ClientSecurityProfile Enum
Abblix.Oidc.Server
Abblix.Oidc.Server.Common.Constants
ClientSecurityProfile Enum
A named bundle of security controls a client is held to. Selecting a profile forces the whole bundle on the client at once and prevents an individual toggle from silently weakening it, which is what makes a client conformant with one setting instead of several hand-tuned flags.
public enum ClientSecurityProfile
Fields
None 0
No bundled profile: the client is governed only by its individual metadata flags. As a client's
explicit value this is an opt-out that overrides the server-wide default; as the server-wide
DefaultSecurityProfile it imposes nothing. A client that
states no preference leaves its profile unset (null) rather than selecting this.
Fapi2 1
The FAPI 2.0 Security Profile. Forces PKCE restricted to S256, Pushed Authorization
Requests, sender-constrained (DPoP) tokens, and the authorization-code response type only,
regardless of the client's individual toggles. This is the prerequisite for running the
OpenID Foundation FAPI 2.0 conformance suite against the client.
Remarks
Deliberately a closed enum rather than a set of independent booleans: the value set is fixed by the library (a host cannot invent a profile), and a single discriminator is what the effective-policy lookup and the fail-loud self-consistency check both key on. New profiles (message-signing, HAIP, …) extend this enum; the control mapping lives in SecurityProfileRequirements so adding one touches a single place.