Skip to main content

Abblix.Oidc.Server.Common.Configuration Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Common.Configuration Namespace

Classes
BackChannelAuthenticationOptionsProvides configuration options for the backchannel authentication process.
BackChannelLogoutOptionsBack-channel logout settings for a single client, as defined by the OpenID Connect Back-Channel Logout 1.0 specification. The OP delivers a signed logout token directly (server-to-server) to the configured endpoint when an end-session occurs, bypassing the user agent.
CheckSessionCookieOptionsDefines options for the session check cookie used in monitoring changes in session status.
ClientIdOptionsRepresents options for generating client IDs.
ClientJwksConfigurationExtensionsConfiguration-time extensions that populate Jwks from raw configuration sections by binding into JsonWebKeySetSettings (a flat DTO that Microsoft.Extensions.Configuration can handle natively) and mapping to the polymorphic JsonWebKey hierarchy.
ClientSecretOptionsConfiguration options for generating client secrets in OAuth2/OpenID Connect authentication.
DeviceAuthorizationOptionsProvides configuration options for the Device Authorization Grant (RFC 8628).
DiscoveryOptionsDefines discovery endpoint options.
DPoPNonceOptionsDPoP-specific extension of NonceOptions per RFC 9449 §8. Inherits the generic primitive's AcceptanceWindow and RotationInterval so DPoP can override them independently of any other nonce-service consumer, and adds the per-endpoint policy that says which OAuth endpoints reject DPoP proofs without a nonce claim (responding with use_dpop_nonce and a fresh DPoP-Nonce header).
DPoPOptionsConfiguration options for OAuth 2.0 DPoP (RFC 9449), covering the proof validator's iat tolerance and DPoP-specific nonce policy. The nonce sub-section inherits from the generic NonceOptions so DPoP can configure stricter values independently of other nonce-service consumers without duplicating field definitions.
FrontChannelLogoutOptionsFront-channel logout settings for a single client, as defined by the OpenID Connect Front-Channel Logout 1.0 specification. Tells the authorization server which URL to load in a hidden iframe during end-session processing and whether the iframe URL must carry the user's session identifier.
JsonWebKeySetSettingsFlat configuration DTO for a JsonWebKeySet, mirroring RFC 7517 Section 5 (a JSON object with a single keys array). See JsonWebKeySettings for the per-key DTO and the design rationale.
JsonWebKeySettingsFlat configuration DTO for a single JSON Web Key, suitable for binding via Microsoft.Extensions.Configuration which cannot instantiate the abstract JsonWebKey base type directly. All cryptographic byte-array members are bound as base64url-encoded strings per RFC 7517; ToJsonWebKey() decodes them and maps the flat shape to the correct concrete subtype based on Kty.
JwtBearerOptionsConfiguration options for JWT Bearer grant type (RFC 7523). Defines trusted external identity providers whose JWT assertions can be exchanged for access tokens.
MtlsAliasesOptionsOptions for RFC 8705 mTLS endpoint aliases in discovery. Allows explicitly setting alias URIs. Use DiscoveryOptions.MtlsBaseUri to auto-compute aliases.
NewClientOptionsDefaults used by the dynamic client registration endpoint when minting credentials for a newly registered client: how its client identifier and client secret are generated and how long the secret stays valid.
OidcOptionsThe root of the OIDC configuration. Provides the simplest way to configure and start your OIDC server.
SoftwareStatementOptionsConfiguration options for software statement validation per RFC 7591 Section 2.3. Software statements are signed JWTs issued by a third-party authority asserting metadata values about the client software.
TrustedIssuerRepresents a trusted external identity provider for JWT Bearer grant type.
Structs
RefreshTokenOptionsLifetime and reuse policy for refresh tokens issued by the token endpoint. Combines an absolute ceiling with an optional sliding window so long-running sessions stay alive only while the client keeps using them.
Enums
OidcEndpointsFlags representing the various OpenID Connect (OIDC) endpoints that the provider can expose. These flags enable fine-grained control over which endpoints are enabled or disabled.