DuendeSoftware · damianh · Sep 20, 2025 · Sep 20, 2025
diff --git a/...tion.OAuth2Introspection.Tests/AspNetCore.Authentication.OAuth2Introspection.Tests.csproj b/...tion.OAuth2Introspection.Tests/AspNetCore.Authentication.OAuth2Introspection.Tests.csproj
@@ -12,5 +12,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" />
+    <PackageReference Include="PublicApiGenerator" />
+    <PackageReference Include="Verify.XunitV3" />
   </ItemGroup>
 </Project>
diff --git a/...thentication.OAuth2Introspection.Tests/PublicApiVerification.VerifyPublicApi.verified.txt b/...thentication.OAuth2Introspection.Tests/PublicApiVerification.VerifyPublicApi.verified.txt
@@ -0,0 +1,113 @@
+namespace Duende.AspNetCore.Authentication.OAuth2Introspection.Context
+{
+    public class AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.ResultContext<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions>
+    {
+        public AuthenticationFailedContext(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authentication.AuthenticationScheme scheme, Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions options) { }
+        public string Error { get; set; }
+    }
+    public class SendingRequestContext : Microsoft.AspNetCore.Authentication.BaseContext<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions>
+    {
+        public SendingRequestContext(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authentication.AuthenticationScheme scheme, Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions options) { }
+        public Duende.IdentityModel.Client.TokenIntrospectionRequest TokenIntrospectionRequest { get; set; }
+    }
+    public class TokenValidatedContext : Microsoft.AspNetCore.Authentication.ResultContext<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions>
+    {
+        public TokenValidatedContext(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authentication.AuthenticationScheme scheme, Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions options) { }
+        public string SecurityToken { get; set; }
+    }
+    public class UpdateClientAssertionContext : Microsoft.AspNetCore.Authentication.ResultContext<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions>
+    {
+        public UpdateClientAssertionContext(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authentication.AuthenticationScheme scheme, Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions options) { }
+        public Duende.IdentityModel.Client.ClientAssertion ClientAssertion { get; set; }
+        public System.DateTime ClientAssertionExpirationTime { get; set; }
+    }
+}
+namespace Duende.AspNetCore.Authentication.OAuth2Introspection.Infrastructure
+{
+    public static class CacheUtils
+    {
+        public static System.Func<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions, string, string> CacheKeyFromToken() { }
+    }
+    public class ClaimConverter : System.Text.Json.Serialization.JsonConverter<System.Security.Claims.Claim>
+    {
+        public ClaimConverter() { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(Utf8JsonReader, JsonSer" +
+            "ializerOptions)")]
+        public override System.Security.Claims.Claim Read(ref System.Text.Json.Utf8JsonReader reader, System.Type typeToConvert, System.Text.Json.JsonSerializerOptions options) { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(Utf8JsonWriter, TValue, J" +
+            "sonSerializerOptions)")]
+        public override void Write(System.Text.Json.Utf8JsonWriter writer, System.Security.Claims.Claim value, System.Text.Json.JsonSerializerOptions options) { }
+    }
+    public class ClaimLite
+    {
+        public ClaimLite() { }
+        public string Type { get; set; }
+        public string Value { get; set; }
+    }
+    public static class TokenRetrieval
+    {
+        public static System.Func<Microsoft.AspNetCore.Http.HttpRequest, string> FromAuthorizationHeader(string scheme = "Bearer") { }
+        public static System.Func<Microsoft.AspNetCore.Http.HttpRequest, string> FromQueryString(string name = "access_token") { }
+    }
+}
+namespace Duende.AspNetCore.Authentication.OAuth2Introspection
+{
+    public class OAuth2IntrospectionDefaults
+    {
+        public const string AuthenticationScheme = "Bearer";
+        public const string BackChannelHttpClientName = "IdentityModel.AspNetCore.OAuth2Introspection.BackChannelHttpClientName";
+        public OAuth2IntrospectionDefaults() { }
+    }
+    public class OAuth2IntrospectionEvents
+    {
+        public OAuth2IntrospectionEvents() { }
+        public System.Func<Duende.AspNetCore.Authentication.OAuth2Introspection.Context.AuthenticationFailedContext, System.Threading.Tasks.Task> OnAuthenticationFailed { get; set; }
+        public System.Func<Duende.AspNetCore.Authentication.OAuth2Introspection.Context.SendingRequestContext, System.Threading.Tasks.Task> OnSendingRequest { get; set; }
