BackChannelAuthenticationOptions Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Common.Configuration
BackChannelAuthenticationOptions Class
Provides configuration options for the backchannel authentication process.
public record BackChannelAuthenticationOptions : System.IEquatable<Abblix.Oidc.Server.Common.Configuration.BackChannelAuthenticationOptions>
Inheritance System.Object → BackChannelAuthenticationOptions
Implements System.IEquatable<BackChannelAuthenticationOptions>
Fields
BackChannelAuthenticationOptions.MinimumRequestIdLength Field
Minimum length for authentication request identifiers as required by CIBA specification (128 bits = 16 bytes).
public const int MinimumRequestIdLength = 16;
Field Value
Properties
BackChannelAuthenticationOptions.DefaultExpiry Property
Specifies the default expiration time for backchannel authentication requests. This value defines how long the authentication request will remain valid if no specific expiration time is requested. It is set to 5 minutes by default.
public System.TimeSpan DefaultExpiry { get; set; }
Property Value
BackChannelAuthenticationOptions.LongPollingTimeout Property
Specifies the maximum time a long-polling request will wait for authentication status changes. This timeout balances responsiveness (shorter timeout) vs server load (longer timeout). Default is 30 seconds.
public System.TimeSpan LongPollingTimeout { get; set; }
Property Value
Remarks
When a client polls for tokens while authentication is pending and long-polling is enabled, the server holds the connection open for up to this duration. If authentication completes during this window, the response is returned immediately. Otherwise, authorization_pending is returned after the timeout.
BackChannelAuthenticationOptions.MaximumExpiry Property
Specifies the maximum allowed expiration time for backchannel authentication requests. This value restricts the maximum duration an authentication request can be valid for, even if a longer expiration is requested. It is set to 30 minutes by default.
public System.TimeSpan MaximumExpiry { get; set; }
Property Value
BackChannelAuthenticationOptions.NotificationHttpClientHandlerLifetime Property
Specifies the lifetime for HTTP client handlers used in ping mode notifications. This controls how long HttpClient instances are pooled before being recreated.
public System.TimeSpan NotificationHttpClientHandlerLifetime { get; set; }
Property Value
Remarks
Default is 5 minutes. Shorter lifetimes help with DNS changes and connection pool refresh, but may impact performance. Longer lifetimes reduce overhead but may cause stale connections.
BackChannelAuthenticationOptions.NotificationHttpClientTimeout Property
Bounds how long the server waits when POSTing a ping/push notification to a client's notification endpoint. Caps the time a slow or unresponsive client-controlled endpoint can tie up the authentication-completion path. Default is 30 seconds.
public System.TimeSpan NotificationHttpClientTimeout { get; set; }
Property Value
BackChannelAuthenticationOptions.PollingInterval Property
Defines the polling interval used by clients to check the status of a backchannel authentication request. It is set to 5 seconds by default, ensuring that clients can frequently check for authentication updates without overwhelming the server.
public System.TimeSpan PollingInterval { get; set; }
Property Value
BackChannelAuthenticationOptions.RequestIdLength Property
Specifies the length of authentication request identifiers used by the OIDC server. This value ensures that each backchannel authentication request is uniquely identified. Per CIBA specification, the auth_req_id MUST have a minimum entropy of 128 bits (16 bytes).
public int RequestIdLength { get; init; }
Property Value
Remarks
The minimum value is 16 bytes (128 bits) as required by OpenID Connect CIBA specification. Default is 64 bytes (512 bits) for enhanced security.
BackChannelAuthenticationOptions.UseLongPolling Property
Indicates whether long polling is used for backchannel authentication status updates. When set to true, clients may use long polling techniques to wait for authentication status changes, which reduces the need for frequent polling requests.
public bool UseLongPolling { get; set; }
Property Value
BackChannelAuthenticationOptions.UserCodeParameterSupported Property
Indicates whether the server supports the user_code parameter in backchannel authentication requests. When enabled, clients may provide a user code that must be validated during authentication.
public bool UserCodeParameterSupported { get; set; }
Property Value
Remarks
This is an optional CIBA feature. When enabled, the UserCodeValidator will enforce user code presence for clients configured to require it.