AuthorizationRequest Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Model
AuthorizationRequest Class
The set of parameters carried by an OAuth 2.0 / OpenID Connect authorization request to the
authorization_endpoint as defined in RFC 6749 §4.1.1 and OpenID Connect Core 1.0 §3.1.2.1.
Parameters are bound from query string, form body, or a Request Object passed via
Request / RequestUri (OIDC Core §6).
public record AuthorizationRequest : System.IEquatable<Abblix.Oidc.Server.Model.AuthorizationRequest>
Inheritance System.Object → AuthorizationRequest
Implements System.IEquatable<AuthorizationRequest>
Properties
AuthorizationRequest.AcrValues Property
The OIDC acr_values (OIDC Core §3.1.2.1), a preference-ordered list of Authentication Context Class
Reference values that the client requests the authorization server to satisfy during authentication.
public string[]? AcrValues { get; init; }
Property Value
AuthorizationRequest.AuthorizationDetails Property
RFC 9396 Rich Authorization Requests stored as the raw wire System.Text.Json.Nodes.JsonArray so member order and type-specific payload survive the request → grant → token round-trip without re-serialisation.
public System.Text.Json.Nodes.JsonArray? AuthorizationDetails { get; init; }
Property Value
System.Text.Json.Nodes.JsonArray
AuthorizationRequest.Claims Property
The detailed request for specific claims (user attributes) to be included in the ID token or returned from the UserInfo endpoint.
public Abblix.Oidc.Server.Model.RequestedClaims? Claims { get; init; }
Property Value
AuthorizationRequest.ClaimsLocales Property
The OIDC claims_locales parameter (OIDC Core §5.2), preference-ordered BCP 47 language tags
the client prefers when claims are returned in localized form.
public System.Globalization.CultureInfo[]? ClaimsLocales { get; init; }
Property Value
System.Globalization.CultureInfo[]
AuthorizationRequest.ClientId Property
The OAuth 2.0 client_id identifying the relying party that issued the request,
per RFC 6749 §4.1.1. Required for any conformant authorization request.
public string? ClientId { get; init; }
Property Value
Remarks
Deliberately not marked as required at the model level: a missing client identifier must surface as the protocol-level invalid request error produced by the core validation pipeline, not as a transport-level model-binding failure.
AuthorizationRequest.CodeChallenge Property
The PKCE code_challenge (RFC 7636 §4.3), a high-entropy value derived from the client-held
code_verifier using CodeChallengeMethod. Required for public clients to defend
the authorization code against interception.
public string? CodeChallenge { get; init; }
Property Value
AuthorizationRequest.CodeChallengeMethod Property
The PKCE code_challenge_method (RFC 7636 §4.3) declaring how CodeChallenge was
derived from the code verifier. S256 is required by current best-practice profiles; plain
is supported only for legacy compatibility.
public string? CodeChallengeMethod { get; init; }
Property Value
AuthorizationRequest.Display Property
The OIDC display parameter (OIDC Core §3.1.2.1) hinting how the authentication and consent UI
should be rendered: page, popup, touch, or wap.
public string? Display { get; init; }
Property Value
AuthorizationRequest.IdTokenHint Property
The OIDC id_token_hint (OIDC Core §3.1.2.1), a previously issued ID Token used as a hint about
the end-user's current or past authenticated session, typically combined with prompt=none.
public string? IdTokenHint { get; init; }
Property Value
AuthorizationRequest.LoginHint Property
The OIDC login_hint (OIDC Core §3.1.2.1) suggesting the login identifier (such as an email or phone)
that the authorization server should use to pre-fill the authentication UI.
public string? LoginHint { get; init; }
Property Value
AuthorizationRequest.MaxAge Property
The OIDC max_age parameter (OIDC Core §3.1.2.1) bounding the elapsed time since the last
active end-user authentication. Serialized as an integer number of seconds.
public System.Nullable<System.TimeSpan> MaxAge { get; init; }
Property Value
System.Nullable<System.TimeSpan>
AuthorizationRequest.Nonce Property
The OIDC nonce (OIDC Core §3.1.2.1) bound into the issued ID Token to prevent token replay.
