Skip to main content

Abblix.Oidc.Server.Endpoints.EndSession.Validation Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.EndSession.Validation Namespace

Classes
ClientValidatorResolves the client referenced by the request (either via client_id directly or via id_token_hint's audience) into a ClientInfo stored on the context for later steps such as post-logout redirect URI validation. A request with no client identifier at all is permitted to pass; an identifier that does not resolve yields UnauthorizedClient.
ConfirmationValidatorEnforces the end-user confirmation step described in OpenID Connect RP-Initiated Logout 1.0 §2: when the request omits id_token_hint the OP cannot trust that the user really initiated the logout, so a UI confirmation must precede the call. This validator surfaces ConfirmationRequired until the host echoes back confirmed=true.
EndSessionContextValidatorCompositeRepresents a composite validator for end-session requests.
EndSessionValidationContextRepresents the context for validating an end-session request.
IdTokenHintValidatorValidates the id_token_hint parameter (OpenID Connect RP-Initiated Logout 1.0 §2): verifies signature/issuer/audience but deliberately accepts expired tokens (since the hint's role is to identify a no-longer-active session), then either populates ClientId from the token's audience when the request omitted it, or asserts that an explicitly supplied client_id matches that audience.
PostLogoutRedirectUrisValidatorVerifies that the request's post_logout_redirect_uri is one of the URIs the resolved client previously registered (OpenID Connect RP-Initiated Logout 1.0 §2). A request without post_logout_redirect_uri is allowed; if one is present but the client cannot be resolved from client_id or id_token_hint, the redirect URI cannot be safely validated and the request is rejected.
Interfaces
IEndSessionContextValidatorOne step in the end-session validation pipeline. Each implementation inspects (and may enrich) a shared EndSessionValidationContext; returning a non-null OidcError aborts the pipeline. Implementations are composed via EndSessionContextValidatorComposite.