Skip to main content

IBackChannelGrantProcessor Interface

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.BackChannelAuthentication.Interfaces

IBackChannelGrantProcessor Interface

Defines mode-specific processing logic for handling authenticated CIBA requests at the token endpoint. Different delivery modes (poll, ping, push) have different requirements for token retrieval.

public interface IBackChannelGrantProcessor

Derived
PingModeGrantProcessor
PollModeGrantProcessor
PushModeGrantProcessor

Methods

IBackChannelGrantProcessor.ProcessAuthenticatedRequestAsync(string, BackChannelAuthenticationRequest) Method

Validates whether the client is allowed to retrieve tokens via the token endpoint for this delivery mode, and performs any mode-specific post-retrieval actions (e.g., removing from storage).

System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Oidc.Server.Endpoints.Token.Interfaces.AuthorizedGrant,Abblix.Oidc.Server.Common.OidcError>> ProcessAuthenticatedRequestAsync(string authenticationRequestId, Abblix.Oidc.Server.Features.BackChannelAuthentication.BackChannelAuthenticationRequest request);

Parameters

authenticationRequestId System.String

The authentication request identifier.

request BackChannelAuthenticationRequest

The authenticated CIBA request from storage.

Returns

System.Threading.Tasks.Task<Abblix.Utils.Result<AuthorizedGrant,OidcError>>
Either the authorized grant if retrieval is allowed and successful, or an error indicating why token retrieval is not permitted for this mode.

IBackChannelGrantProcessor.ValidateTokenEndpointAccess() Method

Validates that a token request is allowed for this delivery mode. For example, push mode clients should never poll the token endpoint.

Abblix.Oidc.Server.Common.OidcError? ValidateTokenEndpointAccess();

Returns

OidcError
Null if the request is valid for this mode, or an error if the client is attempting an operation not allowed by their delivery mode.