| ClientCredentialFactory | Coordinates credential generation by composing ID generation, secret generation, hashing, and expiration calculation. Uses SHA-512 for strong cryptographic hashing while maintaining configurable secret length and expiration policies. |
| ClientRequestValidator | Default IClientRequestValidator for the RFC 7592 client configuration endpoint. First verifies the registration access token is bound to the requested client_id, then loads the corresponding ClientInfo from storage and rejects the request when no record exists. |
| InitialAccessTokenRevocationProvider | Default implementation that checks revocation against RevokedInitialAccessTokenSubjects. For production use with large or dynamic revocation lists, replace with a database- or cache-backed implementation. |
| InitialAccessTokenService | Issues initial access tokens for authorizing client registration per RFC 7591 Section 3. |
| ReadClientHandler | Handles client configuration retrieval requests in OAuth 2.0 Dynamic Client Registration protocol. Coordinates validation and processing to securely fetch registered client information. |
| ReadClientRequestProcessor | Builds the RFC 7592 §2.1 read-client response from stored client metadata. The client_secret is intentionally omitted because secrets are persisted only as hashes; a registration access token bearing the client's current jti is re-issued so the client can keep using the management endpoint after the read, without invalidating the token it presented (read stays idempotent — only update rotates the jti). |
| RegisterClientHandler | Default implementation of IRegisterClientHandler that runs validation (RFC 7591 §2 metadata + OIDC DCR 1.0) followed by processing (credential issuance, persistence, and registration access token generation per RFC 7591 §3.2.1 / RFC 7592 §3). |
| RegisterClientRequestProcessor | Handles the registration of new clients by generating the necessary credentials and adding client information to the system. Ensures the secure and compliant registration of clients as per OAuth 2.0 and OpenID Connect standards. |
| RegisterClientRequestValidator | Default validator for new-client registration (POST), wrapping the request in a ClientRegistrationValidationContext with Register and delegating to the configured IClientRegistrationContextValidator pipeline. |
| RegistrationAccessTokenService | Issues registration access tokens for managing registered clients per RFC 7592 Section 3. |
| RegistrationAccessTokenStore | Default IRegistrationAccessTokenStore backed by the distributed IEntityStorage, so the client-to-token-jti binding is shared across all server replicas. The entry is stored without expiration — it lives as long as the client is registered — and is removed when the client is deregistered. |
| RegistrationAccessTokenValidator | Default implementation of IRegistrationAccessTokenValidator. Requires a Bearer scheme, validates the JWT signature and lifetime via IAuthServiceJwtValidator, then enforces that the token's typ is registration_access_token and that its sub and aud both equal the requested client_id. |
| RemoveClientHandler | Default implementation of IRemoveClientHandler that authenticates the registration access token via IClientRequestValidator and, on success, delegates to the processor to delete the client per RFC 7592 §2.3. |
| RemoveClientRequestProcessor | Performs the storage-level deregistration of a client through the configured IClientInfoManager per RFC 7592 §2.3. |
| UpdateClientHandler | Handles client configuration update requests in OAuth 2.0 Dynamic Client Registration Management protocol per RFC 7592. Coordinates validation and processing to securely update registered client information. |
| UpdateClientRegistrationValidator | Variant of RegisterClientRequestValidator used by the RFC 7592 §2.2 update flow. Wraps the request in a ClientRegistrationValidationContext with Update so steps such as ClientIdValidator require the client to already exist instead of forbidding it. |
| UpdateClientRequestProcessor | Processes requests to update existing client configurations per RFC 7592 Section 2.2. Updates client metadata while preserving credentials and system-managed fields. |
| UpdateClientRequestValidator | Validates an RFC 7592 §2.2 update request: authenticates the registration access token and confirms the client exists, then validates the supplied replacement metadata via the update-specific keyed IRegisterClientRequestValidator. Also enforces the RFC 7592 §2.2 rule that the request body's client_id must match the authenticated client. |