Skip to main content

DeviceAuthorizationOptions Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Common.Configuration

DeviceAuthorizationOptions Class

Provides configuration options for the Device Authorization Grant (RFC 8628).

public record DeviceAuthorizationOptions : System.IEquatable<Abblix.Oidc.Server.Common.Configuration.DeviceAuthorizationOptions>

Inheritance System.Object → DeviceAuthorizationOptions

Implements System.IEquatable<DeviceAuthorizationOptions>

Properties

DeviceAuthorizationOptions.CodeLifetime Property

The lifetime of device_code and user_code. After this duration, the codes expire and the client must start a new device authorization request.

public System.TimeSpan CodeLifetime { get; set; }

Property Value

System.TimeSpan

DeviceAuthorizationOptions.DeviceCodeLength Property

The length in bytes of the device code. The device code is a high-entropy string used by the client to poll the token endpoint. Must be at least 128 bits (16 bytes) of entropy per RFC 8628 Section 5.2.

public int DeviceCodeLength { get; set; }

Property Value

System.Int32

DeviceAuthorizationOptions.IpRateLimitStateExpiration Property

The expiration time for IP rate limit state in storage. Should be longer than RateLimitSlidingWindow to prevent premature cleanup.

public System.TimeSpan IpRateLimitStateExpiration { get; set; }

Property Value

System.TimeSpan

DeviceAuthorizationOptions.MaxBackoffDuration Property

The maximum duration for exponential backoff blocking. Prevents indefinite blocking even with many failed attempts.

public System.TimeSpan MaxBackoffDuration { get; set; }

Property Value

System.TimeSpan

DeviceAuthorizationOptions.MaxFailuresBeforeBackoff Property

The maximum number of failed user code verification attempts before exponential backoff is applied. Recommended by RFC 8628 Section 5.2 to prevent brute force attacks.

public int MaxFailuresBeforeBackoff { get; set; }

Property Value

System.Int32

DeviceAuthorizationOptions.MaxIpFailuresPerMinute Property

The maximum number of failed user code verification attempts allowed from a single IP address within a one-minute sliding window. Prevents distributed brute force attacks.

public int MaxIpFailuresPerMinute { get; set; }

Property Value

System.Int32

DeviceAuthorizationOptions.PollingInterval Property

The minimum interval that the client should wait between polling requests to the token endpoint.

public System.TimeSpan PollingInterval { get; set; }

Property Value

System.TimeSpan

DeviceAuthorizationOptions.RateLimitSlidingWindow Property

The duration of the sliding window for per-IP rate limiting. Failed attempts outside this window are not counted toward the rate limit.

public System.TimeSpan RateLimitSlidingWindow { get; set; }

Property Value

System.TimeSpan

DeviceAuthorizationOptions.UserCodeAlphabet Property

The alphabet used to generate user codes. Defaults to numeric digits "0123456789" for universal device compatibility. Can be set to letters like "BCDFGHJKLMNPQRSTVWXZ" (consonants without ambiguous characters) or alphanumeric like "BCDFGHJKLMNPQRSTVWXZ23456789".

public string UserCodeAlphabet { get; set; }

Property Value

System.String

DeviceAuthorizationOptions.UserCodeLength Property

The length of the user code (number of characters).

public int UserCodeLength { get; set; }

Property Value

System.Int32

DeviceAuthorizationOptions.VerificationUri Property

The user-facing URI where users can enter their user code. This should be short and easy to remember as users will manually type it. MUST use HTTPS for security per RFC 8628 Section 6.1.

public System.Uri VerificationUri { get; set; }

Property Value

System.Uri