Skip to main content

DPoPUserInfoValidator Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Endpoints.UserInfo.Validation

DPoPUserInfoValidator Class

Resource-server-side enforcement of RFC 9449 DPoP at the UserInfo endpoint. Mirrors the shape of DPoPTokenEndpointValidator so the branching logic stays symmetric across endpoints; differences are limited to the trigger (cnf.jkt on the inbound access token) and the error envelope (typed InvalidDPoPProofError / UseDPoPNonceError so the response formatter can emit the §7.1 WWW-Authenticate: DPoP challenge).

public class DPoPUserInfoValidator : Abblix.Oidc.Server.Features.DPoP.DPoPNonceValidator, Abblix.Oidc.Server.Endpoints.UserInfo.Interfaces.IDPoPUserInfoValidator

Inheritance System.ObjectDPoPNonceValidator → DPoPUserInfoValidator

Implements IDPoPUserInfoValidator

Constructors

DPoPUserInfoValidator(ILogger<DPoPUserInfoValidator>, IProofValidator, INonceService, IOptionsMonitor<OidcOptions>) Constructor

Resource-server-side enforcement of RFC 9449 DPoP at the UserInfo endpoint. Mirrors the shape of DPoPTokenEndpointValidator so the branching logic stays symmetric across endpoints; differences are limited to the trigger (cnf.jkt on the inbound access token) and the error envelope (typed InvalidDPoPProofError / UseDPoPNonceError so the response formatter can emit the §7.1 WWW-Authenticate: DPoP challenge).

public DPoPUserInfoValidator(Microsoft.Extensions.Logging.ILogger<Abblix.Oidc.Server.Endpoints.UserInfo.Validation.DPoPUserInfoValidator> logger, Abblix.Oidc.Server.Features.DPoP.IProofValidator proofValidator, Abblix.Oidc.Server.Features.Nonces.INonceService nonceService, Microsoft.Extensions.Options.IOptionsMonitor<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options);

Parameters

logger Microsoft.Extensions.Logging.ILogger<DPoPUserInfoValidator>
proofValidator IProofValidator
nonceService INonceService
options Microsoft.Extensions.Options.IOptionsMonitor<OidcOptions>

Methods

DPoPUserInfoValidator.ValidateAsync(ClientRequest, JsonWebToken, string) Method

Returns null on success, an OidcError describing the binding failure otherwise. The typed subclasses InvalidDPoPProofError and UseDPoPNonceError let the response formatter pattern-match for the RFC 9449 §7.1 WWW-Authenticate: DPoP challenge or the §8 nonce response header attachment.

public System.Threading.Tasks.Task<Abblix.Oidc.Server.Common.OidcError?> ValidateAsync(Abblix.Oidc.Server.Model.ClientRequest clientRequest, Abblix.Jwt.JsonWebToken accessToken, string rawAccessToken);

Parameters

clientRequest ClientRequest

Carries the Authorization scheme + token plus the optional DPoP proof header.

accessToken JsonWebToken

The parsed access-token JWT whose cnf.jkt (when present) the proof must match.

rawAccessToken System.String

The original on-the-wire access-token string used to compute ath = Base64Url(SHA-256(access_token)).

Implements ValidateAsync(ClientRequest, JsonWebToken, string)

Returns

System.Threading.Tasks.Task<OidcError>