Skip to main content

PingModeGrantProcessor Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.BackChannelAuthentication.GrantProcessors

PingModeGrantProcessor Class

Handles CIBA ping mode token retrieval at the token endpoint. In ping mode, the server notifies the client, then the client makes a single token request. The auth_req_id is single-use (CIBA Core 1.0 Section 7.3), so the grant is removed from storage on retrieval — identically to poll mode (Section 10.1.1 defines their token responses the same).

public class PingModeGrantProcessor : Abblix.Oidc.Server.Features.BackChannelAuthentication.Interfaces.IBackChannelGrantProcessor

Inheritance System.Object → PingModeGrantProcessor

Implements IBackChannelGrantProcessor

Constructors

PingModeGrantProcessor(IBackChannelRequestStorage) Constructor

Handles CIBA ping mode token retrieval at the token endpoint. In ping mode, the server notifies the client, then the client makes a single token request. The auth_req_id is single-use (CIBA Core 1.0 Section 7.3), so the grant is removed from storage on retrieval — identically to poll mode (Section 10.1.1 defines their token responses the same).

public PingModeGrantProcessor(Abblix.Oidc.Server.Features.BackChannelAuthentication.Interfaces.IBackChannelRequestStorage storage);

Parameters

storage IBackChannelRequestStorage

Storage for backchannel authentication requests.

Methods

PingModeGrantProcessor.ProcessAuthenticatedRequestAsync(string, BackChannelAuthenticationRequest) Method

Atomically removes the authentication request from storage and returns its authorized grant. Because the auth_req_id can be used only once (CIBA Core 1.0 Section 7.3), a second retrieval — or a concurrent one that lost the race — finds nothing and is rejected with invalid_grant rather than re-issuing tokens.

public System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Oidc.Server.Endpoints.Token.Interfaces.AuthorizedGrant,Abblix.Oidc.Server.Common.OidcError>> ProcessAuthenticatedRequestAsync(string authenticationRequestId, Abblix.Oidc.Server.Features.BackChannelAuthentication.BackChannelAuthenticationRequest request);

Parameters

authenticationRequestId System.String
request BackChannelAuthenticationRequest

Implements ProcessAuthenticatedRequestAsync(string, BackChannelAuthenticationRequest)

Returns

System.Threading.Tasks.Task<Abblix.Utils.Result<AuthorizedGrant,OidcError>>

PingModeGrantProcessor.ValidateTokenEndpointAccess() Method

Ping mode clients are allowed to call the token endpoint after the ping notification arrives, so this always returns null (no error).

public Abblix.Oidc.Server.Common.OidcError? ValidateTokenEndpointAccess();

Implements ValidateTokenEndpointAccess()

Returns

OidcError