IAuthorizationValueReuseDetector Interface
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.ReusePrevention
IAuthorizationValueReuseDetector Interface
Detects reuse of an authorization request's transaction-binding values — the PKCE
code_challenge (RFC 7636) and the OpenID Connect nonce. Both must be
transaction-specific; a client that keeps sending a constant value defeats the protection they provide.
RFC 9700 (OAuth 2.0 Security BCP) Section 2.1.1 encourages the authorization server to make a
reasonable effort to detect and prevent this. Detection is off unless
PkceAndNonceReuseDetectionInterval is set.
public interface IAuthorizationValueReuseDetector
Derived
↳ AuthorizationValueReuseDetector
Methods
IAuthorizationValueReuseDetector.IsReusedAsync(string, string, string) Method
Reports whether a value of the given kind has already been recorded for this client within the detection window — that is, whether the client is repeating a value that must be unique per request.
System.Threading.Tasks.Task<bool> IsReusedAsync(string clientId, string valueKind, string value);
Parameters
clientId System.String
The client presenting the value.
valueKind System.String
A discriminator for the value's role (for example the parameter name), so
a code_challenge and a nonce that happen to coincide are tracked separately.
value System.String
The raw value; only a hash of it is ever stored.
Returns
System.Threading.Tasks.Task<System.Boolean>
true when the value was seen before within the window; otherwise false.
Always false when detection is disabled.
IAuthorizationValueReuseDetector.RecordAsync(string, string, string) Method
Records a value as used by this client so a later reuse within the detection window is caught. A no-op when detection is disabled. Called once per issued authorization code, not on every authorization request, so re-processing one request across a login or consent redirect is not flagged.
System.Threading.Tasks.Task RecordAsync(string clientId, string valueKind, string value);