Skip to main content

Abblix.Oidc.Server.Endpoints.UserInfo.Validation Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.UserInfo.Validation Namespace

Classes
DPoPUserInfoValidatorResource-server-side enforcement of RFC 9449 DPoP at the UserInfo endpoint. Mirrors the shape of DPoPTokenEndpointValidator so the branching logic stays symmetric across endpoints; differences are limited to the trigger (cnf.jkt on the inbound access token) and the error envelope (typed InvalidDPoPProofError / UseDPoPNonceError so the response formatter can emit the §7.1 WWW-Authenticate: DPoP challenge).
MtlsUserInfoValidatorResource-server-side enforcement of RFC 8705 §3 mutual-TLS certificate-bound access tokens at the UserInfo endpoint. Mirrors the role of DPoPUserInfoValidator for the cnf.x5t#S256 binding: when the access token is certificate-bound, the SHA-256 thumbprint of the certificate presented on the mutual-TLS connection MUST match the bound value, otherwise the request is rejected with invalid_token (HTTP 401, per RFC 6750).