Skip to main content

IIdentityTokenService Interface

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.Tokens

IIdentityTokenService Interface

Issues OpenID Connect ID Tokens (OIDC Core §2 and §3.1.3.6) for authenticated end-users, embedding the standard claims of OIDC Core §5.1, the client's nonce, and where applicable the c_hash/at_hash binding claims (OIDC Core §3.1.3.6 and §3.2.2.10) that tie the ID Token to a co-issued authorization code or access token.

public interface IIdentityTokenService

Methods

IIdentityTokenService.CreateIdentityTokenAsync(AuthSession, AuthorizationContext, ClientInfo, bool, string, string) Method

Asynchronously generates a new identity token based on the provided authentication session, authorization context, client information, and optionally includes `c_hash` or `at_hash` claims when an authorization code or access token is provided. These claims are used for validating the hash of the authorization code and access token respectively, enhancing the security of token exchange in OAuth 2.0 flows.

System.Threading.Tasks.Task<Abblix.Oidc.Server.Features.Tokens.EncodedJsonWebToken?> CreateIdentityTokenAsync(Abblix.Oidc.Server.Features.UserAuthentication.AuthSession authSession, Abblix.Oidc.Server.Common.AuthorizationContext authContext, Abblix.Oidc.Server.Features.ClientInformation.ClientInfo clientInfo, bool includeUserClaims, string? authorizationCode, string? accessToken);

Parameters

authSession AuthSession

The authentication session, which includes details such as the user's unique identifier and the session's authentication time.

authContext AuthorizationContext

The authorization context, providing contextual information about the authorization request, such as the requested scopes and additional claims to be included in the identity token.

clientInfo ClientInfo

Detailed information about the client that is requesting the identity token, including its identifier and specific requirements for the token.

includeUserClaims System.Boolean

A boolean value indicating whether claims about the user should be included in the identity token. When set to true, the token will include claims based on the requested scopes and additional specified claims.

authorizationCode System.String

An optional authorization code provided to include the `c_hash` claim in the identity token, which is a hash of the code. This parameter is typically used in authorization code flow.

accessToken System.String

An optional access token provided to include the `at_hash` claim in the identity token, which is a hash of the token. This parameter is used when the identity token is issued alongside an access token.

Returns

System.Threading.Tasks.Task<EncodedJsonWebToken>
A task that, upon completion, yields an EncodedJsonWebToken that represents the newly generated identity token, encoded and ready for transmission to the client.

Remarks

Identity tokens generated by this service adhere to the OpenID Connect standard, ensuring that they can be used reliably in identity assertions across different clients and services that support OpenID Connect.