TlsMetadataClientAuthenticator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.ClientAuthentication
TlsMetadataClientAuthenticator Class
RFC 8705 tls_client_auth authenticator. Matches presented client certificate against client metadata: subject DN and/or Subject Alternative Name entries.
public class TlsMetadataClientAuthenticator : Abblix.Oidc.Server.Features.ClientAuthentication.IClientAuthenticator
Inheritance System.Object → TlsMetadataClientAuthenticator
Implements IClientAuthenticator
Constructors
TlsMetadataClientAuthenticator(ILogger<TlsMetadataClientAuthenticator>, IClientInfoProvider) Constructor
RFC 8705 tls_client_auth authenticator. Matches presented client certificate against client metadata: subject DN and/or Subject Alternative Name entries.
public TlsMetadataClientAuthenticator(Microsoft.Extensions.Logging.ILogger<Abblix.Oidc.Server.Features.ClientAuthentication.TlsMetadataClientAuthenticator> logger, Abblix.Oidc.Server.Features.ClientInformation.IClientInfoProvider clientInfoProvider);
Parameters
logger Microsoft.Extensions.Logging.ILogger<TlsMetadataClientAuthenticator>
clientInfoProvider IClientInfoProvider
Properties
TlsMetadataClientAuthenticator.ClientAuthenticationMethodsSupported Property
Gets the collection of client authentication methods supported by this authenticator.
public System.Collections.Generic.IEnumerable<string> ClientAuthenticationMethodsSupported { get; }
Implements ClientAuthenticationMethodsSupported
Property Value
System.Collections.Generic.IEnumerable<System.String>
A collection containing TlsClientAuth.
Methods
TlsMetadataClientAuthenticator.TryAuthenticateClientAsync(ClientRequest) Method
Attempts to authenticate a client using mutual TLS with metadata-based certificate validation. Validates the client certificate against configured Subject DN and/or Subject Alternative Name entries.
public System.Threading.Tasks.Task<Abblix.Oidc.Server.Features.ClientInformation.ClientInfo?> TryAuthenticateClientAsync(Abblix.Oidc.Server.Model.ClientRequest request);
Parameters
request ClientRequest
The client request containing the certificate and client ID to authenticate.
Implements TryAuthenticateClientAsync(ClientRequest)
Returns
System.Threading.Tasks.Task<ClientInfo>
A task that returns the authenticated ClientInfo if successful; otherwise, null.
Returns null if no certificate is provided, client not found, authentication method doesn't match,
or certificate validation fails.
Remarks
This method implements RFC 8705 tls_client_auth by: 1. Verifying a client certificate is present 2. Looking up client configuration by client_id 3. Checking the client uses tls_client_auth method 4. Validating certificate Subject DN (if configured) 5. Validating certificate SAN entries (if configured)