Skip to main content

Abblix.Oidc.Server.Endpoints.Authorization.Interfaces Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.Authorization.Interfaces Namespace

Classes
AccountSelectionRequiredOutcome signalling that more than one active end-user session matches the request and the host UI must let the user pick one before authorization can continue. Maps to OpenID Connect Core 1.0 §3.1.2.6 account_selection_required when prompt=none; otherwise the host renders an account picker over the supplied Users set.
AuthorizationEndpointMetadataHolds metadata for the authorization endpoint, detailing the capabilities and supported standards.
AuthorizationErrorRepresents an error response for an authorization request, detailing the nature of the error.
AuthorizationRequestValidationErrorRepresents a specific type of validation result for an authorization request that has been deemed invalid. This record details the nature of the validation failure through an error code and description, providing insights into why the request did not pass validation checks. It also includes the redirect URI to guide the client on where to direct the user for further actions if necessary.
AuthorizationResponseRepresents the response to an authorization request. This abstract record serves as a base for specific authorization response implementations. It should be inherited by classes that define the detailed structure and behavior of different types of authorization responses.
AuthorizationResponse.ParametersWire-level parameter names returned to the client by the authorization endpoint (via query, fragment, form_post, or — under JARM — as claims inside the single response JWT). Shared by the core response encoder and the MVC serialization DTO so the two never drift.
ClientDeliveredResponseBase for the authorization responses that are delivered to the client's redirect_uri (SuccessfullyAuthenticated and AuthorizationError), as opposed to the interaction responses (LoginRequired, ConsentRequired, …) that redirect to the authorization server's own UI. These are the responses the IAuthorizationResponseEncoder encodes: it sets the iss (RFC 9207) value, and for a JARM (*.jwt) request packs the parameters into ResponseJwt and resolves ResponseMode to its plaintext delivery counterpart.
ConsentRequiredOutcome signalling that the user is authenticated but has not yet granted every scope or resource the client is asking for, so the host must show its consent UI for the deltas in RequiredUserConsents. Maps to OpenID Connect Core 1.0 §3.1.2.6 consent_required when prompt=none.
InteractionRequiredOutcome signalling that an end-user is signed in but additional UI interaction (a step-up, missing claim, MFA challenge or similar) must complete before the authorization request can be fulfilled. Maps to OpenID Connect Core 1.0 §3.1.2.6 interaction_required when prompt=none.
LoginRequiredOutcome signalling that the host must surface its login UI: either no eligible session exists, or the client requested forced reauthentication via prompt=login / max_age. Maps to OpenID Connect Core 1.0 §3.1.2.6 login_required when prompt=none.
RegistrationRequiredOutcome signalling that the host must surface its account-creation UI: the client requested user registration via prompt=create (Initiating User Registration via OpenID Connect 1.0). Per that specification the registration experience is shown regardless of whether the user currently has an authenticated session.
SuccessfullyAuthenticatedRepresents a successful authentication response, encapsulating details about the outcome of an authentication request, including any tokens issued as a result.
ValidAuthorizationRequestOutput of IAuthorizationRequestValidator handed to IAuthorizationRequestProcessor. Snapshot of the data resolved during validation: the wire-level request, the authenticated client, the negotiated response mode (per OAuth 2.0 Multiple Response Types / Form Post), and the materialized scope and resource definitions ready for consent and token issuance.
Interfaces
IAuthorizationHandlerDefines a contract for handling authorization requests, ensuring they are processed according to OAuth 2.0 and OpenID Connect protocol specifications.
IAuthorizationRequestProcessorDefines the interface for processing authorization requests according to OpenID Connect and OAuth 2.0 specifications. It handles the end-user's authentication, authorization decision, and the issuance of authorization codes and tokens.
IAuthorizationRequestValidatorDefines the interface for validating authorization requests in accordance with OpenID Connect Core 1.0 specifications. It assesses if a request complies with the required parameters and constraints for authentication and authorization processes.
IAuthorizationResponseBuilderContributes one response-type component to the authorization endpoint's success response. Each implementation owns a single value of the OAuth 2.0 / OIDC response_type parameter (for example code, token, or id_token) and populates the corresponding field on the running SuccessfullyAuthenticated result.
IAuthorizationResponseEncoderApplies the protocol-level encoding of an authorization response in the framework-agnostic core: the iss (RFC 9207) and implicit/hybrid scope gating, and — when the client requested a JARM (*.jwt) response mode — packing all response parameters into the response JWT and resolving the plaintext delivery mode.