IdTokenHintValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.EndSession.Validation
IdTokenHintValidator Class
Validates the id_token_hint parameter (OpenID Connect RP-Initiated Logout 1.0 §2):
verifies signature/issuer/audience but deliberately accepts expired tokens (since the
hint's role is to identify a no-longer-active session), then either populates
ClientId from the token's audience when the request omitted it, or asserts that
an explicitly supplied client_id matches that audience.
public class IdTokenHintValidator : Abblix.Oidc.Server.Endpoints.EndSession.Validation.IEndSessionContextValidator
Inheritance System.Object → IdTokenHintValidator
Implements IEndSessionContextValidator
Constructors
IdTokenHintValidator(IAuthServiceJwtValidator) Constructor
Validates the id_token_hint parameter (OpenID Connect RP-Initiated Logout 1.0 §2):
verifies signature/issuer/audience but deliberately accepts expired tokens (since the
hint's role is to identify a no-longer-active session), then either populates
ClientId from the token's audience when the request omitted it, or asserts that
an explicitly supplied client_id matches that audience.
public IdTokenHintValidator(Abblix.Oidc.Server.Features.Tokens.Validation.IAuthServiceJwtValidator jwtValidator);
Parameters
jwtValidator IAuthServiceJwtValidator
Methods
IdTokenHintValidator.ValidateAsync(EndSessionValidationContext) Method
Performs this validator's check against the shared context.
public System.Threading.Tasks.Task<Abblix.Oidc.Server.Common.OidcError?> ValidateAsync(Abblix.Oidc.Server.Endpoints.EndSession.Validation.EndSessionValidationContext context);
Parameters
context EndSessionValidationContext
Mutable validation context shared with subsequent steps; this validator may
populate fields (such as resolved ClientInfo or parsed id_token_hint).
Implements ValidateAsync(EndSessionValidationContext)
Returns
System.Threading.Tasks.Task<OidcError>
null if the request passes this step, otherwise the error to surface.