Skip to main content

ClientCredentialFactory Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement

ClientCredentialFactory Class

Coordinates credential generation by composing ID generation, secret generation, hashing, and expiration calculation. Uses SHA-512 for strong cryptographic hashing while maintaining configurable secret length and expiration policies.

public class ClientCredentialFactory : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces.IClientCredentialFactory

Inheritance System.Object → ClientCredentialFactory

Implements IClientCredentialFactory

Constructors

ClientCredentialFactory(IClientIdGenerator, IClientSecretGenerator, IHashService, NewClientOptions, TimeProvider) Constructor

Coordinates credential generation by composing ID generation, secret generation, hashing, and expiration calculation. Uses SHA-512 for strong cryptographic hashing while maintaining configurable secret length and expiration policies.

public ClientCredentialFactory(Abblix.Oidc.Server.Features.RandomGenerators.IClientIdGenerator clientIdGenerator, Abblix.Oidc.Server.Features.RandomGenerators.IClientSecretGenerator clientSecretGenerator, Abblix.Oidc.Server.Features.Hashing.IHashService hashService, Abblix.Oidc.Server.Common.Configuration.NewClientOptions options, System.TimeProvider clock);

Parameters

clientIdGenerator IClientIdGenerator
clientSecretGenerator IClientSecretGenerator
hashService IHashService
options NewClientOptions
clock System.TimeProvider

Methods

ClientCredentialFactory.Create(string, string) Method

Generates secrets conditionally based on authentication method to avoid unnecessary secret generation for public clients. Uses time-based expiration to enforce secret rotation policies. SHA-512 provides cryptographic strength while remaining compatible with HMAC-based client_secret_jwt.

public Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces.ClientCredentials Create(string tokenEndpointAuthMethod, string? clientId=null);

Parameters

tokenEndpointAuthMethod System.String

Determines whether secret generation is required.

clientId System.String

Allows external client ID assignment for pre-registration scenarios.

Implements Create(string, string)

Returns

ClientCredentials
Credentials containing both plain-text (for transmission) and hashed (for storage) secret formats, along with calculated expiration timestamp.