Skip to main content

IAuthorizationDetailValidator Interface

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.RichAuthorizationRequests

IAuthorizationDetailValidator Interface

Validates a single RFC 9396 authorization_details entry whose type value matches the implementation. Hosts register one implementation per supported type via AddAuthorizationDetailValidator<TValidator>(this IServiceCollection, string); the composite IAuthorizationDetailsPolicy dispatches each request entry to the implementation keyed by the entry's type value.

public interface IAuthorizationDetailValidator

Remarks

The library ships no concrete implementations of this interface — each authorization-detail type (e.g. payment_initiation, consent, OpenID4VC presentation schemas) demands its own per-type schema and is contributed by the host or a separate package. RFC 9396 §5 requires the AS to refuse any entry whose type is unknown; with zero implementations registered, every RAR-bearing request is rejected with invalid_authorization_details and the server still boots cleanly.

Properties

IAuthorizationDetailValidator.Type Property

The authorization-detail type value this validator handles. Used as the DI key under which the implementation is registered and looked up at request time.

string Type { get; }

Property Value

System.String

Methods

IAuthorizationDetailValidator.BuildConsentDescriptorAsync(AuthorizationDetail, ClientInfo, CancellationToken) Method

Optional: produces a host-renderable AuthorizationDetailDescriptor describing what consenting to this entry authorises, so the consent UI can render a meaningful screen instead of a raw JSON dump. Default returns null; hosts that opt out simply fall back to displaying Json. Validators that override this should extract the structured payload from Json and project it to the descriptor's Title / Summary / Details shape.

System.Threading.Tasks.Task<Abblix.Oidc.Server.Features.RichAuthorizationRequests.AuthorizationDetailDescriptor?> BuildConsentDescriptorAsync(Abblix.Jwt.AuthorizationDetail detail, Abblix.Oidc.Server.Features.ClientInformation.ClientInfo client, System.Threading.CancellationToken cancellationToken);

Parameters

detail AuthorizationDetail

The entry to describe. Already passed ValidateAsync(AuthorizationDetail, ClientInfo, CancellationToken), so the per-type schema is satisfied.

client ClientInfo

The requesting client, for descriptions that vary by client metadata (e.g. branding, locale).

cancellationToken System.Threading.CancellationToken

Cancellation token.

Returns

System.Threading.Tasks.Task<AuthorizationDetailDescriptor>
The descriptor on success; null when no structured description is available and the host should fall back to a JSON-dump rendering.

IAuthorizationDetailValidator.ValidateAsync(AuthorizationDetail, ClientInfo, CancellationToken) Method

Validates a single authorization-detail entry against this validator's per-type schema and any per-client policy the implementation chooses to enforce.

System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Jwt.AuthorizationDetail,Abblix.Oidc.Server.Common.OidcError>> ValidateAsync(Abblix.Jwt.AuthorizationDetail detail, Abblix.Oidc.Server.Features.ClientInformation.ClientInfo client, System.Threading.CancellationToken token);

Parameters

detail AuthorizationDetail

The entry to validate. Its Type matches this validator's Type; the per-type schema lives in the raw Json object alongside the RFC 9396 §2.2 standardised members where applicable.

client ClientInfo

The client that submitted the request, for policy decisions that depend on per-client allowlists or registered metadata.

token System.Threading.CancellationToken

Cancellation token.

Returns

System.Threading.Tasks.Task<Abblix.Utils.Result<AuthorizationDetail,OidcError>>
The validated (and possibly normalised) detail on success, or a OidcError describing the rejection reason on failure. RFC 9396 §5 makes the protocol-level error code at the wire invalid_authorization_details regardless of the underlying reason.