Skip to main content

IClientKeysProvider Interface

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.ClientInformation

IClientKeysProvider Interface

Provides access to cryptographic keys for OpenID Connect clients, supporting token encryption and signature validation.

public interface IClientKeysProvider

Derived
ClientKeysProvider

Remarks

This interface serves as a bridge between OAuth 2.0/OpenID Connect clients and the cryptographic keys necessary for securing JWT tokens. It enables dynamic retrieval of encryption and signing keys which can be used for token encryption, signature, and validation processes. This approach supports scenarios where keys are rotated or updated without requiring service restarts or manual intervention.

Methods

IClientKeysProvider.GetEncryptionKeys(ClientInfo) Method

Retrieves the set of encryption keys associated with a given client, allowing the service to encrypt JWT tokens or other sensitive information intended for that client.

System.Collections.Generic.IAsyncEnumerable<Abblix.Jwt.JsonWebKey> GetEncryptionKeys(Abblix.Oidc.Server.Features.ClientInformation.ClientInfo clientInfo);

Parameters

clientInfo ClientInfo

The client's information, used to identify the correct set of encryption keys.

Returns

System.Collections.Generic.IAsyncEnumerable<JsonWebKey>
An asynchronous stream (System.Collections.Generic.IAsyncEnumerable<>) of JsonWebKey, providing access to each key.

Remarks

This method is essential for services that issue encrypted tokens or need to securely communicate with clients, ensuring that only the intended recipient can decrypt and access the transmitted information.

IClientKeysProvider.GetSigningKeys(ClientInfo) Method

Retrieves the set of signing keys associated with a given client, enabling the service to validate signatures on JWT tokens or other signed payloads originating from that client.

System.Collections.Generic.IAsyncEnumerable<Abblix.Jwt.JsonWebKey> GetSigningKeys(Abblix.Oidc.Server.Features.ClientInformation.ClientInfo clientInfo);

Parameters

clientInfo ClientInfo

The client's information, used to identify the correct set of signing keys.

Returns

System.Collections.Generic.IAsyncEnumerable<JsonWebKey>
An asynchronous stream (System.Collections.Generic.IAsyncEnumerable<>) of JsonWebKey, providing access to each key.

Remarks

This method supports secure client-server interactions by enabling the service to verify the authenticity of incoming signed data, ensuring it was not tampered with and was indeed issued by the claiming client.