TrustedIssuer Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Common.Configuration
TrustedIssuer Class
Represents a trusted external identity provider for JWT Bearer grant type.
public record TrustedIssuer : System.IEquatable<Abblix.Oidc.Server.Common.Configuration.TrustedIssuer>
Inheritance System.Object → TrustedIssuer
Implements System.IEquatable<TrustedIssuer>
Properties
TrustedIssuer.AllowedAlgorithms Property
The list of allowed signing algorithms for JWT assertions from this issuer. If specified, JWTs signed with algorithms not in this list will be rejected. If null or empty, the default secure algorithms are used: RS256, RS384, RS512, ES256, ES384, ES512.
public string[]? AllowedAlgorithms { get; init; }
Property Value
Remarks
This provides defense against algorithm substitution attacks (e.g., CVE-2015-9235). The 'none' algorithm is never allowed regardless of this setting.
TrustedIssuer.AllowedScopes Property
The list of allowed scopes that can be requested when using JWT assertions from this issuer. If null, all scopes are allowed. If specified, only listed scopes will be granted.
public string[]? AllowedScopes { get; init; }
Property Value
TrustedIssuer.Description Property
Optional description of this trusted issuer for documentation and logging purposes.
public string? Description { get; init; }
Property Value
TrustedIssuer.Issuer Property
The issuer identifier (iss claim value) of the trusted identity provider. Must exactly match the 'iss' claim in JWT assertions from this provider.
public string Issuer { get; init; }
Property Value
Example
TrustedIssuer.JwksUri Property
The URL to the JSON Web Key Set (JWKS) endpoint for this issuer. Used to retrieve public keys for verifying JWT assertion signatures.
public System.Uri JwksUri { get; init; }
Property Value
Example
https://accounts.google.com/.well-known/jwks.json
Remarks
Typically this is the issuer's .well-known/jwks.json endpoint. The keys will be cached and refreshed according to standard JWKS caching policies.