Skip to main content

BackChannelAuthenticationRequest Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Model

BackChannelAuthenticationRequest Class

Parameters of a Client-Initiated Backchannel Authentication (CIBA) request as defined in OpenID Connect Client-Initiated Backchannel Authentication Flow Core 1.0 §7. The client posts these to the backchannel_authentication_endpoint to ask the OP to authenticate the end-user asynchronously (out of band, on a separate device); the OP returns a auth_req_id the client then redeems at the token endpoint via the urn:openid:params:grant-type:ciba grant.

public record BackChannelAuthenticationRequest : System.IEquatable<Abblix.Oidc.Server.Model.BackChannelAuthenticationRequest>

Inheritance System.Object → BackChannelAuthenticationRequest

Implements System.IEquatable<BackChannelAuthenticationRequest>

Properties

BackChannelAuthenticationRequest.AcrValues Property

A list of requested Authentication Context Class References (ACRs) that the client wishes to be used for authentication. ACR values indicate the level of authentication strength required, such as multifactor authentication or biometric verification.

public string[]? AcrValues { get; init; }

Property Value

System.String[]

BackChannelAuthenticationRequest.AuthorizationDetails Property

RFC 9396 §3 Rich Authorization Requests array stored as the raw wire System.Text.Json.Nodes.JsonArray. CIBA flows accept authorization_details by spec reference; the array carries through to the eventual access token issued via the CIBA grant byte-exact (member order and type-specific payload preserved).

public System.Text.Json.Nodes.JsonArray? AuthorizationDetails { get; init; }

Property Value

System.Text.Json.Nodes.JsonArray

BackChannelAuthenticationRequest.BindingMessage Property

A human-readable message intended to be shown to the user, providing context or instructions for the authentication process. This message is often used to help the user understand the purpose of the authentication request.

public string? BindingMessage { get; init; }

Property Value

System.String

BackChannelAuthenticationRequest.Claims Property

The detailed request for specific claims (user attributes) to be included in the ID token or returned from the UserInfo endpoint.

public Abblix.Oidc.Server.Model.RequestedClaims? Claims { get; init; }

Property Value

RequestedClaims

BackChannelAuthenticationRequest.ClientNotificationToken Property

A token issued by the client that the authorization server uses to notify the client about the result of the authentication request. This token allows the authorization server to securely deliver the authentication result to the client.

public string? ClientNotificationToken { get; init; }

Property Value

System.String

BackChannelAuthenticationRequest.IdTokenHint Property

An ID token previously issued to the client, used as a hint to identify the user for authentication. The ID token hint can be used by the authorization server to verify the user's identity without requiring re-authentication.

public string? IdTokenHint { get; init; }

Property Value

System.String

BackChannelAuthenticationRequest.LoginHint Property

A hint about the user's login identifier (such as email or username), used by the authorization server to identify the user for authentication. This can help streamline the authentication process by pre-filling the user's information.

public string? LoginHint { get; init; }

Property Value

System.String

BackChannelAuthenticationRequest.LoginHintToken Property

A token used to pass a hint about the login identifier to the authorization server. This token is typically used to identify the user for the authentication process.

public string? LoginHintToken { get; init; }

Property Value

System.String

BackChannelAuthenticationRequest.Request Property

An optional parameter that contains a signed JWT (JSON Web Token) which encodes the entire authentication request. This JWT can be used to pass the authentication request parameters in a compact and secure manner. It allows the client to include all necessary request information without relying on query parameters or other HTTP mechanisms. The request parameter can also be used to sign and optionally encrypt the entire request, providing additional security for sensitive data.

public string? Request { get; init; }

Property Value

System.String

BackChannelAuthenticationRequest.RequestedExpiry Property

An optional parameter that specifies the requested expiry time for the authentication request. This defines how long the authentication request remains valid before it expires.

public System.Nullable<System.TimeSpan> RequestedExpiry { get; init; }

Property Value

System.Nullable<System.TimeSpan>

BackChannelAuthenticationRequest.Resources Property

Specifies the resource for which the access token is requested. As defined in RFC 8707, this parameter is used to request access tokens with a specific scope for a particular resource.

public System.Uri[]? Resources { get; set; }

Property Value

System.Uri[]

BackChannelAuthenticationRequest.Scope Property

A space-separated list of scopes requested by the client. Scopes define the level of access requested by the client and the types of information that the client wants to retrieve from the user's account.

public string[] Scope { get; init; }

Property Value

System.String[]

BackChannelAuthenticationRequest.UserCode Property

A user code provided by the user, typically as a reference for the authentication request. This code is often used in scenarios where the user is identified by a code that they provide to the client.

public string? UserCode { get; init; }

Property Value

System.String