| IClientCredentialFactory | Encapsulates client credential generation to maintain single responsibility and reduce constructor complexity. Separates credential-specific concerns (ID generation, secret generation, hashing, expiration) from the broader client registration process. |
| IClientRequestValidator | Validates a request against the client configuration endpoint (RFC 7592 §2-§4). Confirms that the bearer registration access token authorizes the operation on the referenced client_id and that the client still exists. |
| IInitialAccessTokenRevocationProvider | Checks whether an initial access token has been revoked. Implementations may use a database, distributed cache, or other store. |
| IInitialAccessTokenService | Issues initial access tokens that authorize calls to the client registration endpoint per RFC 7591 Section 3. |
| IReadClientHandler | Handles GET requests to the client configuration endpoint per RFC 7592 §2.1, returning the registered metadata of the authenticated client. |
| IReadClientRequestProcessor | Builds the RFC 7592 §2.1 read-client response from a request that has already been validated. Reads stored metadata, formats it for the wire, and issues a fresh registration_access_token as recommended by RFC 7592 §3. |
| IRegisterClientHandler | Handles POST requests to the registration endpoint per RFC 7591 §3 and the OpenID Connect Dynamic Client Registration 1.0 specification, validating supplied metadata and provisioning a new client. |
| IRegisterClientRequestProcessor | Persists a new client and constructs the RFC 7591 §3.2.1 success response from a request whose metadata has already been validated. Generates credentials and the registration_access_token bound to the new client_id. |
| IRegisterClientRequestValidator | Validates client metadata supplied to the registration endpoint per RFC 7591 §2 and OpenID Connect Dynamic Client Registration 1.0. Produces a typed ValidClientRegistrationRequest on success or an OidcError describing the rejected metadata field. |
| IRegistrationAccessTokenService | Provides functionality to issue registration access tokens for managing registered clients. Per RFC 7592 Section 3, the registration access token is used to authenticate subsequent operations on the client configuration endpoint. |
| IRegistrationAccessTokenStore | Records, for each registered client, the identifier (jti) of the registration access token currently authorized to manage it via the RFC 7592 client configuration endpoint. The token validator accepts only a token whose jti matches the stored value, so rotating the token on update (storing a fresh jti) invalidates every previously issued token (RFC 7592 §5). |
| IRegistrationAccessTokenValidator | Validates the registration access token presented on calls to the client configuration endpoint per RFC 7592 §3. Verifies the bearer token from the Authorization header is bound to the requested client_id. |
| IRemoveClientHandler | Handles DELETE requests to the client configuration endpoint per RFC 7592 §2.3, deregistering an existing client after verifying its registration access token. A successful deletion invalidates the client's client_id, client_secret, the registration access token, and any outstanding grants and tokens. |
| IRemoveClientRequestProcessor | Performs the storage-level deregistration of a client whose request has already been validated for authentication and existence per RFC 7592 §2.3. |
| IUpdateClientHandler | Defines a contract for handling requests to update client configurations, as part of client management in OAuth 2.0 and OpenID Connect frameworks per RFC 7592 Section 2.2. |
| IUpdateClientRequestProcessor | Represents an interface for processing update client requests in the context of OpenID Connect per RFC 7592. |
| IUpdateClientRequestValidator | Represents an interface for validating update client requests in the context of OpenID Connect per RFC 7592. |