| BackChannelAuthenticationValidationContext | Represents the context for validating a backchannel authentication request. This context encapsulates the details of the authentication request, allowing validators to perform the necessary checks and validations according to the backchannel authentication flow. |
| BackChannelAuthenticationValidatorComposite | Represents a composite validator for backchannel authentication contexts, aggregating multiple validation steps into a single validation process. This class implements IBackChannelAuthenticationContextValidator and allows for the combination of multiple validators that are executed sequentially. |
| BackChannelAuthorizationDetailsValidator | Thin endpoint-side adapter that delegates the RFC 9396 §3 CIBA authorization_details validation to ApplyAsync(JsonArray, ClientInfo, CancellationToken). The composite already returns an OidcError with error = invalid_authorization_details, so this adapter just propagates it directly. All actual policy lives on the composite validator so /authorize, /par, CIBA and (future) device-flow endpoints share one source of truth. |
| ClientValidator | Validates the client in a backchannel authentication request, ensuring the client is registered and authorized to perform the request as part of the authentication validation process. |
| PingModeValidator | Validates required parameters for CIBA ping mode authentication requests. Ensures that clients using ping mode have proper configuration and provide necessary tokens. |
| PushModeValidator | Validates required parameters for CIBA push mode authentication requests. Ensures that clients using push mode have proper HTTPS endpoint configuration. |
| RequestedExpiryValidator | Validates the requested expiry time for a backchannel authentication request. Ensures that the requested expiry is within the allowed range and assigns a valid expiry time to the context. |
| ResourceValidator | Validates resources specified in authorization requests to ensure they conform to registered definitions and policies. This validator checks whether the resources requested in the authorization process are recognized by the system and permitted for the requesting client, extending the base functionality of resource validation by incorporating integration with the authorization context. |
| ScopeValidator | Validates the scopes in OAuth 2.0 authorization requests for backchannel authentication. This validator ensures that the requested scopes are allowed based on the client's configuration and the type of OAuth flow being used. It checks for scope compatibility and prevents unauthorized or excessive scope requests, reinforcing the security policies and minimizing scope-related vulnerabilities. |
| UserCodeValidator | Validates the presence of a UserCode in backchannel authentication requests, based on the client and provider configuration. This validator ensures that if the client or provider requires the UserCode parameter for backchannel authentication, it is included in the request. |
| UserIdentityValidator | Validates the user's identity in a backchannel authentication request, ensuring that valid identity hints (e.g., login hints, tokens) are provided and correctly processed. |