SignedRequestObjectRequirementValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.Authorization.Validation
SignedRequestObjectRequirementValidator Class
Enforces the RFC 9101 §10.5 require_signed_request_object client metadata: a client that
committed to it must deliver its authorization parameters as a signed request object. A request
that came neither from a request object nor from a PAR-stored request is plain parameters and is
rejected. The PAR push itself runs through the same validator pipeline, so a flagged client
cannot smuggle plain parameters in via PAR either; the signature itself (rejecting the
none algorithm) is enforced by the request-object fetcher where the JWT is validated.
public class SignedRequestObjectRequirementValidator : Abblix.Oidc.Server.Endpoints.Authorization.Validation.SyncAuthorizationContextValidatorBase
Inheritance System.Object → SyncAuthorizationContextValidatorBase → SignedRequestObjectRequirementValidator