Skip to main content

OidcEndpoints Enum

Abblix.Oidc.Server

Abblix.Oidc.Server.Common.Configuration

OidcEndpoints Enum

Flags representing the various OpenID Connect (OIDC) endpoints that the provider can expose. These flags enable fine-grained control over which endpoints are enabled or disabled.

public enum OidcEndpoints

Fields

All 8191

All OIDC endpoints are available, covering the full range of OpenID Connect operations.

Base 1119

The base set of endpoints for a typical OpenID Provider: discovery, JWKS, the interactive authorization and token core, PAR, UserInfo and RP-initiated logout. This is the default value of EnabledEndpoints — the minimal functional provider on top of which the opt-in endpoints are added. It deliberately excludes the six opt-in endpoints — CheckSession, Revocation, Introspection, RegisterClient, BackChannelAuthentication and DeviceAuthorization — each of which is niche, security-sensitive or carries its own grant, and is enabled by a dedicated AddX() call that both registers the feature and re-enables its flag. A server that opts into none of them exposes exactly this set and neither advertises nor validates an endpoint it was never asked to serve.

Configuration 1

The configuration endpoint, used by clients to dynamically discover information about the OpenID Provider. This typically provides metadata such as available endpoints, supported grant types, and signing algorithms.

Keys 2

The keys endpoint, which provides public keys for validating the signatures of issued tokens. It is essential for clients to verify the integrity and authenticity of tokens.

Authorize 4

The authorization endpoint, where user authentication and consent is initiated. This is the entry point for most OpenID Connect flows, particularly for obtaining authorization codes.

Token 8

The token endpoint, used to exchange authorization codes for tokens such as access tokens and ID tokens. It also supports other grant types like client credentials and refresh tokens.

UserInfo 16

The user info endpoint, where authenticated user claims are retrieved after a successful authentication process. It provides information such as the user's name, email, and other identity claims.

CheckSession 32

The check session endpoint, typically used in single sign-on (SSO) scenarios to monitor the user's session state. It helps in detecting if the user session is still active or if the user has logged out.

EndSession 64

The end session endpoint, which allows clients to log the user out from the OpenID Provider. It is used to terminate the user's session and notify relying parties of the logout event.

Revocation 128

The revocation endpoint, where clients can revoke access or refresh tokens. This is a security measure to invalidate tokens that are no longer needed or in cases of token compromise.

Introspection 256

The introspection endpoint, where clients can check the status of a token (e.g., whether it is active or expired). It provides detailed information about the token such as its expiration time and associated scopes.

RegisterClient 512

The client registration endpoint, which allows dynamic registration of clients. Clients can use this endpoint to register themselves with the OpenID Provider, typically during setup.

PushedAuthorizationRequest 1024

The pushed authorization request endpoint, where clients can pre-register authorization requests with the provider. It provides an additional layer of security in certain authorization flows.

BackChannelAuthentication 2048

The backchannel authentication endpoint, used in CIBA (Client-Initiated Backchannel Authentication) flows. It allows clients to initiate out-of-band authentication requests, often via a separate user device.

DeviceAuthorization 4096

The device authorization endpoint, used in Device Authorization Grant (RFC 8628) flows. It allows devices with limited input capabilities to obtain user authorization via a secondary device.