From 4b0eaedffd90fe38d630ee9ce321d9080b839d85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Thu, 1 Aug 2024 19:23:56 +0200 Subject: [PATCH] Use title badges --- configuration/authorization-storage.md | 4 ++-- configuration/proof-key-for-code-exchange.md | 4 ++-- configuration/token-storage.md | 6 +++--- integrations/aspnet-core.md | 10 +++++----- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/configuration/authorization-storage.md b/configuration/authorization-storage.md index 2d7db15..4a05f9c 100644 --- a/configuration/authorization-storage.md +++ b/configuration/authorization-storage.md @@ -134,7 +134,7 @@ In the same vein, ad-hoc authorizations are also created when a refresh token is > removed from the database after a short period of time (14 days by default). Unlike ad-hoc authorizations, permanent authorizations > are never removed from the database. -## Enabling authorization entry validation at the API level (validation-only) +## Enabling authorization entry validation at the API level **For performance reasons, OpenIddict 3.0 doesn't check, by default, the status of an authorization entry when receiving an API request**: access tokens are considered valid even if the attached authorization was revoked. For scenarios that require immediate authorization revocation, the OpenIddict validation handler can be configured @@ -155,7 +155,7 @@ services.AddOpenIddict() }); ``` -## Disabling authorization storage (server-only) +## Disabling authorization storage While STRONGLY discouraged, authorization storage can be disabled in the server options: diff --git a/configuration/proof-key-for-code-exchange.md b/configuration/proof-key-for-code-exchange.md index 915189b..5851e92 100644 --- a/configuration/proof-key-for-code-exchange.md +++ b/configuration/proof-key-for-code-exchange.md @@ -7,7 +7,7 @@ confidential clients to help mitigate authorization code leakages. This mechanism is fully supported by all versions of the OpenIddict server stack and can be enforced globally or per-client to block authorization requests that don't send PKCE parameters. -## Enabling PKCE enforcement at the global level (server-only) +## Enabling PKCE enforcement at the global level Proof Key for Code Exchange can be enforced globally by calling `options.RequireProofKeyForCodeExchange()` in the server options: @@ -19,7 +19,7 @@ services.AddOpenIddict() }); ``` -## Enabling PKCE enforcement per client (server-only) +## Enabling PKCE enforcement per client Proof Key for Code Exchange can also be enforced per-client by adding it to the list of requirements attached to a client: diff --git a/configuration/token-storage.md b/configuration/token-storage.md index 0900cbc..6750c71 100644 --- a/configuration/token-storage.md +++ b/configuration/token-storage.md @@ -18,7 +18,7 @@ when communicating with OpenIddict's endpoints or with resource servers (if refe > In OpenIddict 3.0+, the ability to revoke a token is not tied to the token format and doesn't require enabling reference tokens: > regular JWT or ASP.NET Core Data Protection tokens can be revoked as long as token storage is not explicitly disabled in the server options. -## Enabling reference access and/or refresh tokens (server-only) +## Enabling reference access and/or refresh tokens Reference access and refresh tokens can be manually enabled in the server options for developers who prefer returning shorter access and/or refresh tokens or need to deal with limits that would prevent sending large tokens over the wire. @@ -38,7 +38,7 @@ services.AddOpenIddict() }); ``` -## Enabling token entry validation at the API level (validation-only) +## Enabling token entry validation at the API level **For performance reasons, OpenIddict 3.0 doesn't check, by default, the status of a token entry when receiving an API request**: access tokens are considered valid until they expire. For scenarios that require immediate access token revocation, the OpenIddict validation handler can be configured to enforce token entry validation for each API request: @@ -57,7 +57,7 @@ services.AddOpenIddict() }); ``` -## Disabling token storage (server-only) +## Disabling token storage While STRONGLY discouraged, token storage can be disabled in the server options: diff --git a/integrations/aspnet-core.md b/integrations/aspnet-core.md index 0a33b9c..41b5bbe 100644 --- a/integrations/aspnet-core.md +++ b/integrations/aspnet-core.md @@ -96,7 +96,7 @@ services.AddOpenIddict() ## Advanced configuration -### Transport security requirement (client and server) +### Transport security requirement By default, the OpenIddict server ASP.NET Core integration will refuse to serve non-HTTPS requests for security reasons and will return an error page to the caller. @@ -128,7 +128,7 @@ services.AddOpenIddict() > For more information, > read [Configure ASP.NET Core to work with proxy servers and load balancers](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer). -### Pass-through mode (client and server) +### Pass-through mode The OpenIddict client and server stacks offer built-in pass-through support for some of their endpoints (typically, endpoints for which users will want to provide custom logic). @@ -188,7 +188,7 @@ app.MapMethods("authorize", [HttpMethods.Get, HttpMethods.Post], async (HttpCont }); ``` -### Status code pages middleware integration (client and server) +### Status code pages middleware integration Both the OpenIddict client and server ASP.NET Core hosts offer an option to render error pages using [ASP.NET Core's status code pages middleware](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/error-handling#usestatuscodepages). @@ -226,7 +226,7 @@ services.AddOpenIddict() > ``` -### Authorization and logout request caching (server-only) +### Authorization and logout request caching To simplify flowing large authorization or logout requests, the OpenIddict server ASP.NET Core integration includes a built-in feature that allows generating a unique `request_id` and caching the received requests in an `IDistributedCache`: when this feature is enabled, @@ -300,7 +300,7 @@ app.MapGet("challenge", () => }); ``` -### JSON responses indentation (server-only) +### JSON responses indentation By default, the OpenIddict server ASP.NET Core host will return indented JSON responses to make them easier to read.