ClientSecret Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.ClientInformation
ClientSecret Class
Encapsulates the details of a client secret used in OAuth2 and OpenID Connect authentication flows.
public record ClientSecret : System.IEquatable<Abblix.Oidc.Server.Features.ClientInformation.ClientSecret>
Inheritance System.Object → ClientSecret
Implements System.IEquatable<ClientSecret>
Remarks
Client secrets are critical for the security of client applications, especially those that authenticate in a server-side context. This record stores hashed versions of the secret to enhance security by avoiding the storage of plain-text secrets. For client_secret_jwt authentication method, the raw value must also be stored to validate HMAC-signed JWTs.
Properties
ClientSecret.ExpiresAt Property
The expiration date and time for the client secret. Secrets past this date are considered invalid and cannot be used for authentication.
public System.Nullable<System.DateTimeOffset> ExpiresAt { get; init; }
Property Value
System.Nullable<System.DateTimeOffset>
Remarks
Setting an expiration date for client secrets is a best practice that helps mitigate the risk of secret compromise over time. It encourages regular rotation of secrets to maintain the security integrity of client applications.
ClientSecret.Sha256Hash Property
The SHA-256 hash of the client secret. This property is used to securely store and verify the secret without needing to store the plain text value.
public byte[]? Sha256Hash { get; init; }
Property Value
Remarks
The SHA-256 hash provides a secure way to handle client secrets, allowing for their verification during the authentication process without risking exposure.
ClientSecret.Sha512Hash Property
The SHA-512 hash of the client secret. This property offers an additional layer of security by using a stronger hashing algorithm compared to SHA-256.
public byte[]? Sha512Hash { get; init; }
Property Value
Remarks
SHA-512 hashes are more resistant to brute-force attacks due to their larger size and complexity. This property is optional and can be used in systems requiring heightened security measures.
ClientSecret.Value Property
The plain-text value of the client secret. This property is required for authentication methods that need the raw secret value, such as client_secret_jwt (which uses HMAC signatures).
public string? Value { get; init; }
Property Value
Remarks
While storing plain-text secrets poses security risks, some authentication methods like client_secret_jwt require access to the original value to create HMAC signatures for validation. This value should be stored securely and access should be restricted.