Skip to main content

Abblix.Oidc.Server.Endpoints.BackChannelAuthentication.Validation Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.BackChannelAuthentication.Validation Namespace

Classes
BackChannelAuthenticationValidationContextRepresents the context for validating a backchannel authentication request. This context encapsulates the details of the authentication request, allowing validators to perform the necessary checks and validations according to the backchannel authentication flow.
BackChannelAuthenticationValidatorCompositeRepresents a composite validator for backchannel authentication contexts, aggregating multiple validation steps into a single validation process. This class implements IBackChannelAuthenticationContextValidator and allows for the combination of multiple validators that are executed sequentially.
BackChannelAuthorizationDetailsValidatorThin endpoint-side adapter that delegates the RFC 9396 §3 CIBA authorization_details validation to ApplyAsync(JsonArray, ClientInfo, CancellationToken). The composite already returns an OidcError with error = invalid_authorization_details, so this adapter just propagates it directly. All actual policy lives on the composite validator so /authorize, /par, CIBA and (future) device-flow endpoints share one source of truth.
ClientValidatorValidates the client in a backchannel authentication request, ensuring the client is registered and authorized to perform the request as part of the authentication validation process.
PingModeValidatorValidates required parameters for CIBA ping mode authentication requests. Ensures that clients using ping mode have proper configuration and provide necessary tokens.
PushModeValidatorValidates required parameters for CIBA push mode authentication requests. Ensures that clients using push mode have proper HTTPS endpoint configuration.
RequestedExpiryValidatorValidates the requested expiry time for a backchannel authentication request. Ensures that the requested expiry is within the allowed range and assigns a valid expiry time to the context.
ResourceValidatorValidates resources specified in authorization requests to ensure they conform to registered definitions and policies. This validator checks whether the resources requested in the authorization process are recognized by the system and permitted for the requesting client, extending the base functionality of resource validation by incorporating integration with the authorization context.
ScopeValidatorValidates the scopes in OAuth 2.0 authorization requests for backchannel authentication. This validator ensures that the requested scopes are allowed based on the client's configuration and the type of OAuth flow being used. It checks for scope compatibility and prevents unauthorized or excessive scope requests, reinforcing the security policies and minimizing scope-related vulnerabilities.
UserCodeValidatorValidates the presence of a UserCode in backchannel authentication requests, based on the client and provider configuration. This validator ensures that if the client or provider requires the UserCode parameter for backchannel authentication, it is included in the request.
UserIdentityValidatorValidates the user's identity in a backchannel authentication request, ensuring that valid identity hints (e.g., login hints, tokens) are provided and correctly processed.
Interfaces
IBackChannelAuthenticationContextValidatorDefines a contract for validating the context of a backchannel authentication request. Implementations of this interface are responsible for ensuring that the backchannel authentication request meets all necessary validation criteria based on the context, which may include client information, requested scopes, and other parameters.