AuthSession Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.UserAuthentication
AuthSession Class
Represents a model of an authentication session for a logged-in user, capturing essential details about the user's authentication state and interactions within the system.
public record AuthSession : System.IEquatable<Abblix.Oidc.Server.Features.UserAuthentication.AuthSession>
Inheritance System.Object → AuthSession
Implements System.IEquatable<AuthSession>
Constructors
AuthSession(string, string, DateTimeOffset, string) Constructor
Represents a model of an authentication session for a logged-in user, capturing essential details about the user's authentication state and interactions within the system.
public AuthSession(string Subject, string SessionId, System.DateTimeOffset AuthenticationTime, string IdentityProvider);
Parameters
Subject System.String
SessionId System.String
AuthenticationTime System.DateTimeOffset
IdentityProvider System.String
Properties
AuthSession.AdditionalClaims Property
Additional custom claims to include in the authentication session. These claims will be serialized to the authentication cookie and can be included in tokens. Supports any JSON value: strings, numbers, booleans, arrays, objects.
public System.Text.Json.Nodes.JsonObject? AdditionalClaims { get; init; }
Property Value
System.Text.Json.Nodes.JsonObject
Example
AdditionalClaims = new JsonObject
{
["tenant_id"] = "tenant-123", // string
["roles"] = new JsonArray("admin", "user"), // array
["permissions"] = new JsonArray("read", "write"), // array
["is_verified"] = true, // boolean
["login_count"] = 42, // number
["metadata"] = new JsonObject // nested object
{
["department"] = "Engineering",
["manager"] = "john@example.com"
}
}
AuthSession.AffectedClientIds Property
A collection of client identifiers that the user has interacted with during the session. This can be used to manage and track user consent and interaction with multiple clients within the same session.
public System.Collections.Generic.ICollection<string> AffectedClientIds { get; init; }
Property Value
System.Collections.Generic.ICollection<System.String>
AuthSession.AuthContextClassRef Property
Indicates the authentication context class that the authentication performed satisfied, according to specifications such as SAML 2.0 or OpenID Connect. This may dictate the level of assurance provided by the authentication process.
public string? AuthContextClassRef { get; init; }
Property Value
AuthSession.AuthenticationMethodReferences Property
A list of authentication methods used during the user's authentication process, represented as Authentication Method Reference (AMR) values according to the OpenID Connect specification. These values indicate how the user was authenticated, such as using a password, multifactor authentication, biometric verification, or other supported mechanisms. This information is useful for auditing, enforcing authentication policies, or satisfying specific security requirements.
public System.Collections.Generic.ICollection<string>? AuthenticationMethodReferences { get; init; }
Property Value
System.Collections.Generic.ICollection<System.String>
AuthSession.AuthenticationTime Property
The timestamp indicating when the user was authenticated. This is used for session management purposes such as session expiration and activity logging.
public System.DateTimeOffset AuthenticationTime { get; init; }
Property Value
AuthSession.Email Property
The email address used for authentication. When specified, this exact email is included in the authentication cookie and ID token claims, regardless of other emails associated with the user account. This ensures external provider emails (Google, Microsoft) or challenge emails are preserved exactly as used.
public string? Email { get; init; }
Property Value
AuthSession.EmailVerified Property
Indicates whether the email address has been verified. When true, the email_verified claim is set to true in ID tokens. This is particularly useful for external providers that verify emails or when email verification has been completed through challenge flows.
public System.Nullable<bool> EmailVerified { get; init; }
Property Value
System.Nullable<System.Boolean>
AuthSession.IdentityProvider Property
The provider used to authenticate the user's identity. This could be a local database, an external identity provider, or a social login provider, and can be useful for auditing and enforcing security policies based on the origin of authentication.
public string? IdentityProvider { get; init; }
Property Value
AuthSession.SessionId Property
The unique identifier of the session, used to track the session across requests and possibly across different services.
public string SessionId { get; init; }
Property Value
AuthSession.Subject Property
The unique identifier for the user in the session. This is typically a user-specific identifier that can be used to retrieve user details or verify the user's identity across different parts of the application.
public string Subject { get; init; }