Skip to main content

SignedRequestObjectRequirementValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.Authorization.Validation

SignedRequestObjectRequirementValidator Class

Enforces the RFC 9101 §10.5 require_signed_request_object client metadata: a client that committed to it must deliver its authorization parameters as a signed request object. A request that came neither from a request object nor from a PAR-stored request is plain parameters and is rejected. The PAR push itself runs through the same validator pipeline, so a flagged client cannot smuggle plain parameters in via PAR either; the signature itself (rejecting the none algorithm) is enforced by the request-object fetcher where the JWT is validated.

public class SignedRequestObjectRequirementValidator : Abblix.Oidc.Server.Endpoints.Authorization.Validation.SyncAuthorizationContextValidatorBase

Inheritance System.ObjectSyncAuthorizationContextValidatorBase → SignedRequestObjectRequirementValidator