+        public System.Func<Duende.AspNetCore.Authentication.OAuth2Introspection.Context.TokenValidatedContext, System.Threading.Tasks.Task> OnTokenValidated { get; set; }
+        public System.Func<Duende.AspNetCore.Authentication.OAuth2Introspection.Context.UpdateClientAssertionContext, System.Threading.Tasks.Task> OnUpdateClientAssertion { get; set; }
+        public virtual System.Threading.Tasks.Task AuthenticationFailed(Duende.AspNetCore.Authentication.OAuth2Introspection.Context.AuthenticationFailedContext context) { }
+        public virtual System.Threading.Tasks.Task SendingRequest(Duende.AspNetCore.Authentication.OAuth2Introspection.Context.SendingRequestContext context) { }
+        public virtual System.Threading.Tasks.Task TokenValidated(Duende.AspNetCore.Authentication.OAuth2Introspection.Context.TokenValidatedContext context) { }
+        public virtual System.Threading.Tasks.Task UpdateClientAssertion(Duende.AspNetCore.Authentication.OAuth2Introspection.Context.UpdateClientAssertionContext context) { }
+    }
+    public static class OAuth2IntrospectionExtensions
+    {
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth2Introspection(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder) { }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth2Introspection(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme) { }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth2Introspection(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder services, System.Action<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions> configureOptions) { }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth2Introspection(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions> configureOptions) { }
+    }
+    public class OAuth2IntrospectionHandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions>
+    {
+        public OAuth2IntrospectionHandler(Microsoft.Extensions.Options.IOptionsMonitor<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions> options, System.Text.Encodings.Web.UrlEncoder urlEncoder, Microsoft.Extensions.Logging.ILoggerFactory loggerFactory, Microsoft.Extensions.Caching.Distributed.IDistributedCache cache = null) { }
+        protected new Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionEvents Events { get; set; }
+        protected override System.Threading.Tasks.Task<object> CreateEventsAsync() { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCode("Calls methods on CacheExtensions that are annotated with RequiresUnreferencedCode" +
+            ".")]
+        protected override System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult> HandleAuthenticateAsync() { }
+    }
+    public class OAuth2IntrospectionOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions
+    {
+        public OAuth2IntrospectionOptions() { }
+        public string AuthenticationType { get; set; }
+        public string Authority { get; set; }
+        public Duende.IdentityModel.Client.BasicAuthenticationHeaderStyle AuthorizationHeaderStyle { get; set; }
+        public System.TimeSpan CacheDuration { get; set; }
+        public System.Func<Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionOptions, string, string> CacheKeyGenerator { get; set; }
+        public string CacheKeyPrefix { get; set; }
+        public Duende.IdentityModel.Client.ClientCredentialStyle ClientCredentialStyle { get; set; }
+        public string ClientId { get; set; }
+        public string ClientSecret { get; set; }
+        public Duende.IdentityModel.Client.DiscoveryPolicy DiscoveryPolicy { get; set; }
+        public bool EnableCaching { get; set; }
+        public new Duende.AspNetCore.Authentication.OAuth2Introspection.OAuth2IntrospectionEvents Events { get; set; }
+        public string IntrospectionEndpoint { get; set; }
+        public string NameClaimType { get; set; }
+        public string RoleClaimType { get; set; }
+        public bool SaveToken { get; set; }
+        public bool SkipTokensWithDots { get; set; }
+        public System.Func<Microsoft.AspNetCore.Http.HttpRequest, string> TokenRetriever { get; set; }
+        public string TokenTypeHint { get; set; }
+        public override void Validate() { }
+    }
+}
diff --git a/...pection/test/AspNetCore.Authentication.OAuth2Introspection.Tests/PublicApiVerification.cs b/...pection/test/AspNetCore.Authentication.OAuth2Introspection.Tests/PublicApiVerification.cs
@@ -0,0 +1,21 @@
+// Copyright (c) Duende Software. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using PublicApiGenerator;
+
+namespace Duende.AspNetCore.Authentication.OAuth2Introspection;
+
+public class PublicApiVerification
+{
+    [Fact]
+    public async Task VerifyPublicApi()
+    {
+        var apiGeneratorOptions = new ApiGeneratorOptions
+        {
+            IncludeAssemblyAttributes = false
+        };
+        var publicApi = typeof(OAuth2IntrospectionHandler).Assembly.GeneratePublicApi(apiGeneratorOptions);
+        var settings = new VerifySettings();
+        await Verify(publicApi, settings);
+    }
+}