SignedResponseAlgorithmsValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation
SignedResponseAlgorithmsValidator Class
Validates the algorithms a client requests for tokens this server signs:
id_token_signed_response_alg and userinfo_signed_response_alg (OIDC DCR 1.0 §2), and
authorization_signed_response_alg (JARM §3). Each must appear in the server's set of supported
signing algorithms; in addition, JARM §3 forbids none for the authorization response.
public class SignedResponseAlgorithmsValidator : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation.SyncClientRegistrationContextValidator
Inheritance System.Object → SyncClientRegistrationContextValidator → SignedResponseAlgorithmsValidator
Constructors
SignedResponseAlgorithmsValidator(IJwtAlgorithmsProvider) Constructor
Validates the algorithms a client requests for tokens this server signs:
id_token_signed_response_alg and userinfo_signed_response_alg (OIDC DCR 1.0 §2), and
authorization_signed_response_alg (JARM §3). Each must appear in the server's set of supported
signing algorithms; in addition, JARM §3 forbids none for the authorization response.
public SignedResponseAlgorithmsValidator(Abblix.Oidc.Server.Endpoints.Configuration.Interfaces.IJwtAlgorithmsProvider jwtAlgorithms);
Parameters
jwtAlgorithms IJwtAlgorithmsProvider
Source of supported signing algorithms for outbound tokens. The same provider feeds the discovery document, so DCR accepts exactly what the server advertises — in particular HS* stays rejected here for the same key-availability reason it is not advertised (client secrets are stored hashed and cannot serve as HMAC keys).