Skip to main content

SecurityProfileConsistency Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.ClientInformation

SecurityProfileConsistency Class

Checks whether a client's configuration can actually satisfy the profile it selects, so a contradiction surfaces loudly at registration or startup instead of as a per-request rejection the operator has to reverse-engineer. The runtime validators already tighten a request to the profile; this is the fail-loud companion that catches static configuration that can never produce a conformant flow in the first place.

public static class SecurityProfileConsistency

Inheritance System.Object → SecurityProfileConsistency

Methods

SecurityProfileConsistency.FindViolations(IReadOnlyList<string[]>, ClientSecurityProfile) Method

Returns the human-readable violations that prevent a client with the given registered response types from satisfying the effective profile, or an empty list when the configuration is self-consistent. The check operates on response types because that is the one part of a FAPI client the profile cannot silently fix at request time: a client that never permits the authorization-code response type, or that permits an implicit/hybrid one, is misconfigured rather than merely tightened.

public static System.Collections.Generic.IReadOnlyList<string> FindViolations(System.Collections.Generic.IReadOnlyList<string[]> allowedResponseTypes, Abblix.Oidc.Server.Common.Constants.ClientSecurityProfile profile);

Parameters

allowedResponseTypes System.Collections.Generic.IReadOnlyList<System.String[]>

The response-type combinations the client is registered for.

profile ClientSecurityProfile

The effective profile governing the client.

Returns

System.Collections.Generic.IReadOnlyList<System.String>