Skip to main content

AuthorizationRequest Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Model

AuthorizationRequest Class

The set of parameters carried by an OAuth 2.0 / OpenID Connect authorization request to the authorization_endpoint as defined in RFC 6749 §4.1.1 and OpenID Connect Core 1.0 §3.1.2.1. Parameters are bound from query string, form body, or a Request Object passed via Request / RequestUri (OIDC Core §6).

public record AuthorizationRequest : System.IEquatable<Abblix.Oidc.Server.Model.AuthorizationRequest>

Inheritance System.Object → AuthorizationRequest

Implements System.IEquatable<AuthorizationRequest>

Properties

AuthorizationRequest.AcrValues Property

The OIDC acr_values (OIDC Core §3.1.2.1), a preference-ordered list of Authentication Context Class Reference values that the client requests the authorization server to satisfy during authentication.

public string[]? AcrValues { get; init; }

Property Value

System.String[]

AuthorizationRequest.AuthorizationDetails Property

RFC 9396 Rich Authorization Requests stored as the raw wire System.Text.Json.Nodes.JsonArray so member order and type-specific payload survive the request → grant → token round-trip without re-serialisation.

public System.Text.Json.Nodes.JsonArray? AuthorizationDetails { get; init; }

Property Value

System.Text.Json.Nodes.JsonArray

AuthorizationRequest.Claims Property

The detailed request for specific claims (user attributes) to be included in the ID token or returned from the UserInfo endpoint.

public Abblix.Oidc.Server.Model.RequestedClaims? Claims { get; init; }

Property Value

RequestedClaims

AuthorizationRequest.ClaimsLocales Property

The OIDC claims_locales parameter (OIDC Core §5.2), preference-ordered BCP 47 language tags the client prefers when claims are returned in localized form.

public System.Globalization.CultureInfo[]? ClaimsLocales { get; init; }

Property Value

System.Globalization.CultureInfo[]

AuthorizationRequest.ClientId Property

The OAuth 2.0 client_id identifying the relying party that issued the request, per RFC 6749 §4.1.1. Required for any conformant authorization request.

public string? ClientId { get; init; }

Property Value

System.String

Remarks

Deliberately not marked as required at the model level: a missing client identifier must surface as the protocol-level invalid request error produced by the core validation pipeline, not as a transport-level model-binding failure.

AuthorizationRequest.CodeChallenge Property

The PKCE code_challenge (RFC 7636 §4.3), a high-entropy value derived from the client-held code_verifier using CodeChallengeMethod. Required for public clients to defend the authorization code against interception.

public string? CodeChallenge { get; init; }

Property Value

System.String

AuthorizationRequest.CodeChallengeMethod Property

The PKCE code_challenge_method (RFC 7636 §4.3) declaring how CodeChallenge was derived from the code verifier. S256 is required by current best-practice profiles; plain is supported only for legacy compatibility.

public string? CodeChallengeMethod { get; init; }

Property Value

System.String

AuthorizationRequest.Display Property

The OIDC display parameter (OIDC Core §3.1.2.1) hinting how the authentication and consent UI should be rendered: page, popup, touch, or wap.

public string? Display { get; init; }

Property Value

System.String

AuthorizationRequest.IdTokenHint Property

The OIDC id_token_hint (OIDC Core §3.1.2.1), a previously issued ID Token used as a hint about the end-user's current or past authenticated session, typically combined with prompt=none.

public string? IdTokenHint { get; init; }

Property Value

System.String

AuthorizationRequest.LoginHint Property

The OIDC login_hint (OIDC Core §3.1.2.1) suggesting the login identifier (such as an email or phone) that the authorization server should use to pre-fill the authentication UI.

public string? LoginHint { get; init; }

Property Value

System.String

AuthorizationRequest.MaxAge Property

The OIDC max_age parameter (OIDC Core §3.1.2.1) bounding the elapsed time since the last active end-user authentication. Serialized as an integer number of seconds.

public System.Nullable<System.TimeSpan> MaxAge { get; init; }

Property Value

System.Nullable<System.TimeSpan>

AuthorizationRequest.Nonce Property

The OIDC nonce (OIDC Core §3.1.2.1) bound into the issued ID Token to prevent token replay. Required for the implicit and hybrid flows; recommended for the authorization code flow.

