DeviceAuthorizationOptions Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Common.Configuration
DeviceAuthorizationOptions Class
Provides configuration options for the Device Authorization Grant (RFC 8628).
public record DeviceAuthorizationOptions : System.IEquatable<Abblix.Oidc.Server.Common.Configuration.DeviceAuthorizationOptions>
Inheritance System.Object → DeviceAuthorizationOptions
Implements System.IEquatable<DeviceAuthorizationOptions>
Properties
DeviceAuthorizationOptions.CodeLifetime Property
The lifetime of device_code and user_code. After this duration, the codes expire and the client must start a new device authorization request.
public System.TimeSpan CodeLifetime { get; set; }
Property Value
DeviceAuthorizationOptions.DeviceCodeLength Property
The length in bytes of the device code. The device code is a high-entropy string used by the client to poll the token endpoint. Must be at least 128 bits (16 bytes) of entropy per RFC 8628 Section 5.2.
public int DeviceCodeLength { get; set; }
Property Value
DeviceAuthorizationOptions.IpRateLimitStateExpiration Property
The expiration time for IP rate limit state in storage. Should be longer than RateLimitSlidingWindow to prevent premature cleanup.
public System.TimeSpan IpRateLimitStateExpiration { get; set; }
Property Value
DeviceAuthorizationOptions.MaxBackoffDuration Property
The maximum duration for exponential backoff blocking. Prevents indefinite blocking even with many failed attempts.
public System.TimeSpan MaxBackoffDuration { get; set; }
Property Value
DeviceAuthorizationOptions.MaxFailuresBeforeBackoff Property
The maximum number of failed user code verification attempts before exponential backoff is applied. Recommended by RFC 8628 Section 5.2 to prevent brute force attacks.
public int MaxFailuresBeforeBackoff { get; set; }
Property Value
DeviceAuthorizationOptions.MaxIpFailuresPerMinute Property
The maximum number of failed user code verification attempts allowed from a single IP address within a one-minute sliding window. Prevents distributed brute force attacks.
public int MaxIpFailuresPerMinute { get; set; }
Property Value
DeviceAuthorizationOptions.PollingInterval Property
The minimum interval that the client should wait between polling requests to the token endpoint.
public System.TimeSpan PollingInterval { get; set; }
Property Value
DeviceAuthorizationOptions.RateLimitSlidingWindow Property
The duration of the sliding window for per-IP rate limiting. Failed attempts outside this window are not counted toward the rate limit.
public System.TimeSpan RateLimitSlidingWindow { get; set; }
Property Value
DeviceAuthorizationOptions.UserCodeAlphabet Property
The alphabet used to generate user codes. Defaults to numeric digits "0123456789" for universal device compatibility. Can be set to letters like "BCDFGHJKLMNPQRSTVWXZ" (consonants without ambiguous characters) or alphanumeric like "BCDFGHJKLMNPQRSTVWXZ23456789".
public string UserCodeAlphabet { get; set; }
Property Value
DeviceAuthorizationOptions.UserCodeLength Property
The length of the user code (number of characters).
public int UserCodeLength { get; set; }
Property Value
DeviceAuthorizationOptions.VerificationUri Property
The user-facing URI where users can enter their user code. This should be short and easy to remember as users will manually type it. MUST use HTTPS for security per RFC 8628 Section 6.1.
public System.Uri VerificationUri { get; set; }