Skip to main content

IJwtBearerIssuerProvider Interface

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.JwtBearer

IJwtBearerIssuerProvider Interface

Provides comprehensive JWT Bearer grant type (RFC 7523) functionality including issuer management, key resolution, and replay protection.

public interface IJwtBearerIssuerProvider

Derived
JwtBearerIssuerProvider

Remarks

This interface centralizes JWT Bearer security functionality to: - Validate that the JWT issuer (iss claim) is from a trusted identity provider - Resolve the signing keys (JWKS) for verifying the JWT signature - Provide replay protection per RFC 7523 Section 5.2 - Expose configuration settings (clock skew, algorithm whitelist, etc.)

Properties

IJwtBearerIssuerProvider.Options Property

Gets the JWT Bearer configuration options.

Abblix.Oidc.Server.Common.Configuration.JwtBearerOptions Options { get; }

Property Value

JwtBearerOptions

Methods

IJwtBearerIssuerProvider.GetSigningKeysAsync(string) Method

Resolves the signing keys for a trusted issuer, used to verify JWT assertion signatures.

System.Collections.Generic.IAsyncEnumerable<Abblix.Jwt.JsonWebKey> GetSigningKeysAsync(string issuer);

Parameters

issuer System.String

The issuer identifier from the JWT's 'iss' claim.

Returns

System.Collections.Generic.IAsyncEnumerable<JsonWebKey>
An async enumerable of JSON Web Keys that can be used to verify signatures for JWTs issued by this issuer. Returns empty if the issuer is not trusted or has no configured keys.

IJwtBearerIssuerProvider.GetTrustedIssuerAsync(string) Method

Gets the full configuration for a trusted issuer.

System.Threading.Tasks.Task<Abblix.Oidc.Server.Common.Configuration.TrustedIssuer?> GetTrustedIssuerAsync(string issuer);

Parameters

issuer System.String

The issuer identifier from the JWT's 'iss' claim.

Returns

System.Threading.Tasks.Task<TrustedIssuer>
A task that completes with the trusted issuer configuration if found; null if not trusted.

IJwtBearerIssuerProvider.IsReplayedAsync(string, Nullable<DateTimeOffset>) Method

Atomically records the JWT's JTI for replay protection and reports whether it had already been recorded. The entry is kept until the assertion's own expiration, so a JWT cannot be replayed for any part of its validity window.

System.Threading.Tasks.Task<bool> IsReplayedAsync(string jti, System.Nullable<System.DateTimeOffset> expiresAt);

Parameters

jti System.String

The JWT ID (jti claim) to reserve.

expiresAt System.Nullable<System.DateTimeOffset>

The assertion's expiration; bounds how long the JTI is remembered.

Returns

System.Threading.Tasks.Task<System.Boolean>
True if this JTI was already recorded (a replay); false if it was recorded just now.

IJwtBearerIssuerProvider.IsTrustedIssuerAsync(string) Method

Determines whether the specified issuer is trusted for JWT Bearer assertions.

System.Threading.Tasks.Task<bool> IsTrustedIssuerAsync(string issuer);

Parameters

issuer System.String

The issuer identifier from the JWT's 'iss' claim.

Returns

System.Threading.Tasks.Task<System.Boolean>
A task that completes with true if the issuer is trusted and can be used for JWT Bearer grants; otherwise, false.