Abblix.Oidc.Server.Features.ReusePrevention Namespace
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.ReusePrevention Namespace
| Classes | |
|---|---|
| AuthorizationValueReuseDetector | Default IAuthorizationValueReuseDetector implementation backed by IEntityStorage. It records a SHA-256 hash of each value under a per-client, per-kind key with a time-to-live equal to the configured detection window, so a raw code_challenge or nonce never lands in the cache and entries expire on their own. |
| Interfaces | |
|---|---|
| IAuthorizationValueReuseDetector | Detects reuse of an authorization request's transaction-binding values — the PKCE code_challenge (RFC 7636) and the OpenID Connect nonce. Both must be transaction-specific; a client that keeps sending a constant value defeats the protection they provide. RFC 9700 (OAuth 2.0 Security BCP) Section 2.1.1 encourages the authorization server to make a reasonable effort to detect and prevent this. Detection is off unless PkceAndNonceReuseDetectionInterval is set. |