Skip to main content

Abblix.Oidc.Server.Endpoints.UserInfo.Interfaces Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.UserInfo.Interfaces Namespace

Classes
UserInfoFoundResponseRepresents a successful response containing the found user information.
ValidUserInfoRequestRepresents a valid user info request with associated authentication and authorization details.
Interfaces
IDPoPUserInfoValidatorValidates the DPoP-binding contract on a UserInfo request per RFC 9449 §7.1: when the inbound access token is DPoP-bound (carries cnf.jkt), the request MUST present Authorization: DPoP <token> together with a valid DPoP header proof whose key thumbprint matches the access token's cnf.jkt and whose ath claim equals Base64Url(SHA-256(access_token)). Unbound (Bearer) access tokens passed via the Bearer scheme bypass the check.
IMtlsUserInfoValidatorValidates the mutual-TLS certificate-binding contract on a UserInfo request per RFC 8705 §3: when the inbound access token is certificate-bound (carries cnf.x5t#S256), the protected resource MUST obtain the client certificate used for mutual TLS and verify that its SHA-256 thumbprint matches the bound value, rejecting the request otherwise. Unbound access tokens bypass the check. Sibling of IDPoPUserInfoValidator: the two proof-of-possession mechanisms (DPoP cnf.jkt and mTLS cnf.x5t#S256) are independent and a token carrying both must satisfy each.
IUserInfoHandlerEndpoint contract for the OpenID Connect UserInfo endpoint (OIDC Core 1.0 §5.3), which returns claims about the authenticated end-user identified by the bearer access token presented per RFC 6750.
IUserInfoRequestProcessorGenerates a response containing information about a user account.
IUserInfoRequestValidatorParses and validates an access token provided in a user info request.