public string? Nonce { get; init; }

Property Value

System.String

AuthorizationRequest.Prompt Property

The OIDC prompt parameter (OIDC Core §3.1.2.1) controlling whether the authorization server re-prompts for authentication and consent. Values: none, login, consent, select_account, and the registration extension create.

public string? Prompt { get; init; }

Property Value

System.String

AuthorizationRequest.ProofKeyThumbprint Property

Client's pre-commitment to a DPoP proof-of-possession key per RFC 9449 §10 (dpop_jkt parameter): the base64url-encoded RFC 7638 JWK Thumbprint of the key the client will demonstrate at the token endpoint. Persisted with the authorization code so /token can reject mismatched proofs and close the authorization-code injection window.

public string? ProofKeyThumbprint { get; init; }

Property Value

System.String

AuthorizationRequest.PushedRequestUri Property

The pushed authorization request URN (RFC 9126) this request was resolved from, populated by the fetcher after the stored request is retrieved. Kept off the wire and out of RequestUri (whose https validation a urn: value would fail) so the single-use decorator can consume it once a code or token has been issued.

public System.Uri? PushedRequestUri { get; init; }

Property Value

System.Uri

AuthorizationRequest.RedirectUri Property

The OAuth 2.0 redirect_uri (RFC 6749 §3.1.2) where the authorization response is delivered. Must be an absolute URI and must exactly match one of the redirect URIs pre-registered for the client.

public System.Uri? RedirectUri { get; init; }

Property Value

System.Uri

AuthorizationRequest.Request Property

A JWT (JSON Web Token) that encapsulates the entire authorization request as its payload. This parameter is often used to transmit the request securely.

public string? Request { get; init; }

Property Value

System.String

AuthorizationRequest.RequestUri Property

A URI referencing the Request Object carrying the authorization request parameters as JWT claims: either an HTTPS URL hosted by the client (OpenID Connect Core §6.2) or the urn:ietf:params:oauth:request_uri: value issued by the pushed authorization request endpoint (RFC 9126 §2.2). Both forms are absolute URIs; scheme-specific rules are enforced by the request object fetchers.

public System.Uri? RequestUri { get; init; }

Property Value

System.Uri

AuthorizationRequest.Resources Property

Specifies the resource for which the access token is requested. As defined in RFC 8707, this parameter is used to request access tokens with a specific scope for a particular resource.

public System.Uri[]? Resources { get; set; }

Property Value

System.Uri[]

AuthorizationRequest.ResponseMode Property

The OAuth 2.0 response_mode parameter (OAuth 2.0 Multiple Response Types / OAuth 2.0 Form Post Response Mode) selecting how the authorization response is delivered: query, fragment, form_post, or their JARM JWT-secured variants query.jwt, fragment.jwt, form_post.jwt and jwt.

public string? ResponseMode { get; init; }

Property Value

System.String

AuthorizationRequest.ResponseType Property

The OAuth 2.0 response_type parameter (RFC 6749 §3.1.1, OIDC Core §3) that selects the grant flow: code for authorization code, token for the implicit grant access token, id_token for the hybrid/implicit ID token. Multiple values are space-separated and represented here as an array.

public string[]? ResponseType { get; init; }

Property Value

System.String[]

Remarks

Deliberately not constrained by a declarative value list: authorization response processors are registered per flow (the implicit flow is off by default), and the flow validator rejects an unsupported part with the protocol-level unsupported response type error.

AuthorizationRequest.Scope Property

The requested scopes, which specify the access privileges requested as part of the authorization. Common scopes include 'openid', 'profile', 'email', 'phone', 'address', and 'offline_access'.

public string[] Scope { get; init; }

Property Value

System.String[]

AuthorizationRequest.State Property

The opaque state value (RFC 6749 §4.1.1) returned unchanged in the authorization response so the client can correlate request and response and protect against cross-site request forgery.

public string? State { get; init; }

Property Value

System.String

AuthorizationRequest.UiLocales Property

The OIDC ui_locales parameter (OIDC Core §3.1.2.1), a preference-ordered list of BCP 47 language tags that the client wishes the authorization UI to be rendered in.

public System.Globalization.CultureInfo[]? UiLocales { get; init; }

Property Value

System.Globalization.CultureInfo[]