Skip to main content

SignedResponseAlgorithmsValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation

SignedResponseAlgorithmsValidator Class

Validates the algorithms a client requests for tokens this server signs: id_token_signed_response_alg and userinfo_signed_response_alg (OIDC DCR 1.0 §2), and authorization_signed_response_alg (JARM §3). Each must appear in the server's set of supported signing algorithms; in addition, JARM §3 forbids none for the authorization response.

public class SignedResponseAlgorithmsValidator : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation.SyncClientRegistrationContextValidator

Inheritance System.ObjectSyncClientRegistrationContextValidator → SignedResponseAlgorithmsValidator

Constructors

SignedResponseAlgorithmsValidator(IJwtAlgorithmsProvider) Constructor

Validates the algorithms a client requests for tokens this server signs: id_token_signed_response_alg and userinfo_signed_response_alg (OIDC DCR 1.0 §2), and authorization_signed_response_alg (JARM §3). Each must appear in the server's set of supported signing algorithms; in addition, JARM §3 forbids none for the authorization response.

public SignedResponseAlgorithmsValidator(Abblix.Oidc.Server.Endpoints.Configuration.Interfaces.IJwtAlgorithmsProvider jwtAlgorithms);

Parameters

jwtAlgorithms IJwtAlgorithmsProvider

Source of supported signing algorithms for outbound tokens. The same provider feeds the discovery document, so DCR accepts exactly what the server advertises — in particular HS* stays rejected here for the same key-availability reason it is not advertised (client secrets are stored hashed and cannot serve as HMAC keys).