Skip to main content

ClientSecurityProfile Enum

Abblix.Oidc.Server

Abblix.Oidc.Server.Common.Constants

ClientSecurityProfile Enum

A named bundle of security controls a client is held to. Selecting a profile forces the whole bundle on the client at once and prevents an individual toggle from silently weakening it, which is what makes a client conformant with one setting instead of several hand-tuned flags.

public enum ClientSecurityProfile

Fields

None 0

No bundled profile: the client is governed only by its individual metadata flags. As a client's explicit value this is an opt-out that overrides the server-wide default; as the server-wide DefaultSecurityProfile it imposes nothing. A client that states no preference leaves its profile unset (null) rather than selecting this.

Fapi2 1

The FAPI 2.0 Security Profile. Forces PKCE restricted to S256, Pushed Authorization Requests, sender-constrained (DPoP) tokens, and the authorization-code response type only, regardless of the client's individual toggles. This is the prerequisite for running the OpenID Foundation FAPI 2.0 conformance suite against the client.

Remarks

Deliberately a closed enum rather than a set of independent booleans: the value set is fixed by the library (a host cannot invent a profile), and a single discriminator is what the effective-policy lookup and the fail-loud self-consistency check both key on. New profiles (message-signing, HAIP, …) extend this enum; the control mapping lives in SecurityProfileRequirements so adding one touches a single place.