Required for the implicit and hybrid flows; recommended for the authorization code flow.
public string? Nonce { get; init; }
Property Value
AuthorizationRequest.Prompt Property
The OIDC prompt parameter (OIDC Core §3.1.2.1) controlling whether the authorization server
re-prompts for authentication and consent. Values: none, login, consent,
select_account, and the registration extension create.
public string? Prompt { get; init; }
Property Value
AuthorizationRequest.ProofKeyThumbprint Property
Client's pre-commitment to a DPoP proof-of-possession key per RFC 9449 §10
(dpop_jkt parameter): the base64url-encoded RFC 7638 JWK Thumbprint of the
key the client will demonstrate at the token endpoint. Persisted with the
authorization code so /token can reject mismatched proofs and close the
authorization-code injection window.
public string? ProofKeyThumbprint { get; init; }
Property Value
AuthorizationRequest.PushedRequestUri Property
The pushed authorization request URN (RFC 9126) this request was resolved from, populated by the
fetcher after the stored request is retrieved. Kept off the wire and out of RequestUri
(whose https validation a urn: value would fail) so the single-use decorator can consume it
once a code or token has been issued.
public System.Uri? PushedRequestUri { get; init; }
Property Value
AuthorizationRequest.RedirectUri Property
The OAuth 2.0 redirect_uri (RFC 6749 §3.1.2) where the authorization response is delivered.
Must be an absolute URI and must exactly match one of the redirect URIs pre-registered for the client.
public System.Uri? RedirectUri { get; init; }
Property Value
AuthorizationRequest.Request Property
A JWT (JSON Web Token) that encapsulates the entire authorization request as its payload. This parameter is often used to transmit the request securely.
public string? Request { get; init; }
Property Value
AuthorizationRequest.RequestUri Property
A URI referencing the Request Object carrying the authorization request parameters as JWT claims:
either an HTTPS URL hosted by the client (OpenID Connect Core §6.2) or the
urn:ietf:params:oauth:request_uri: value issued by the pushed authorization request
endpoint (RFC 9126 §2.2). Both forms are absolute URIs; scheme-specific rules are enforced
by the request object fetchers.
public System.Uri? RequestUri { get; init; }
Property Value
AuthorizationRequest.Resources Property
Specifies the resource for which the access token is requested. As defined in RFC 8707, this parameter is used to request access tokens with a specific scope for a particular resource.
public System.Uri[]? Resources { get; set; }
Property Value
AuthorizationRequest.ResponseMode Property
The OAuth 2.0 response_mode parameter (OAuth 2.0 Multiple Response Types / OAuth 2.0 Form Post Response Mode)
selecting how the authorization response is delivered: query, fragment, form_post,
or their JARM JWT-secured variants query.jwt, fragment.jwt, form_post.jwt and jwt.
public string? ResponseMode { get; init; }
Property Value
AuthorizationRequest.ResponseType Property
The OAuth 2.0 response_type parameter (RFC 6749 §3.1.1, OIDC Core §3) that selects the grant flow:
code for authorization code,
token for the implicit grant access token,
id_token for the hybrid/implicit ID token.
Multiple values are space-separated and represented here as an array.
public string[]? ResponseType { get; init; }
Property Value
Remarks
Deliberately not constrained by a declarative value list: authorization response processors are registered per flow (the implicit flow is off by default), and the flow validator rejects an unsupported part with the protocol-level unsupported response type error.
AuthorizationRequest.Scope Property
The requested scopes, which specify the access privileges requested as part of the authorization. Common scopes include 'openid', 'profile', 'email', 'phone', 'address', and 'offline_access'.
public string[] Scope { get; init; }
Property Value
AuthorizationRequest.State Property
The opaque state value (RFC 6749 §4.1.1) returned unchanged in the authorization response
so the client can correlate request and response and protect against cross-site request forgery.
public string? State { get; init; }
Property Value
AuthorizationRequest.UiLocales Property
The OIDC ui_locales parameter (OIDC Core §3.1.2.1), a preference-ordered list of BCP 47 language tags
that the client wishes the authorization UI to be rendered in.
public System.Globalization.CultureInfo[]? UiLocales { get; init; }