Skip to main content

ClientCredentialsGrantHandler Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.Token.Grants

ClientCredentialsGrantHandler Class

Handles the authorization process for the client credentials grant type within the OAuth 2.0 framework. This grant type is designed for machine-to-machine (M2M) authentication where the client itself is the resource owner. There is no end-user involved in this flow - the client uses its own credentials to obtain an access token directly from the authorization server.

public class ClientCredentialsGrantHandler : Abblix.Oidc.Server.Endpoints.Token.Grants.IAuthorizationGrantHandler, Abblix.Oidc.Server.Common.Interfaces.IGrantTypeInformer

Inheritance System.Object → ClientCredentialsGrantHandler

Implements IAuthorizationGrantHandler, IGrantTypeInformer

Remarks

The client credentials grant type is specified in RFC 6749 Section 4.4. It is typically used in scenarios such as: - Backend services accessing APIs - Scheduled jobs or automated tasks - Microservice-to-microservice communication - CI/CD pipelines The client must authenticate itself before this handler is invoked, using methods such as client_secret_basic, client_secret_post, or private_key_jwt.

Constructors

ClientCredentialsGrantHandler(ISessionIdGenerator, TimeProvider) Constructor

Handles the authorization process for the client credentials grant type within the OAuth 2.0 framework. This grant type is designed for machine-to-machine (M2M) authentication where the client itself is the resource owner. There is no end-user involved in this flow - the client uses its own credentials to obtain an access token directly from the authorization server.

public ClientCredentialsGrantHandler(Abblix.Oidc.Server.Features.RandomGenerators.ISessionIdGenerator sessionIdGenerator, System.TimeProvider timeProvider);

Parameters

sessionIdGenerator ISessionIdGenerator

Generates unique session identifiers for authentication sessions.

timeProvider System.TimeProvider

Provides access to the current time for session timestamps.

Remarks

The client credentials grant type is specified in RFC 6749 Section 4.4. It is typically used in scenarios such as: - Backend services accessing APIs - Scheduled jobs or automated tasks - Microservice-to-microservice communication - CI/CD pipelines The client must authenticate itself before this handler is invoked, using methods such as client_secret_basic, client_secret_post, or private_key_jwt.

Properties

ClientCredentialsGrantHandler.GrantTypesSupported Property

Specifies the grant type that this handler supports, which is the "client_credentials" grant type. This ensures that this handler is only invoked when processing requests with the client credentials grant type.

public System.Collections.Generic.IEnumerable<string> GrantTypesSupported { get; }

Implements GrantTypesSupported

Property Value

System.Collections.Generic.IEnumerable<System.String>

Methods

ClientCredentialsGrantHandler.AuthorizeAsync(TokenRequest, ClientInfo) Method

Asynchronously processes the token request using the client credentials grant type. Since the client has already been authenticated (via client authentication middleware), this handler creates a grant for the client with the requested scope.

public System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Oidc.Server.Endpoints.Token.Interfaces.AuthorizedGrant,Abblix.Oidc.Server.Common.OidcError>> AuthorizeAsync(Abblix.Oidc.Server.Model.TokenRequest request, Abblix.Oidc.Server.Features.ClientInformation.ClientInfo clientInfo);

Parameters

request TokenRequest

The token request containing the requested scope and other parameters.

clientInfo ClientInfo

Information about the authenticated client making the request.

Implements AuthorizeAsync(TokenRequest, ClientInfo)

Returns

System.Threading.Tasks.Task<Abblix.Utils.Result<AuthorizedGrant,OidcError>>
A task that completes with an authorized grant containing the client session and context.