Skip to main content

ClientRegistrationSuccessResponse Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces

ClientRegistrationSuccessResponse Class

Represents a successful response for a client registration in the context of OpenID Connect. Per RFC 7591 §3.2.1, the authorization server returns all registered metadata about the client (including server-assigned defaults for omitted fields) so the client can confirm what was registered without a separate read round-trip. The shape mirrors ReadClientSuccessfulResponse by design — register and read responses carry the same metadata surface, differing only in registration-specific timing (ClientIdIssuedAt) the read endpoint does not regenerate.

public record ClientRegistrationSuccessResponse : System.IEquatable<Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces.ClientRegistrationSuccessResponse>

Inheritance System.Object → ClientRegistrationSuccessResponse

Implements System.IEquatable<ClientRegistrationSuccessResponse>

Remarks

The response includes the client identifier, credentials, registration endpoint information, and all registered client metadata so the client can use the registration API for subsequent operations on the client configuration.

Constructors

ClientRegistrationSuccessResponse(string, Nullable<DateTimeOffset>, string) Constructor

Represents a successful response for a client registration in the context of OpenID Connect. Per RFC 7591 §3.2.1, the authorization server returns all registered metadata about the client (including server-assigned defaults for omitted fields) so the client can confirm what was registered without a separate read round-trip. The shape mirrors ReadClientSuccessfulResponse by design — register and read responses carry the same metadata surface, differing only in registration-specific timing (ClientIdIssuedAt) the read endpoint does not regenerate.

public ClientRegistrationSuccessResponse(string ClientId, System.Nullable<System.DateTimeOffset> ClientIdIssuedAt, string RegistrationAccessToken);

Parameters

ClientId System.String

The unique identifier assigned to the registered client. Required per RFC 7591 §3.2.1.

ClientIdIssuedAt System.Nullable<System.DateTimeOffset>

Time at which the client identifier was issued. Optional per RFC 7591 §3.2.1.

RegistrationAccessToken System.String

The access token for subsequent operations on the client configuration endpoint. Required per RFC 7592 §3.

Remarks

The response includes the client identifier, credentials, registration endpoint information, and all registered client metadata so the client can use the registration API for subsequent operations on the client configuration.

Properties

ClientRegistrationSuccessResponse.ApplicationType Property

The type of application for which the client is registered (e.g. web, native). Optional — server may assign a default. Per RFC 7591 §2.

public string? ApplicationType { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.AuthorizationDetailsTypes Property

The per-client allowlist of authorization-detail type values this client may use in RFC 9396 Rich Authorization Requests (authorization_details_types, RFC 9396 §5.1). Echoes the registered value of ClientInfo.AuthorizationDetailsTypes.

public string[]? AuthorizationDetailsTypes { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.ClientId Property

The unique identifier assigned to the registered client. Required per RFC 7591 §3.2.1.

public string ClientId { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.ClientIdIssuedAt Property

Time at which the client identifier was issued. Optional per RFC 7591 §3.2.1.

public System.Nullable<System.DateTimeOffset> ClientIdIssuedAt { get; init; }

Property Value

System.Nullable<System.DateTimeOffset>

ClientRegistrationSuccessResponse.ClientName Property

The human-readable name of the client. Optional client metadata. Per RFC 7591 §2.

public string? ClientName { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.ClientSecret Property

The client secret assigned to the registered client. Optional — only present for confidential clients. Per RFC 7591 §3.2.1.

public string? ClientSecret { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.ClientSecretExpiresAt Property

The expiration time of the client secret. Required if client_secret is issued. Per RFC 7591 §3.2.1. A value of 0 indicates the secret does not expire.

public System.Nullable<System.DateTimeOffset> ClientSecretExpiresAt { get; init; }

Property Value

System.Nullable<System.DateTimeOffset>

ClientRegistrationSuccessResponse.Contacts Property

Array of contact email addresses for people responsible for this client. Optional client metadata. Per RFC 7591 §2.

public string[]? Contacts { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.DpopBoundAccessTokens Property

Whether access tokens issued to this client are sender-constrained via DPoP per RFC 9449 §5.2 (dpop_bound_access_tokens). Echoes the registered value of ClientInfo.RequireDPoP.

public System.Nullable<bool> DpopBoundAccessTokens { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationSuccessResponse.GrantTypes Property

The grant types the client is registered to use at the token endpoint, including the server-assigned default when the request omitted them. Per RFC 7591 §2/§3.2.1.

public string[]? GrantTypes { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.InitiateLoginUri Property

URL the authorization server can call to initiate a login at the client. Optional. Per OpenID Connect Core §4.

public System.Uri? InitiateLoginUri { get; init; }

Property Value

System.Uri

ClientRegistrationSuccessResponse.IntrospectionEncryptedResponseAlg Property

JWE alg algorithm for encrypting introspection responses. Optional. Per RFC 9701 §6.

public string? IntrospectionEncryptedResponseAlg { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.IntrospectionEncryptedResponseEnc Property

JWE enc algorithm for encrypting introspection responses. Optional. Per RFC 9701 §6.

public string? IntrospectionEncryptedResponseEnc { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.IntrospectionSignedResponseAlg Property

JWS algorithm for signing introspection responses. Optional. Per RFC 9701 §6.

public string? IntrospectionSignedResponseAlg { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.JwksUri Property

URL for the client's JSON Web Key Set document. Optional — alternative to providing keys directly. Per RFC 7591 §2.

