Skip to main content

AuthSession Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.UserAuthentication

AuthSession Class

Represents a model of an authentication session for a logged-in user, capturing essential details about the user's authentication state and interactions within the system.

public record AuthSession : System.IEquatable<Abblix.Oidc.Server.Features.UserAuthentication.AuthSession>

Inheritance System.Object → AuthSession

Implements System.IEquatable<AuthSession>

Constructors

AuthSession(string, string, DateTimeOffset, string) Constructor

Represents a model of an authentication session for a logged-in user, capturing essential details about the user's authentication state and interactions within the system.

public AuthSession(string Subject, string SessionId, System.DateTimeOffset AuthenticationTime, string IdentityProvider);

Parameters

Subject System.String
SessionId System.String
AuthenticationTime System.DateTimeOffset
IdentityProvider System.String

Properties

AuthSession.AdditionalClaims Property

Additional custom claims to include in the authentication session. These claims will be serialized to the authentication cookie and can be included in tokens. Supports any JSON value: strings, numbers, booleans, arrays, objects.

public System.Text.Json.Nodes.JsonObject? AdditionalClaims { get; init; }

Property Value

System.Text.Json.Nodes.JsonObject

Example

AdditionalClaims = new JsonObject
{
["tenant_id"] = "tenant-123", // string
["roles"] = new JsonArray("admin", "user"), // array
["permissions"] = new JsonArray("read", "write"), // array
["is_verified"] = true, // boolean
["login_count"] = 42, // number
["metadata"] = new JsonObject // nested object
{
["department"] = "Engineering",
["manager"] = "john@example.com"
}
}

AuthSession.AffectedClientIds Property

A collection of client identifiers that the user has interacted with during the session. This can be used to manage and track user consent and interaction with multiple clients within the same session.

public System.Collections.Generic.ICollection<string> AffectedClientIds { get; init; }

Property Value

System.Collections.Generic.ICollection<System.String>

AuthSession.AuthContextClassRef Property

Indicates the authentication context class that the authentication performed satisfied, according to specifications such as SAML 2.0 or OpenID Connect. This may dictate the level of assurance provided by the authentication process.

public string? AuthContextClassRef { get; init; }

Property Value

System.String

AuthSession.AuthenticationMethodReferences Property

A list of authentication methods used during the user's authentication process, represented as Authentication Method Reference (AMR) values according to the OpenID Connect specification. These values indicate how the user was authenticated, such as using a password, multifactor authentication, biometric verification, or other supported mechanisms. This information is useful for auditing, enforcing authentication policies, or satisfying specific security requirements.

public System.Collections.Generic.ICollection<string>? AuthenticationMethodReferences { get; init; }

Property Value

System.Collections.Generic.ICollection<System.String>

AuthSession.AuthenticationTime Property

The timestamp indicating when the user was authenticated. This is used for session management purposes such as session expiration and activity logging.

public System.DateTimeOffset AuthenticationTime { get; init; }

Property Value

System.DateTimeOffset

AuthSession.Email Property

The email address used for authentication. When specified, this exact email is included in the authentication cookie and ID token claims, regardless of other emails associated with the user account. This ensures external provider emails (Google, Microsoft) or challenge emails are preserved exactly as used.

public string? Email { get; init; }

Property Value

System.String

AuthSession.EmailVerified Property

Indicates whether the email address has been verified. When true, the email_verified claim is set to true in ID tokens. This is particularly useful for external providers that verify emails or when email verification has been completed through challenge flows.

public System.Nullable<bool> EmailVerified { get; init; }

Property Value

System.Nullable<System.Boolean>

AuthSession.IdentityProvider Property

The provider used to authenticate the user's identity. This could be a local database, an external identity provider, or a social login provider, and can be useful for auditing and enforcing security policies based on the origin of authentication.

public string? IdentityProvider { get; init; }

Property Value

System.String

AuthSession.SessionId Property

The unique identifier of the session, used to track the session across requests and possibly across different services.

public string SessionId { get; init; }

Property Value

System.String

AuthSession.Subject Property

The unique identifier for the user in the session. This is typically a user-specific identifier that can be used to retrieve user details or verify the user's identity across different parts of the application.

public string Subject { get; init; }

Property Value

System.String