DPoPUserInfoValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Endpoints.UserInfo.Validation
DPoPUserInfoValidator Class
Resource-server-side enforcement of RFC 9449 DPoP at the UserInfo endpoint. Mirrors the
shape of DPoPTokenEndpointValidator so the
branching logic stays symmetric across endpoints; differences are limited to the
trigger (cnf.jkt on the inbound access token) and the error envelope (typed
InvalidDPoPProofError / UseDPoPNonceError so the response
formatter can emit the §7.1 WWW-Authenticate: DPoP challenge).
public class DPoPUserInfoValidator : Abblix.Oidc.Server.Features.DPoP.DPoPNonceValidator, Abblix.Oidc.Server.Endpoints.UserInfo.Interfaces.IDPoPUserInfoValidator
Inheritance System.Object → DPoPNonceValidator → DPoPUserInfoValidator
Implements IDPoPUserInfoValidator
Constructors
DPoPUserInfoValidator(ILogger<DPoPUserInfoValidator>, IProofValidator, INonceService, IOptionsMonitor<OidcOptions>) Constructor
Resource-server-side enforcement of RFC 9449 DPoP at the UserInfo endpoint. Mirrors the
shape of DPoPTokenEndpointValidator so the
branching logic stays symmetric across endpoints; differences are limited to the
trigger (cnf.jkt on the inbound access token) and the error envelope (typed
InvalidDPoPProofError / UseDPoPNonceError so the response
formatter can emit the §7.1 WWW-Authenticate: DPoP challenge).
public DPoPUserInfoValidator(Microsoft.Extensions.Logging.ILogger<Abblix.Oidc.Server.Endpoints.UserInfo.Validation.DPoPUserInfoValidator> logger, Abblix.Oidc.Server.Features.DPoP.IProofValidator proofValidator, Abblix.Oidc.Server.Features.Nonces.INonceService nonceService, Microsoft.Extensions.Options.IOptionsMonitor<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options);
Parameters
logger Microsoft.Extensions.Logging.ILogger<DPoPUserInfoValidator>
proofValidator IProofValidator
nonceService INonceService
options Microsoft.Extensions.Options.IOptionsMonitor<OidcOptions>
Methods
DPoPUserInfoValidator.ValidateAsync(ClientRequest, JsonWebToken, string) Method
Returns null on success, an OidcError describing the binding
failure otherwise. The typed subclasses InvalidDPoPProofError and
UseDPoPNonceError let the response formatter pattern-match for the
RFC 9449 §7.1 WWW-Authenticate: DPoP challenge or the §8 nonce response
header attachment.
public System.Threading.Tasks.Task<Abblix.Oidc.Server.Common.OidcError?> ValidateAsync(Abblix.Oidc.Server.Model.ClientRequest clientRequest, Abblix.Jwt.JsonWebToken accessToken, string rawAccessToken);
Parameters
clientRequest ClientRequest
Carries the Authorization scheme + token plus
the optional DPoP proof header.
accessToken JsonWebToken
The parsed access-token JWT whose cnf.jkt
(when present) the proof must match.
rawAccessToken System.String
The original on-the-wire access-token string used
to compute ath = Base64Url(SHA-256(access_token)).
Implements ValidateAsync(ClientRequest, JsonWebToken, string)