| AuthorizationGrantValidator | Validates the authorization grant in the context of a token request, ensuring that the request is authorized and that the associated redirect URI matches the one used during the initial authorization request |
| ClientValidator | Validates the client information in the context of a token request, ensuring that the client is properly authenticated. |
| DPoPTokenEndpointValidator | Token-endpoint enforcement of RFC 9449 DPoP: validates the proof JWT carried on the inbound DPoP header against the request's method+URI, runs the layered nonce-policy if the deployment requires it, and stashes the proof's JWK thumbprint on the validation context so the processor can bind cnf.jkt onto the issued access token. |
| ResourceValidator | Provides validation for resource-related data within token requests, ensuring that all requested resources are recognized and appropriately scoped according to OAuth 2.0 and OpenID Connect standards. |
| ScopeValidator | Validates the scopes specified in token requests using a scope manager to ensure their validity and availability. This validator checks whether each requested scope is recognized and authorized for use, ensuring that clients only receive permissions appropriate to their needs and in compliance with server policies. |
| SyncTokenContextValidatorBase | Provides a base class for implementing synchronous token context validators. This class simplifies the creation of token context validators by offering a synchronous validation method that is automatically wrapped in an asynchronous call. |
| TokenContextValidatorComposite | Represents a composite validator for token context validation, executing a sequence of individual validators. This class allows multiple validators to be combined, each responsible for a specific validation step, and short-circuits the validation process if any step fails. |
| TokenValidationContext | Encapsulates the context required for validating token requests, including client and authorization grant details. |