PkceValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.Authorization.Validation
PkceValidator Class
Validates the PKCE (Proof Key for Code Exchange) parameters in an authorization request. PKCE adds another layer of security for the OAuth 2.0 authorization code flow, particularly in public clients. It ensures that the authorization request conforms to the standards defined in RFC 7636 (specifically, see Section 4.3 for client validation requirements).
public class PkceValidator : Abblix.Oidc.Server.Endpoints.Authorization.Validation.IAuthorizationContextValidator
Inheritance System.Object → PkceValidator
Implements IAuthorizationContextValidator
Constructors
PkceValidator(IOptions<OidcOptions>, IAuthorizationValueReuseDetector) Constructor
Validates the PKCE (Proof Key for Code Exchange) parameters in an authorization request. PKCE adds another layer of security for the OAuth 2.0 authorization code flow, particularly in public clients. It ensures that the authorization request conforms to the standards defined in RFC 7636 (specifically, see Section 4.3 for client validation requirements).
public PkceValidator(Microsoft.Extensions.Options.IOptions<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options, Abblix.Oidc.Server.Features.ReusePrevention.IAuthorizationValueReuseDetector reuseDetector);
Parameters
options Microsoft.Extensions.Options.IOptions<OidcOptions>
Provides the server-wide default security profile a client inherits when it states none, which tightens PKCE enforcement (mandatory PKCE, S256-only) under a profile.
reuseDetector IAuthorizationValueReuseDetector
Detects a client repeating a code_challenge across authorization requests when reuse detection is enabled (RFC 9700 Section 2.1.1).
Methods
PkceValidator.ValidateAsync(AuthorizationValidationContext) Method
Validates the PKCE-related parameters in the authorization request against the client's configuration. This method checks for compliance with PKCE specifications as outlined in RFC 7636, with particular attention to the guidelines in Section 4.3 of the document.
public System.Threading.Tasks.Task<Abblix.Oidc.Server.Endpoints.Authorization.Interfaces.AuthorizationRequestValidationError?> ValidateAsync(Abblix.Oidc.Server.Endpoints.Authorization.Validation.AuthorizationValidationContext context);
Parameters
context AuthorizationValidationContext
The validation context containing client information and request details.
Implements ValidateAsync(AuthorizationValidationContext)
Returns
System.Threading.Tasks.Task<AuthorizationRequestValidationError>
An AuthorizationRequestValidationError if the validation fails due to non-compliance with PKCE requirements,
or null if the request is valid. Refer to Section 4.3 of RFC 7636 for more details.