Skip to main content

InitialAccessTokenValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation

InitialAccessTokenValidator Class

Validates the initial access token on client registration requests per RFC 7591 Section 3 and RFC 6750 Bearer Token Usage. When RequireInitialAccessToken is enabled, checks JWT signature, expiration, type, and revocation status. Skipped for update operations and when the feature is disabled.

public class InitialAccessTokenValidator : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation.IClientRegistrationContextValidator

Inheritance System.Object → InitialAccessTokenValidator

Implements IClientRegistrationContextValidator

Constructors

InitialAccessTokenValidator(IAuthServiceJwtValidator, IInitialAccessTokenRevocationProvider, IOptionsMonitor<OidcOptions>) Constructor

Validates the initial access token on client registration requests per RFC 7591 Section 3 and RFC 6750 Bearer Token Usage. When RequireInitialAccessToken is enabled, checks JWT signature, expiration, type, and revocation status. Skipped for update operations and when the feature is disabled.

public InitialAccessTokenValidator(Abblix.Oidc.Server.Features.Tokens.Validation.IAuthServiceJwtValidator jwtValidator, Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Interfaces.IInitialAccessTokenRevocationProvider revocationProvider, Microsoft.Extensions.Options.IOptionsMonitor<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options);

Parameters

jwtValidator IAuthServiceJwtValidator

Validates JWT signature and expiration.

revocationProvider IInitialAccessTokenRevocationProvider

Checks whether the token has been revoked.

options Microsoft.Extensions.Options.IOptionsMonitor<OidcOptions>

OIDC configuration options.

Methods

InitialAccessTokenValidator.ValidateAsync(ClientRegistrationValidationContext) Method

Validates the slice of registration metadata this implementation owns. May mutate ClientRegistrationValidationContext with derived values (for example the resolved sector identifier).

public System.Threading.Tasks.Task<Abblix.Oidc.Server.Common.OidcError?> ValidateAsync(Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation.ClientRegistrationValidationContext context);

Parameters

context ClientRegistrationValidationContext

The shared validation context for the current request.

Implements ValidateAsync(ClientRegistrationValidationContext)

Returns

System.Threading.Tasks.Task<OidcError>
An OidcError describing the rejection, or null when valid.