RegistrationAccessTokenValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.DynamicClientManagement
RegistrationAccessTokenValidator Class
Default implementation of IRegistrationAccessTokenValidator. Requires a
Bearer scheme, validates the JWT signature and lifetime via
IAuthServiceJwtValidator, then enforces that the token's typ is
registration_access_token and that its sub and aud both equal the
requested client_id.
public class RegistrationAccessTokenValidator : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces.IRegistrationAccessTokenValidator
Inheritance System.Object → RegistrationAccessTokenValidator
Implements IRegistrationAccessTokenValidator
Constructors
RegistrationAccessTokenValidator(IAuthServiceJwtValidator) Constructor
Default implementation of IRegistrationAccessTokenValidator. Requires a
Bearer scheme, validates the JWT signature and lifetime via
IAuthServiceJwtValidator, then enforces that the token's typ is
registration_access_token and that its sub and aud both equal the
requested client_id.
public RegistrationAccessTokenValidator(Abblix.Oidc.Server.Features.Tokens.Validation.IAuthServiceJwtValidator jwtValidator);
Parameters
jwtValidator IAuthServiceJwtValidator
JWT validator used for signature and lifetime checks.
Methods
RegistrationAccessTokenValidator.ValidateAsync(AuthenticationHeaderValue, string, string) Method
Validates the bearer token, ensuring it is well-formed, of the expected type, and authorized to manage the specified client.
public System.Threading.Tasks.Task<string?> ValidateAsync(System.Net.Http.Headers.AuthenticationHeaderValue? header, string clientId, string? expectedTokenId);
Parameters
header System.Net.Http.Headers.AuthenticationHeaderValue
The HTTP Authorization header carrying the bearer token.
clientId System.String
The client_id targeted by the management request.
expectedTokenId System.String
The jti the token must carry to be accepted — the value stored on the client when its
current registration access token was issued. When null the binding is not enforced
(statically configured client, or a record predating the stored id) and only signature,
type and audience are checked.
Implements ValidateAsync(AuthenticationHeaderValue, string, string)
Returns
System.Threading.Tasks.Task<System.String>
null when the token is valid for the client; otherwise a human-readable description
of the validation failure.