use TLS. Defaults to true.
Data Type
BOOLEAN
Default Values
| Default Value |
|---|
| true |
UserBaseDn
Gets or sets the base DN of the user.
Data Type
STRING
UserClaims
The claims of the user.
Data Type
Array of RECORD_ARRAY: System.Identity/UserClaim
UserCodeType
Specifies the user code type for the device flow. Defaults to null.
Data Type
STRING
UserId
Data Type
STRING
UserLogins
The existing logins of the user.
Data Type
Array of RECORD_ARRAY: System.Identity/UserLogin
UserName
The user name.
Data Type
STRING
UserNameAttribute
Gets or sets the name of the user attribute.
Data Type
STRING
UserSsoLifetime
Lifetime of user's single sign-on session (in seconds). Defaults to null (no expiration).
Data Type
INT
UserTokens
The tokens of the user.
Data Type
Array of RECORD_ARRAY: System.Identity/UserToken
Value
Data Type
STRING