Skip to main content

Abblix.Oidc.Server.Features.TokenExchange Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.TokenExchange Namespace

Classes
JwtSubjectTokenResolverISubjectTokenResolver for JWT-formatted subject tokens. Validates the JWT via IAuthServiceJwtValidator (signature, lifetime, registered claims) and projects the payload's sub, scope, and authorization_details claims into a SubjectTokenContext.
RefreshTokenSubjectTokenResolverISubjectTokenResolver for the urn:ietf:params:oauth:token-type:refresh_token subject type. Refresh tokens issued by this AS are JWT-formatted with typ=rt+jwt; the resolver validates the JWT, enforces the typ header, and recovers the original AuthorizedGrant via AuthorizeByRefreshTokenAsync(JsonWebToken). The grant's subject, scope, and authorization_details become the exchanged token's starting point.
SubjectTokenContextThe portable state extracted by an ISubjectTokenResolver from a wire-level subject_token. Independent of the token's on-wire format -- JWT-based resolvers parse the payload, opaque-token resolvers recover the equivalent fields from a previously stored grant. The TokenExchangeGrantHandler consumes this record to synthesise the new AuthorizationContext and AuthSession.
Interfaces
ISubjectTokenResolverResolves a wire-level subject_token of a specific RFC 8693 §3 token type into a portable SubjectTokenContext. One resolver per supported token type URI, registered with keyed DI under the URI as key; the TokenExchangeGrantHandler dispatches by reading the request's subject_token_type as the lookup key.