Skip to main content

RegistrationAccessTokenValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement

RegistrationAccessTokenValidator Class

Default implementation of IRegistrationAccessTokenValidator. Requires a Bearer scheme, validates the JWT signature and lifetime via IAuthServiceJwtValidator, then enforces that the token's typ is registration_access_token and that its sub and aud both equal the requested client_id.

public class RegistrationAccessTokenValidator : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces.IRegistrationAccessTokenValidator

Inheritance System.Object → RegistrationAccessTokenValidator

Implements IRegistrationAccessTokenValidator

Constructors

RegistrationAccessTokenValidator(IAuthServiceJwtValidator) Constructor

Default implementation of IRegistrationAccessTokenValidator. Requires a Bearer scheme, validates the JWT signature and lifetime via IAuthServiceJwtValidator, then enforces that the token's typ is registration_access_token and that its sub and aud both equal the requested client_id.

public RegistrationAccessTokenValidator(Abblix.Oidc.Server.Features.Tokens.Validation.IAuthServiceJwtValidator jwtValidator);

Parameters

jwtValidator IAuthServiceJwtValidator

JWT validator used for signature and lifetime checks.

Methods

RegistrationAccessTokenValidator.ValidateAsync(AuthenticationHeaderValue, string, string) Method

Validates the bearer token, ensuring it is well-formed, of the expected type, and authorized to manage the specified client.

public System.Threading.Tasks.Task<string?> ValidateAsync(System.Net.Http.Headers.AuthenticationHeaderValue? header, string clientId, string? expectedTokenId);

Parameters

header System.Net.Http.Headers.AuthenticationHeaderValue

The HTTP Authorization header carrying the bearer token.

clientId System.String

The client_id targeted by the management request.

expectedTokenId System.String

The jti the token must carry to be accepted — the value stored on the client when its current registration access token was issued. When null the binding is not enforced (statically configured client, or a record predating the stored id) and only signature, type and audience are checked.

Implements ValidateAsync(AuthenticationHeaderValue, string, string)

Returns

System.Threading.Tasks.Task<System.String>
null when the token is valid for the client; otherwise a human-readable description of the validation failure.