BackChannelAuthenticationRequest Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Model
BackChannelAuthenticationRequest Class
Parameters of a Client-Initiated Backchannel Authentication (CIBA) request as defined in
OpenID Connect Client-Initiated Backchannel Authentication Flow Core 1.0 §7. The client posts these to
the backchannel_authentication_endpoint to ask the OP to authenticate the end-user asynchronously
(out of band, on a separate device); the OP returns a auth_req_id the client then redeems
at the token endpoint via the urn:openid:params:grant-type:ciba grant.
public record BackChannelAuthenticationRequest : System.IEquatable<Abblix.Oidc.Server.Model.BackChannelAuthenticationRequest>
Inheritance System.Object → BackChannelAuthenticationRequest
Implements System.IEquatable<BackChannelAuthenticationRequest>
Properties
BackChannelAuthenticationRequest.AcrValues Property
A list of requested Authentication Context Class References (ACRs) that the client wishes to be used for authentication. ACR values indicate the level of authentication strength required, such as multifactor authentication or biometric verification.
public string[]? AcrValues { get; init; }
Property Value
BackChannelAuthenticationRequest.AuthorizationDetails Property
RFC 9396 §3 Rich Authorization Requests array stored as the raw wire
System.Text.Json.Nodes.JsonArray. CIBA flows accept authorization_details by spec
reference; the array carries through to the eventual access token issued via the
CIBA grant byte-exact (member order and type-specific payload preserved).
public System.Text.Json.Nodes.JsonArray? AuthorizationDetails { get; init; }
Property Value
System.Text.Json.Nodes.JsonArray
BackChannelAuthenticationRequest.BindingMessage Property
A human-readable message intended to be shown to the user, providing context or instructions for the authentication process. This message is often used to help the user understand the purpose of the authentication request.
public string? BindingMessage { get; init; }
Property Value
BackChannelAuthenticationRequest.Claims Property
The detailed request for specific claims (user attributes) to be included in the ID token or returned from the UserInfo endpoint.
public Abblix.Oidc.Server.Model.RequestedClaims? Claims { get; init; }
Property Value
BackChannelAuthenticationRequest.ClientNotificationToken Property
A token issued by the client that the authorization server uses to notify the client about the result of the authentication request. This token allows the authorization server to securely deliver the authentication result to the client.
public string? ClientNotificationToken { get; init; }
Property Value
BackChannelAuthenticationRequest.IdTokenHint Property
An ID token previously issued to the client, used as a hint to identify the user for authentication. The ID token hint can be used by the authorization server to verify the user's identity without requiring re-authentication.
public string? IdTokenHint { get; init; }
Property Value
BackChannelAuthenticationRequest.LoginHint Property
A hint about the user's login identifier (such as email or username), used by the authorization server to identify the user for authentication. This can help streamline the authentication process by pre-filling the user's information.
public string? LoginHint { get; init; }
Property Value
BackChannelAuthenticationRequest.LoginHintToken Property
A token used to pass a hint about the login identifier to the authorization server. This token is typically used to identify the user for the authentication process.
public string? LoginHintToken { get; init; }
Property Value
BackChannelAuthenticationRequest.Request Property
An optional parameter that contains a signed JWT (JSON Web Token) which encodes the entire authentication request. This JWT can be used to pass the authentication request parameters in a compact and secure manner. It allows the client to include all necessary request information without relying on query parameters or other HTTP mechanisms. The request parameter can also be used to sign and optionally encrypt the entire request, providing additional security for sensitive data.
public string? Request { get; init; }
Property Value
BackChannelAuthenticationRequest.RequestedExpiry Property
An optional parameter that specifies the requested expiry time for the authentication request. This defines how long the authentication request remains valid before it expires.
public System.Nullable<System.TimeSpan> RequestedExpiry { get; init; }
Property Value
System.Nullable<System.TimeSpan>
BackChannelAuthenticationRequest.Resources Property
Specifies the resource for which the access token is requested. As defined in RFC 8707, this parameter is used to request access tokens with a specific scope for a particular resource.
public System.Uri[]? Resources { get; set; }
Property Value
BackChannelAuthenticationRequest.Scope Property
A space-separated list of scopes requested by the client. Scopes define the level of access requested by the client and the types of information that the client wants to retrieve from the user's account.
public string[] Scope { get; init; }
Property Value
BackChannelAuthenticationRequest.UserCode Property
A user code provided by the user, typically as a reference for the authentication request. This code is often used in scenarios where the user is identified by a code that they provide to the client.
public string? UserCode { get; init; }