Skip to main content

ScopeValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.BackChannelAuthentication.Validation

ScopeValidator Class

Validates the scopes in OAuth 2.0 authorization requests for backchannel authentication. This validator ensures that the requested scopes are allowed based on the client's configuration and the type of OAuth flow being used. It checks for scope compatibility and prevents unauthorized or excessive scope requests, reinforcing the security policies and minimizing scope-related vulnerabilities.

public class ScopeValidator : Abblix.Oidc.Server.Endpoints.BackChannelAuthentication.Validation.IBackChannelAuthenticationContextValidator

Inheritance System.Object → ScopeValidator

Implements IBackChannelAuthenticationContextValidator

Constructors

ScopeValidator(IScopeManager) Constructor

Validates the scopes in OAuth 2.0 authorization requests for backchannel authentication. This validator ensures that the requested scopes are allowed based on the client's configuration and the type of OAuth flow being used. It checks for scope compatibility and prevents unauthorized or excessive scope requests, reinforcing the security policies and minimizing scope-related vulnerabilities.

public ScopeValidator(Abblix.Oidc.Server.Features.ScopeManagement.IScopeManager scopeManager);

Parameters

scopeManager IScopeManager

The scope manager used to validate scopes.

Methods

ScopeValidator.ValidateAsync(BackChannelAuthenticationValidationContext) Method

Validates the scopes in the context of the backchannel authentication request, checking if they align with the client's permissions and the OAuth flow. This method prevents the client from requesting unauthorized scopes, such as offline access, unless explicitly allowed by the client's configuration.

public System.Threading.Tasks.Task<Abblix.Oidc.Server.Common.OidcError?> ValidateAsync(Abblix.Oidc.Server.Endpoints.BackChannelAuthentication.Validation.BackChannelAuthenticationValidationContext context);

Parameters

context BackChannelAuthenticationValidationContext

The validation context that includes details about the request and the client.

Implements ValidateAsync(BackChannelAuthenticationValidationContext)

Returns

System.Threading.Tasks.Task<OidcError>
A OidcError if the scope validation fails, or null if the scopes in the request are valid.