Skip to main content

SupportedGrantTypeValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation

SupportedGrantTypeValidator Class

Rejects client registration when any value in grant_types is not advertised as supported by this server, returning invalid_client_metadata per OIDC DCR §3.2. Without this gate the registration would succeed and the client would only fail later at the token endpoint with unsupported_grant_type, or at the authorization endpoint for the implicit grant. Companion to SupportedResponseTypeValidator, which applies the same rule to response_types.

public class SupportedGrantTypeValidator : Abblix.Oidc.Server.Endpoints.DynamicClientManagement.Validation.SyncClientRegistrationContextValidator

Inheritance System.ObjectSyncClientRegistrationContextValidator → SupportedGrantTypeValidator

Constructors

SupportedGrantTypeValidator(IEnumerable<IGrantTypeInformer>) Constructor

Rejects client registration when any value in grant_types is not advertised as supported by this server, returning invalid_client_metadata per OIDC DCR §3.2. Without this gate the registration would succeed and the client would only fail later at the token endpoint with unsupported_grant_type, or at the authorization endpoint for the implicit grant. Companion to SupportedResponseTypeValidator, which applies the same rule to response_types.

public SupportedGrantTypeValidator(System.Collections.Generic.IEnumerable<Abblix.Oidc.Server.Common.Interfaces.IGrantTypeInformer> grantTypeInformers);

Parameters

grantTypeInformers System.Collections.Generic.IEnumerable<IGrantTypeInformer>

All registered IGrantTypeInformer contributors. Their union is the same grant_types_supported set the discovery endpoint advertises, so registration gating, run-time gating, and discovery share one source of truth. Notable contributors: the authorization endpoint yields implicit only when the host has called EnableImplicitFlow(); the composite token-endpoint grant handler yields every registered token-endpoint grant such as authorization_code, refresh_token, client_credentials, jwt-bearer, and password (only when EnablePasswordGrant() has been called).