public System.Uri? JwksUri { get; init; }

Property Value

System.Uri

ClientRegistrationSuccessResponse.LogoUri Property

URL that references a logo for the client. Optional client metadata. Per RFC 7591 §2.

public System.Uri? LogoUri { get; init; }

Property Value

System.Uri

ClientRegistrationSuccessResponse.RedirectUris Property

The URIs where the client expects to receive responses after user authentication. Required for most grant types. Per RFC 7591 §2.

public System.Uri[]? RedirectUris { get; init; }

Property Value

System.Uri[]

ClientRegistrationSuccessResponse.RegistrationAccessToken Property

The access token for subsequent operations on the client configuration endpoint. Required per RFC 7592 §3.

public string RegistrationAccessToken { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.RegistrationClientUri Property

The fully qualified URL of the client configuration endpoint for this client. Required per RFC 7592 §3.

public System.Uri? RegistrationClientUri { get; init; }

Property Value

System.Uri

ClientRegistrationSuccessResponse.RequestUris Property

Array of request_uri values pre-registered by the client. Optional. Per OpenID Connect Core §6.2.

public System.Uri[]? RequestUris { get; init; }

Property Value

System.Uri[]

ClientRegistrationSuccessResponse.RequirePushedAuthorizationRequests Property

Whether PAR is the only way this client may start an authorization flow per RFC 9126 §6. Echoes ClientInfo.RequirePushedAuthorizationRequests.

public System.Nullable<bool> RequirePushedAuthorizationRequests { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationSuccessResponse.RequireSignedRequestObject Property

Whether this client must deliver authorization parameters as a signed request object per RFC 9101 §10.5. Echoes ClientInfo.RequireSignedRequestObject.

public System.Nullable<bool> RequireSignedRequestObject { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationSuccessResponse.ResponseTypes Property

The response type combinations the client is registered to use at the authorization endpoint, including the server-assigned default when the request omitted them. Each entry is a space-separated combination, mirroring the request shape. Per RFC 7591 §2/§3.2.1.

public string[][]? ResponseTypes { get; init; }

Property Value

System.String[][]

ClientRegistrationSuccessResponse.Scope Property

The scope values the client is registered to request, serialized as a space-separated string. Per RFC 7591 §2/§3.2.1.

public string[]? Scope { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.SectorIdentifierUri Property

URL using the https scheme used in calculating pseudonymous identifiers for pairwise subject type. Optional — only relevant for pairwise. Per OpenID Connect Core §8.1.

public System.Uri? SectorIdentifierUri { get; init; }

Property Value

System.Uri

ClientRegistrationSuccessResponse.SubjectType Property

The type of subject identifier used (e.g. public, pairwise). Optional — server may assign a default. Per OpenID Connect Core §8.

public string? SubjectType { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.TlsClientAuthSanDns Property

Required DNS Subject Alternative Names for tls_client_auth per RFC 8705.

public string[]? TlsClientAuthSanDns { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.TlsClientAuthSanEmail Property

Required email Subject Alternative Names for tls_client_auth per RFC 8705.

public string[]? TlsClientAuthSanEmail { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.TlsClientAuthSanIp Property

Required IP Subject Alternative Names for tls_client_auth per RFC 8705.

public string[]? TlsClientAuthSanIp { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.TlsClientAuthSanUri Property

Required URI Subject Alternative Names for tls_client_auth per RFC 8705.

public System.Uri[]? TlsClientAuthSanUri { get; init; }

Property Value

System.Uri[]

ClientRegistrationSuccessResponse.TlsClientAuthSubjectDn Property

Exact Subject Distinguished Name required when using tls_client_auth per RFC 8705.

public string? TlsClientAuthSubjectDn { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.TlsClientCertificateBoundAccessTokens Property

Whether access tokens are certificate-bound whenever the token request arrives over mutual TLS per RFC 8705 §3.4. Echoes ClientInfo.TlsClientCertificateBoundAccessTokens.

public System.Nullable<bool> TlsClientCertificateBoundAccessTokens { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationSuccessResponse.TokenEndpointAuthMethod Property

The method used for authenticating the client at the token endpoint. Optional — server may assign a default. Per RFC 7591 §2.

public string? TokenEndpointAuthMethod { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.TokenExchangeAudiences Property

Non-standard extension: default-deny per-client allowlist of RFC 8693 audience values this client may request when exchanging a token. Echoes ClientInfo.TokenExchangeAllowedAudiences.

public string[]? TokenExchangeAudiences { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.TokenExchangeSubjectTokenTypes Property

Non-standard extension: per-client allowlist of RFC 8693 subject_token_type URIs this client may submit to the Token Exchange grant. Echoes ClientInfo.TokenExchangeAllowedSubjectTokenTypes.

public string[]? TokenExchangeSubjectTokenTypes { get; init; }

Property Value

System.String[]

ClientRegistrationSuccessResponse.UserInfoEncryptedResponseAlg Property

JWE alg algorithm for encrypting UserInfo responses. Optional. Per OpenID Connect Core §5.6.2.

public string? UserInfoEncryptedResponseAlg { get; init; }

Property Value

System.String

ClientRegistrationSuccessResponse.UserInfoEncryptedResponseEnc Property

JWE enc algorithm for encrypting UserInfo responses. Optional. Per OpenID Connect Core §5.6.2.

public string? UserInfoEncryptedResponseEnc { get; init; }

Property Value

System.String