FlowTypeValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.Authorization.Validation
FlowTypeValidator Class
Validates the OAuth 2.0 flow type specified in the authorization request. This class determines if the requested flow type is supported and matches the expected patterns for authorization requests, as part of the validation process.
public class FlowTypeValidator : Abblix.Oidc.Server.Endpoints.Authorization.Validation.SyncAuthorizationContextValidatorBase
Inheritance System.Object → SyncAuthorizationContextValidatorBase → FlowTypeValidator
Constructors
FlowTypeValidator(ILogger<FlowTypeValidator>, IEnumerable<IAuthorizationResponseBuilder>, IOptions<OidcOptions>) Constructor
Validates the OAuth 2.0 flow type specified in the authorization request. This class determines if the requested flow type is supported and matches the expected patterns for authorization requests, as part of the validation process.
public FlowTypeValidator(Microsoft.Extensions.Logging.ILogger<Abblix.Oidc.Server.Endpoints.Authorization.Validation.FlowTypeValidator> logger, System.Collections.Generic.IEnumerable<Abblix.Oidc.Server.Endpoints.Authorization.Interfaces.IAuthorizationResponseBuilder> processors, Microsoft.Extensions.Options.IOptions<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options);
Parameters
logger Microsoft.Extensions.Logging.ILogger<FlowTypeValidator>
The logger to be used for logging purposes.
processors System.Collections.Generic.IEnumerable<IAuthorizationResponseBuilder>
The set of registered authorization response processors. The
validator rejects requests whose response_type contains a part with no matching
registered processor — this enforces OAuth 2.1 (draft) default-off Implicit Flow at the validation
layer (without EnableImplicitFlow(), no token / id_token processors exist
and any request asking for them gets unsupported_response_type).
options Microsoft.Extensions.Options.IOptions<OidcOptions>
Provides the server-wide default security profile a client inherits when it states none, used to reject implicit and hybrid response types for a client held to a code-only profile (FAPI 2.0).