Skip to main content

TokenRequestProcessor Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.Token

TokenRequestProcessor Class

Default ITokenRequestProcessor: always issues an access token (RFC 6749 §5.1), adds a refresh token when offline_access is in the granted scope (OIDC Core 1.0 §11), and adds an ID token when openid is in scope (OIDC Core 1.0 §3.1.3.3, with at_hash computed from the issued access token).

public class TokenRequestProcessor : Abblix.Oidc.Server.Endpoints.Token.Interfaces.ITokenRequestProcessor

Inheritance System.Object → TokenRequestProcessor

Implements ITokenRequestProcessor

Constructors

TokenRequestProcessor(IAccessTokenService, IRefreshTokenService, IIdentityTokenService, ITokenAuthorizationContextEvaluator) Constructor

Default ITokenRequestProcessor: always issues an access token (RFC 6749 §5.1), adds a refresh token when offline_access is in the granted scope (OIDC Core 1.0 §11), and adds an ID token when openid is in scope (OIDC Core 1.0 §3.1.3.3, with at_hash computed from the issued access token).

public TokenRequestProcessor(Abblix.Oidc.Server.Features.Tokens.IAccessTokenService accessTokenService, Abblix.Oidc.Server.Features.Tokens.IRefreshTokenService refreshTokenService, Abblix.Oidc.Server.Features.Tokens.IIdentityTokenService identityTokenService, Abblix.Oidc.Server.Endpoints.Token.Interfaces.ITokenAuthorizationContextEvaluator tokenContextEvaluator);

Parameters

accessTokenService IAccessTokenService

Issues access-token JWTs.

refreshTokenService IRefreshTokenService

Issues refresh-token JWTs, rolling the previous one for refresh-token grants.

identityTokenService IIdentityTokenService

Issues ID tokens.

tokenContextEvaluator ITokenAuthorizationContextEvaluator

Narrows scopes/resources and computes mTLS confirmation binding.

Methods

TokenRequestProcessor.ProcessAsync(ValidTokenRequest) Method

Asynchronously processes a valid token request, determining the necessary tokens to generate based on the request's scope and grant type. It generates an access token for every request and, depending on the scope, may also generate a refresh token and an ID token for OpenID Connect authentication.

public System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Oidc.Server.Endpoints.Token.Interfaces.TokenIssued,Abblix.Oidc.Server.Common.OidcError>> ProcessAsync(Abblix.Oidc.Server.Endpoints.Token.Interfaces.ValidTokenRequest request);

Parameters

request ValidTokenRequest

The validated token request containing client and authorization session information.

Implements ProcessAsync(ValidTokenRequest)

Returns

System.Threading.Tasks.Task<Abblix.Utils.Result<TokenIssued,OidcError>>
A task representing the asynchronous operation, yielding a TokenIssued containing the generated tokens, or an OidcError if processing fails.

Remarks

Access tokens authorize clients for resource access; refresh tokens enable long-lived sessions by allowing new access tokens to be obtained without re-authentication; ID tokens provide identity information about the user, crucial for OpenID Connect authentication flows. This method ensures secure and compliant token generation.