IJwtBearerIssuerProvider Interface
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.JwtBearer
IJwtBearerIssuerProvider Interface
Provides comprehensive JWT Bearer grant type (RFC 7523) functionality including issuer management, key resolution, and replay protection.
public interface IJwtBearerIssuerProvider
Derived
↳ JwtBearerIssuerProvider
Remarks
This interface centralizes JWT Bearer security functionality to: - Validate that the JWT issuer (iss claim) is from a trusted identity provider - Resolve the signing keys (JWKS) for verifying the JWT signature - Provide replay protection per RFC 7523 Section 5.2 - Expose configuration settings (clock skew, algorithm whitelist, etc.)
Properties
IJwtBearerIssuerProvider.Options Property
Gets the JWT Bearer configuration options.
Abblix.Oidc.Server.Common.Configuration.JwtBearerOptions Options { get; }
Property Value
Methods
IJwtBearerIssuerProvider.GetSigningKeysAsync(string) Method
Resolves the signing keys for a trusted issuer, used to verify JWT assertion signatures.
System.Collections.Generic.IAsyncEnumerable<Abblix.Jwt.JsonWebKey> GetSigningKeysAsync(string issuer);
Parameters
issuer System.String
The issuer identifier from the JWT's 'iss' claim.
Returns
System.Collections.Generic.IAsyncEnumerable<JsonWebKey>
An async enumerable of JSON Web Keys that can be used to verify signatures for JWTs
issued by this issuer. Returns empty if the issuer is not trusted or has no configured keys.
IJwtBearerIssuerProvider.GetTrustedIssuerAsync(string) Method
Gets the full configuration for a trusted issuer.
System.Threading.Tasks.Task<Abblix.Oidc.Server.Common.Configuration.TrustedIssuer?> GetTrustedIssuerAsync(string issuer);
Parameters
issuer System.String
The issuer identifier from the JWT's 'iss' claim.
Returns
System.Threading.Tasks.Task<TrustedIssuer>
A task that completes with the trusted issuer configuration if found; null if not trusted.
IJwtBearerIssuerProvider.IsReplayedAsync(string, Nullable<DateTimeOffset>) Method
Atomically records the JWT's JTI for replay protection and reports whether it had already been recorded. The entry is kept until the assertion's own expiration, so a JWT cannot be replayed for any part of its validity window.
System.Threading.Tasks.Task<bool> IsReplayedAsync(string jti, System.Nullable<System.DateTimeOffset> expiresAt);
Parameters
jti System.String
The JWT ID (jti claim) to reserve.
expiresAt System.Nullable<System.DateTimeOffset>
The assertion's expiration; bounds how long the JTI is remembered.
Returns
System.Threading.Tasks.Task<System.Boolean>
True if this JTI was already recorded (a replay); false if it was recorded just now.
IJwtBearerIssuerProvider.IsTrustedIssuerAsync(string) Method
Determines whether the specified issuer is trusted for JWT Bearer assertions.
System.Threading.Tasks.Task<bool> IsTrustedIssuerAsync(string issuer);
Parameters
issuer System.String
The issuer identifier from the JWT's 'iss' claim.
Returns
System.Threading.Tasks.Task<System.Boolean>
A task that completes with true if the issuer is trusted and can be used for JWT Bearer grants;
otherwise, false.