Skip to main content

IRegistrationAccessTokenValidator Interface

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces

IRegistrationAccessTokenValidator Interface

Validates the registration access token presented on calls to the client configuration endpoint per RFC 7592 §3. Verifies the bearer token from the Authorization header is bound to the requested client_id.

public interface IRegistrationAccessTokenValidator

Derived
RegistrationAccessTokenValidator

Methods

IRegistrationAccessTokenValidator.ValidateAsync(AuthenticationHeaderValue, string, string) Method

Validates the bearer token, ensuring it is well-formed, of the expected type, and authorized to manage the specified client.

System.Threading.Tasks.Task<string?> ValidateAsync(System.Net.Http.Headers.AuthenticationHeaderValue? header, string clientId, string? expectedTokenId);

Parameters

header System.Net.Http.Headers.AuthenticationHeaderValue

The HTTP Authorization header carrying the bearer token.

clientId System.String

The client_id targeted by the management request.

expectedTokenId System.String

The jti the token must carry to be accepted — the value stored on the client when its current registration access token was issued. When null the binding is not enforced (statically configured client, or a record predating the stored id) and only signature, type and audience are checked.

Returns

System.Threading.Tasks.Task<System.String>
null when the token is valid for the client; otherwise a human-readable description of the validation failure.