ClientCredentialsGrantHandler Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.Token.Grants
ClientCredentialsGrantHandler Class
Handles the authorization process for the client credentials grant type within the OAuth 2.0 framework. This grant type is designed for machine-to-machine (M2M) authentication where the client itself is the resource owner. There is no end-user involved in this flow - the client uses its own credentials to obtain an access token directly from the authorization server.
public class ClientCredentialsGrantHandler : Abblix.Oidc.Server.Endpoints.Token.Grants.IAuthorizationGrantHandler, Abblix.Oidc.Server.Common.Interfaces.IGrantTypeInformer
Inheritance System.Object → ClientCredentialsGrantHandler
Implements IAuthorizationGrantHandler, IGrantTypeInformer
Remarks
The client credentials grant type is specified in RFC 6749 Section 4.4. It is typically used in scenarios such as: - Backend services accessing APIs - Scheduled jobs or automated tasks - Microservice-to-microservice communication - CI/CD pipelines The client must authenticate itself before this handler is invoked, using methods such as client_secret_basic, client_secret_post, or private_key_jwt.
Constructors
ClientCredentialsGrantHandler(ISessionIdGenerator, TimeProvider) Constructor
Handles the authorization process for the client credentials grant type within the OAuth 2.0 framework. This grant type is designed for machine-to-machine (M2M) authentication where the client itself is the resource owner. There is no end-user involved in this flow - the client uses its own credentials to obtain an access token directly from the authorization server.
public ClientCredentialsGrantHandler(Abblix.Oidc.Server.Features.RandomGenerators.ISessionIdGenerator sessionIdGenerator, System.TimeProvider timeProvider);
Parameters
sessionIdGenerator ISessionIdGenerator
Generates unique session identifiers for authentication sessions.
timeProvider System.TimeProvider
Provides access to the current time for session timestamps.
Remarks
The client credentials grant type is specified in RFC 6749 Section 4.4. It is typically used in scenarios such as: - Backend services accessing APIs - Scheduled jobs or automated tasks - Microservice-to-microservice communication - CI/CD pipelines The client must authenticate itself before this handler is invoked, using methods such as client_secret_basic, client_secret_post, or private_key_jwt.
Properties
ClientCredentialsGrantHandler.GrantTypesSupported Property
Specifies the grant type that this handler supports, which is the "client_credentials" grant type. This ensures that this handler is only invoked when processing requests with the client credentials grant type.
public System.Collections.Generic.IEnumerable<string> GrantTypesSupported { get; }
Implements GrantTypesSupported
Property Value
System.Collections.Generic.IEnumerable<System.String>
Methods
ClientCredentialsGrantHandler.AuthorizeAsync(TokenRequest, ClientInfo) Method
Asynchronously processes the token request using the client credentials grant type. Since the client has already been authenticated (via client authentication middleware), this handler creates a grant for the client with the requested scope.
public System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Oidc.Server.Endpoints.Token.Interfaces.AuthorizedGrant,Abblix.Oidc.Server.Common.OidcError>> AuthorizeAsync(Abblix.Oidc.Server.Model.TokenRequest request, Abblix.Oidc.Server.Features.ClientInformation.ClientInfo clientInfo);
Parameters
request TokenRequest
The token request containing the requested scope and other parameters.
clientInfo ClientInfo
Information about the authenticated client making the request.
Implements AuthorizeAsync(TokenRequest, ClientInfo)
Returns
System.Threading.Tasks.Task<Abblix.Utils.Result<AuthorizedGrant,OidcError>>
A task that completes with an authorized grant containing the client session and context.