Skip to main content

Abblix.Oidc.Server.Features.Tokens Namespace

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.Tokens Namespace

Classes
EncodedJsonWebTokenRepresents an encoded JSON Web Token (JWT) along with its decoded model representation.
LogoutTokenServiceImplements the ILogoutTokenService interface to generate logout tokens.
RefreshTokenServiceManages refresh tokens, key components in OAuth 2.0 for extending authentication sessions without requiring user re-authentication. This service handles the creation and validation of refresh tokens, supporting seamless and secure user experiences by allowing access tokens to be renewed based on long-lived refresh tokens.
Interfaces
IAccessTokenServiceIssues OAuth 2.0 access tokens as signed JWTs (RFC 9068 access-token format) and reverses the mapping by reconstructing the originating AuthSession and AuthorizationContext from the token's claims.
IIdentityTokenServiceIssues OpenID Connect ID Tokens (OIDC Core §2 and §3.1.3.6) for authenticated end-users, embedding the standard claims of OIDC Core §5.1, the client's nonce, and where applicable the c_hash/at_hash binding claims (OIDC Core §3.1.3.6 and §3.2.2.10) that tie the ID Token to a co-issued authorization code or access token.
ILogoutTokenServiceIssues OpenID Connect Back-Channel Logout tokens (OIDC Back-Channel Logout 1.0 §2.4): JWTs with an events claim containing the back-channel logout event URI, addressed to a specific RP and identifying the affected end-user via sub and/or sid. The nonce claim is prohibited per the specification.
IRefreshTokenServiceIssues and consumes OAuth 2.0 refresh tokens (RFC 6749 §6) used to obtain renewed access tokens without re-prompting the user. Implementations apply the configured absolute and sliding expiration policies and may revoke the previous refresh token when reuse is disallowed.