Skip to main content

PkceValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.Authorization.Validation

PkceValidator Class

Validates the PKCE (Proof Key for Code Exchange) parameters in an authorization request. PKCE adds another layer of security for the OAuth 2.0 authorization code flow, particularly in public clients. It ensures that the authorization request conforms to the standards defined in RFC 7636 (specifically, see Section 4.3 for client validation requirements).

public class PkceValidator : Abblix.Oidc.Server.Endpoints.Authorization.Validation.IAuthorizationContextValidator

Inheritance System.Object → PkceValidator

Implements IAuthorizationContextValidator

Constructors

PkceValidator(IOptions<OidcOptions>, IAuthorizationValueReuseDetector) Constructor

Validates the PKCE (Proof Key for Code Exchange) parameters in an authorization request. PKCE adds another layer of security for the OAuth 2.0 authorization code flow, particularly in public clients. It ensures that the authorization request conforms to the standards defined in RFC 7636 (specifically, see Section 4.3 for client validation requirements).

public PkceValidator(Microsoft.Extensions.Options.IOptions<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options, Abblix.Oidc.Server.Features.ReusePrevention.IAuthorizationValueReuseDetector reuseDetector);

Parameters

options Microsoft.Extensions.Options.IOptions<OidcOptions>

Provides the server-wide default security profile a client inherits when it states none, which tightens PKCE enforcement (mandatory PKCE, S256-only) under a profile.

reuseDetector IAuthorizationValueReuseDetector

Detects a client repeating a code_challenge across authorization requests when reuse detection is enabled (RFC 9700 Section 2.1.1).

Methods

PkceValidator.ValidateAsync(AuthorizationValidationContext) Method

Validates the PKCE-related parameters in the authorization request against the client's configuration. This method checks for compliance with PKCE specifications as outlined in RFC 7636, with particular attention to the guidelines in Section 4.3 of the document.

public System.Threading.Tasks.Task<Abblix.Oidc.Server.Endpoints.Authorization.Interfaces.AuthorizationRequestValidationError?> ValidateAsync(Abblix.Oidc.Server.Endpoints.Authorization.Validation.AuthorizationValidationContext context);

Parameters

context AuthorizationValidationContext

The validation context containing client information and request details.

Implements ValidateAsync(AuthorizationValidationContext)

Returns

System.Threading.Tasks.Task<AuthorizationRequestValidationError>
An AuthorizationRequestValidationError if the validation fails due to non-compliance with PKCE requirements, or null if the request is valid. Refer to Section 4.3 of RFC 7636 for more details.