ClientJwtValidator Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.Tokens.Validation
ClientJwtValidator Class
Validates JWTs issued by clients to the authentication service, supporting scenarios such as private JWT client authentication and the validation of request objects. This class plays a crucial role in ensuring that tokens received from clients are legitimate, properly signed, and authorized for use within the authentication service.
public class ClientJwtValidator : Abblix.Oidc.Server.Features.Tokens.Validation.IClientJwtValidator
Inheritance System.Object → ClientJwtValidator
Implements IClientJwtValidator
Remarks
The class is used for validating tokens like client authentication JWTs and request objects in OpenID Connect flows. It checks the authenticity of the JWT issuer, audience, and cryptographic signatures to ensure that only valid and authorized clients can interact with the authentication service.
Constructors
ClientJwtValidator(ILogger<ClientJwtValidator>, IRequestInfoProvider, IJsonWebTokenValidator, IClientInfoProvider, IClientKeysProvider, IIssuerProvider, IAuthServiceKeysProvider) Constructor
Validates JWTs issued by clients to the authentication service, supporting scenarios such as private JWT client authentication and the validation of request objects. This class plays a crucial role in ensuring that tokens received from clients are legitimate, properly signed, and authorized for use within the authentication service.
public ClientJwtValidator(Microsoft.Extensions.Logging.ILogger<Abblix.Oidc.Server.Features.Tokens.Validation.ClientJwtValidator> logger, Abblix.Oidc.Server.Common.Interfaces.IRequestInfoProvider requestInfoProvider, Abblix.Jwt.IJsonWebTokenValidator tokenValidator, Abblix.Oidc.Server.Features.ClientInformation.IClientInfoProvider clientInfoProvider, Abblix.Oidc.Server.Features.ClientInformation.IClientKeysProvider clientJwksProvider, Abblix.Oidc.Server.Features.Issuer.IIssuerProvider issuerProvider, Abblix.Oidc.Server.Common.Interfaces.IAuthServiceKeysProvider serviceKeysProvider);
Parameters
logger Microsoft.Extensions.Logging.ILogger<ClientJwtValidator>
The logger used for recording validation activities and outcomes.
requestInfoProvider IRequestInfoProvider
Provides information about the current request, including the request URI.
tokenValidator IJsonWebTokenValidator
The service used to perform core JWT validation.
clientInfoProvider IClientInfoProvider
Provides access to client information for validation purposes.
clientJwksProvider IClientKeysProvider
Provides access to the client's JSON Web Keys (JWKs) for verifying signatures.
issuerProvider IIssuerProvider
Provides the authorization server's issuer identifier for audience validation.
serviceKeysProvider IAuthServiceKeysProvider
Provides the server's own private keys used to decrypt request objects that the client encrypted to the server (RFC 9101 §6.1).
Remarks
The class is used for validating tokens like client authentication JWTs and request objects in OpenID Connect flows. It checks the authenticity of the JWT issuer, audience, and cryptographic signatures to ensure that only valid and authorized clients can interact with the authentication service.
Methods
ClientJwtValidator.ValidateAsync(string, ValidationOptions) Method
Validates the JWT issued by a client, ensuring that it meets the expected criteria for issuer, audience, and cryptographic signatures. This method is used in scenarios such as private JWT client authentication and request object validation.
public System.Threading.Tasks.Task<Abblix.Utils.Result<Abblix.Oidc.Server.Features.Tokens.Validation.ValidJsonWebToken,Abblix.Jwt.JwtValidationError>> ValidateAsync(string jwt, Abblix.Jwt.ValidationOptions options=Abblix.Jwt.ValidationOptions.Default);
Parameters
jwt System.String
The JWT to validate.
options ValidationOptions
Options to customize the validation process.
Implements ValidateAsync(string, ValidationOptions)
Returns
System.Threading.Tasks.Task<Abblix.Utils.Result<ValidJsonWebToken,JwtValidationError>>
A task that returns a Result containing either a ValidJsonWebToken on success,
or a JwtValidationError on failure.