Abblix.Oidc.Server.Features.RandomGenerators Namespace
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.RandomGenerators Namespace
| Classes | |
|---|---|
| AuthorizationCodeGenerator | Generates secure authorization codes for OAuth 2.0 authorization code flows. This implementation relies on cryptographic randomness to generate codes that are difficult to predict, enhancing the security of the authorization process. |
| AuthorizationRequestUriGenerator | Default IAuthorizationRequestUriGenerator implementation. Appends a URL-safe Base64 encoded block of cryptographically secure random bytes (length governed by RequestUriLength) to Prefix, producing the urn:-style request_uri values used by Pushed Authorization Requests (RFC 9126). |
| ClientIdGenerator | Implements the IClientIdGenerator interface to generate client IDs for OpenID Connect (OIDC) clients. The generated client IDs are based on cryptographically secure random bytes and are encoded in Base32 format, providing a URL-safe, human-readable identifier. The length and format of the generated client IDs can be configured through OIDC options. |
| ClientSecretGenerator | Provides a mechanism for securely generating client secret strings used in OAuth 2.0 and OpenID Connect authentication flows. This implementation uses a cryptographic random number generator to produce a high-entropy secret string, which is crucial for maintaining the security and integrity of client authentication. The generated secret is encoded in a URL-safe Base32 format and trimmed to the specified length. |
| GrantIdGenerator | Default IGrantIdGenerator implementation. Draws random bytes from a cryptographically secure source (System.Security.Cryptography.RandomNumberGenerator via CryptoRandom) using the byte count configured in GrantIdLength, then URL-safe Base64 encodes the result so the resulting grant_id value can travel safely through HTTP transports. |
| SessionIdGenerator | Implements the ISessionIdGenerator interface to generate unique session identifiers. The session IDs are generated using a cryptographically strong random number generator and are encoded to be safely included in HTTP URLs, avoiding characters that might cause issues in URLs. |
| TokenIdGenerator | Default ITokenIdGenerator implementation. Draws random bytes from a cryptographically secure source (System.Security.Cryptography.RandomNumberGenerator via CryptoRandom) using the byte count configured in TokenIdLength, then URL-safe Base64 encodes the result so the resulting jti value can travel safely through HTTP transports. |
| Interfaces | |
|---|---|
| IAuthorizationCodeGenerator | Defines a contract for generating unique authorization codes for use in OAuth 2.0 authorization code flows. Implementations of this interface should ensure that the generated codes are cryptographically secure and suitable for one-time use in authenticating and authorizing access. |
| IAuthorizationRequestUriGenerator | Produces unique, unguessable request URIs used to reference stored authorization request objects, such as those handled by Pushed Authorization Requests (RFC 9126) via the request_uri parameter. Implementations must derive the URI from a high-entropy, cryptographically secure random value to prevent an attacker from guessing or enumerating active authorization requests. |
| IClientIdGenerator | Defines an interface for generating client IDs for OpenID Connect (OIDC) clients. This interface abstracts the mechanism for creating unique client identifiers used in the registration of OIDC clients. Implementations of this interface can provide different strategies for generating client IDs, such as UUIDs, random strings, or based on specific patterns. |
| IClientSecretGenerator | Defines an interface responsible for generating secure client secrets for OpenID Connect (OIDC) clients. Client secrets are used as credentials for client authentication to the OIDC provider or authorization server. |
| IGrantIdGenerator | Produces unique identifiers for refresh-token grants, used as the grant_id claim that binds every refresh token derived from one authorization grant into a single lineage (a "token family" in RFC 9700 terms). Rotation and family revocation (RFC 9700 §4.14.2) rely on this identifier, so implementations must generate values with sufficient entropy to make collisions and guessing impractical. |
| ISessionIdGenerator | Defines the interface for generating new session identifiers, which are crucial for tracking user sessions in web applications, especially in scenarios involving authentication and authorization processes. |
| ITokenIdGenerator | Produces unique identifiers for JSON Web Tokens, used as the jti claim defined in RFC 7519 §4.1.7. A unique jti per token is required to support replay detection and one-time token semantics, so implementations must generate values with sufficient entropy to make collisions and guessing impractical. |