PingModeGrantProcessor Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.BackChannelAuthentication.GrantProcessors
PingModeGrantProcessor Class
Handles CIBA ping mode token retrieval at the token endpoint. In ping mode, the server notifies the client, then the client makes a single token request. The auth_req_id is single-use (CIBA Core 1.0 Section 7.3), so the grant is removed from storage on retrieval — identically to poll mode (Section 10.1.1 defines their token responses the same).
public class PingModeGrantProcessor : Abblix.Oidc.Server.Features.BackChannelAuthentication.Interfaces.IBackChannelGrantProcessor
Inheritance System.Object → PingModeGrantProcessor
Implements IBackChannelGrantProcessor
Constructors
PingModeGrantProcessor(IBackChannelRequestStorage) Constructor
Handles CIBA ping mode token retrieval at the token endpoint. In ping mode, the server notifies the client, then the client makes a single token request. The auth_req_id is single-use (CIBA Core 1.0 Section 7.3), so the grant is removed from storage on retrieval — identically to poll mode (Section 10.1.1 defines their token responses the same).
public PingModeGrantProcessor(Abblix.Oidc.Server.Features.BackChannelAuthentication.Interfaces.IBackChannelRequestStorage storage);
Parameters
storage IBackChannelRequestStorage
Storage for backchannel authentication requests.
Methods
PingModeGrantProcessor.ProcessAuthenticatedRequestAsync(string, BackChannelAuthenticationRequest) Method
Atomically removes the authentication request from storage and returns its authorized grant.
Because the auth_req_id can be used only once (CIBA Core 1.0 Section 7.3), a second retrieval
— or a concurrent one that lost the race — finds nothing and is rejected with
invalid_grant rather than re-issuing tokens.
public System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Oidc.Server.Endpoints.Token.Interfaces.AuthorizedGrant,Abblix.Oidc.Server.Common.OidcError>> ProcessAuthenticatedRequestAsync(string authenticationRequestId, Abblix.Oidc.Server.Features.BackChannelAuthentication.BackChannelAuthenticationRequest request);
Parameters
authenticationRequestId System.String
request BackChannelAuthenticationRequest
Implements ProcessAuthenticatedRequestAsync(string, BackChannelAuthenticationRequest)
Returns
System.Threading.Tasks.Task<Abblix.Utils.Result<AuthorizedGrant,OidcError>>
PingModeGrantProcessor.ValidateTokenEndpointAccess() Method
Ping mode clients are allowed to call the token endpoint after the ping notification arrives,
so this always returns null (no error).
public Abblix.Oidc.Server.Common.OidcError? ValidateTokenEndpointAccess();
Implements ValidateTokenEndpointAccess()