Skip to main content

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces Namespace

Classes
ClientCredentialsEncapsulates both transmission and storage formats of client credentials. Maintains plain-text secret for immediate transmission in registration response, while also providing SHA-512 hash for secure persistence.
ClientRegistrationSuccessResponseRepresents a successful response for a client registration in the context of OpenID Connect. Per RFC 7591 §3.2.1, the authorization server returns all registered metadata about the client (including server-assigned defaults for omitted fields) so the client can confirm what was registered without a separate read round-trip. The shape mirrors ReadClientSuccessfulResponse by design — register and read responses carry the same metadata surface, differing only in registration-specific timing (ClientIdIssuedAt) the read endpoint does not regenerate.
RemoveClientSuccessfulResponseRepresents the internal result of a successful client deletion operation.
UpdateClientRequestRepresents a request to update an existing client's configuration per RFC 7592 Section 2.2. Combines client authentication (ClientRequest) with updated metadata (ClientRegistrationRequest).
ValidClientRegistrationRequestA registration request whose metadata has passed all validators, paired with the resolved sector_identifier derived either from sector_identifier_uri or from the registered redirect URIs (used for pairwise PPID computation per OIDC Core §8.1).
ValidClientRequestA client configuration endpoint request (RFC 7592) that has been authenticated via the registration access token, paired with the resolved ClientInfo from storage.
ValidUpdateClientRequestRepresents a validated request to update a client's configuration per RFC 7592. Contains the original request, validated client info, and registration request.
Interfaces
IClientCredentialFactoryEncapsulates client credential generation to maintain single responsibility and reduce constructor complexity. Separates credential-specific concerns (ID generation, secret generation, hashing, expiration) from the broader client registration process.
IClientRequestValidatorValidates a request against the client configuration endpoint (RFC 7592 §2-§4). Confirms that the bearer registration access token authorizes the operation on the referenced client_id and that the client still exists.
IInitialAccessTokenRevocationProviderChecks whether an initial access token has been revoked. Implementations may use a database, distributed cache, or other store.
IInitialAccessTokenServiceIssues initial access tokens that authorize calls to the client registration endpoint per RFC 7591 Section 3.
IReadClientHandlerHandles GET requests to the client configuration endpoint per RFC 7592 §2.1, returning the registered metadata of the authenticated client.
IReadClientRequestProcessorBuilds the RFC 7592 §2.1 read-client response from a request that has already been validated. Reads stored metadata, formats it for the wire, and issues a fresh registration_access_token as recommended by RFC 7592 §3.
IRegisterClientHandlerHandles POST requests to the registration endpoint per RFC 7591 §3 and the OpenID Connect Dynamic Client Registration 1.0 specification, validating supplied metadata and provisioning a new client.
IRegisterClientRequestProcessorPersists a new client and constructs the RFC 7591 §3.2.1 success response from a request whose metadata has already been validated. Generates credentials and the registration_access_token bound to the new client_id.
IRegisterClientRequestValidatorValidates client metadata supplied to the registration endpoint per RFC 7591 §2 and OpenID Connect Dynamic Client Registration 1.0. Produces a typed ValidClientRegistrationRequest on success or an OidcError describing the rejected metadata field.
IRegistrationAccessTokenServiceProvides functionality to issue registration access tokens for managing registered clients. Per RFC 7592 Section 3, the registration access token is used to authenticate subsequent operations on the client configuration endpoint.
IRegistrationAccessTokenStoreRecords, for each registered client, the identifier (jti) of the registration access token currently authorized to manage it via the RFC 7592 client configuration endpoint. The token validator accepts only a token whose jti matches the stored value, so rotating the token on update (storing a fresh jti) invalidates every previously issued token (RFC 7592 §5).
IRegistrationAccessTokenValidatorValidates the registration access token presented on calls to the client configuration endpoint per RFC 7592 §3. Verifies the bearer token from the Authorization header is bound to the requested client_id.
IRemoveClientHandlerHandles DELETE requests to the client configuration endpoint per RFC 7592 §2.3, deregistering an existing client after verifying its registration access token. A successful deletion invalidates the client's client_id, client_secret, the registration access token, and any outstanding grants and tokens.
IRemoveClientRequestProcessorPerforms the storage-level deregistration of a client whose request has already been validated for authentication and existence per RFC 7592 §2.3.
IUpdateClientHandlerDefines a contract for handling requests to update client configurations, as part of client management in OAuth 2.0 and OpenID Connect frameworks per RFC 7592 Section 2.2.
IUpdateClientRequestProcessorRepresents an interface for processing update client requests in the context of OpenID Connect per RFC 7592.
IUpdateClientRequestValidatorRepresents an interface for validating update client requests in the context of OpenID Connect per RFC 7592.