Skip to main content

SigningAlgorithmsValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation

SigningAlgorithmsValidator Class

Validates the algorithms a client commits to using on inbound JWTs the server will verify: request_object_signing_alg (OIDC Core §6.1), backchannel_authentication_request_signing_alg (CIBA §7.1.1), and token_endpoint_auth_signing_alg (RFC 7591 §2 / RFC 8414 §2). Each must appear in the matching set the server advertises in discovery: request_object_signing_alg may be none, but token_endpoint_auth_signing_alg excludes none and backchannel_authentication_request_signing_alg excludes both none and the symmetric HS* algorithms. The same provider feeds the discovery document, so DCR accepts exactly what the server advertises.

public class SigningAlgorithmsValidator : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation.SyncClientRegistrationContextValidator

Inheritance System.ObjectSyncClientRegistrationContextValidator → SigningAlgorithmsValidator

Constructors

SigningAlgorithmsValidator(IJwtAlgorithmsProvider) Constructor

Validates the algorithms a client commits to using on inbound JWTs the server will verify: request_object_signing_alg (OIDC Core §6.1), backchannel_authentication_request_signing_alg (CIBA §7.1.1), and token_endpoint_auth_signing_alg (RFC 7591 §2 / RFC 8414 §2). Each must appear in the matching set the server advertises in discovery: request_object_signing_alg may be none, but token_endpoint_auth_signing_alg excludes none and backchannel_authentication_request_signing_alg excludes both none and the symmetric HS* algorithms. The same provider feeds the discovery document, so DCR accepts exactly what the server advertises.

public SigningAlgorithmsValidator(Abblix.Oidc.Server.Endpoints.Configuration.Interfaces.IJwtAlgorithmsProvider jwtAlgorithms);

Parameters

jwtAlgorithms IJwtAlgorithmsProvider

Source of the per-parameter supported signing algorithm sets.