ClientRegistrationRequest.Parameters Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Model.ClientRegistrationRequest
ClientRegistrationRequest.Parameters Class
Wire-level parameter names for the dynamic client registration request (RFC 7591 and OpenID Connect Dynamic Client Registration 1.0). Each constant is the JSON member name expected on the registration payload sent to the registration endpoint.
public static class ClientRegistrationRequest.Parameters
Inheritance System.Object → Parameters
Fields
ClientRegistrationRequest.Parameters.ApplicationType Field
The application_type registration parameter that classifies the client as
a web or native application.
public const string ApplicationType = "application_type";
Field Value
ClientRegistrationRequest.Parameters.AuthorizationDetailsTypes Field
The authorization_details_types registration parameter (RFC 9396 §5.1):
per-client allowlist of authorization-detail type values this client may use in
Rich Authorization Requests.
public const string AuthorizationDetailsTypes = "authorization_details_types";
Field Value
ClientRegistrationRequest.Parameters.AuthorizationEncryptedResponseAlg Field
The authorization_encrypted_response_alg registration parameter naming the JWE
key-management algorithm used when encrypting JARM authorization responses.
public const string AuthorizationEncryptedResponseAlg = "authorization_encrypted_response_alg";
Field Value
ClientRegistrationRequest.Parameters.AuthorizationEncryptedResponseEnc Field
The authorization_encrypted_response_enc registration parameter naming the JWE
content-encryption algorithm for JARM authorization responses.
public const string AuthorizationEncryptedResponseEnc = "authorization_encrypted_response_enc";
Field Value
ClientRegistrationRequest.Parameters.AuthorizationSignedResponseAlg Field
The authorization_signed_response_alg registration parameter naming the JWS algorithm
the OP must use to sign JARM authorization responses for this client.
public const string AuthorizationSignedResponseAlg = "authorization_signed_response_alg";
Field Value
ClientRegistrationRequest.Parameters.BackChannelAuthenticationRequestSigningAlg Field
The backchannel_authentication_request_signing_alg CIBA registration parameter
naming the JWS algorithm used to sign backchannel authentication requests.
public const string BackChannelAuthenticationRequestSigningAlg = "backchannel_authentication_request_signing_alg";
Field Value
ClientRegistrationRequest.Parameters.BackChannelClientNotificationEndpoint Field
The backchannel_client_notification_endpoint CIBA registration parameter
providing the URL at which the OP delivers ping or push notifications.
public const string BackChannelClientNotificationEndpoint = "backchannel_client_notification_endpoint";
Field Value
ClientRegistrationRequest.Parameters.BackChannelLogoutSessionRequired Field
The backchannel_logout_session_required registration parameter; when true,
the OP must include the sid claim in the logout token.
public const string BackChannelLogoutSessionRequired = "backchannel_logout_session_required";
Field Value
ClientRegistrationRequest.Parameters.BackChannelLogoutUri Field
The backchannel_logout_uri registration parameter pointing to the client's
back-channel logout endpoint.
public const string BackChannelLogoutUri = "backchannel_logout_uri";
Field Value
ClientRegistrationRequest.Parameters.BackChannelTokenDeliveryMode Field
The backchannel_token_delivery_mode CIBA registration parameter selecting how
tokens are delivered (poll, ping, or push).
public const string BackChannelTokenDeliveryMode = "backchannel_token_delivery_mode";
Field Value
ClientRegistrationRequest.Parameters.BackChannelUserCodeParameter Field
The backchannel_user_code_parameter CIBA registration parameter; when true,
the client may submit a user code with backchannel authentication requests.
public const string BackChannelUserCodeParameter = "backchannel_user_code_parameter";
Field Value
ClientRegistrationRequest.Parameters.ClientId Field
The client_id registration parameter; a client-proposed identifier that the OP
may accept or ignore.
public const string ClientId = "client_id";
Field Value
ClientRegistrationRequest.Parameters.ClientName Field
The client_name registration parameter providing a human-readable display name
shown to end-users on consent screens.
public const string ClientName = "client_name";
Field Value
ClientRegistrationRequest.Parameters.ClientUri Field
The client_uri registration parameter pointing to the client application's
home page.
public const string ClientUri = "client_uri";
Field Value
ClientRegistrationRequest.Parameters.Contacts Field
The contacts registration parameter listing email addresses of people
responsible for the client.
public const string Contacts = "contacts";
Field Value
ClientRegistrationRequest.Parameters.DefaultAcrValues Field
The default_acr_values registration parameter listing default Authentication
Context Class Reference values applied when the request omits acr_values.
public const string DefaultAcrValues = "default_acr_values";
Field Value
ClientRegistrationRequest.Parameters.DefaultMaxAge Field
The default_max_age registration parameter specifying the default maximum
authentication age (in seconds) for authorization requests from this client.
public const string DefaultMaxAge = "default_max_age";
Field Value
ClientRegistrationRequest.Parameters.DpopBoundAccessTokens Field
The dpop_bound_access_tokens registration parameter (RFC 9449 §5.2) requiring
DPoP-bound access tokens for this client.
public const string DpopBoundAccessTokens = "dpop_bound_access_tokens";
Field Value
ClientRegistrationRequest.Parameters.FrontChannelLogoutSessionRequired Field
The frontchannel_logout_session_required registration parameter; when true,
the OP must append iss and sid parameters to the front-channel logout URI.
public const string FrontChannelLogoutSessionRequired = "frontchannel_logout_session_required";
Field Value
ClientRegistrationRequest.Parameters.FrontChannelLogoutUri Field
The frontchannel_logout_uri registration parameter pointing to the client's
front-channel logout endpoint.
public const string FrontChannelLogoutUri = "frontchannel_logout_uri";
Field Value
ClientRegistrationRequest.Parameters.GrantTypes Field
The grant_types registration parameter declaring the grant type values the
client will use at the token endpoint.
public const string GrantTypes = "grant_types";
Field Value
ClientRegistrationRequest.Parameters.IdTokenEncryptedResponseAlg Field
The id_token_encrypted_response_alg registration parameter naming the JWE
key-management algorithm used when encrypting ID Tokens.
public const string IdTokenEncryptedResponseAlg = "id_token_encrypted_response_alg";
Field Value
ClientRegistrationRequest.Parameters.IdTokenEncryptedResponseEnc Field
The id_token_encrypted_response_enc registration parameter naming the JWE
content-encryption algorithm used with the key-management algorithm above.
public const string IdTokenEncryptedResponseEnc = "id_token_encrypted_response_enc";
Field Value
ClientRegistrationRequest.Parameters.IdTokenSignedResponseAlg Field
The id_token_signed_response_alg registration parameter naming the JWS algorithm
the OP must use to sign ID Tokens for this client.
public const string IdTokenSignedResponseAlg = "id_token_signed_response_alg";
Field Value
ClientRegistrationRequest.Parameters.InitiateLoginUri Field
The initiate_login_uri registration parameter pointing to a URL the OP may
invoke to initiate a login flow at the client.
public const string InitiateLoginUri = "initiate_login_uri";
Field Value
ClientRegistrationRequest.Parameters.IntrospectionEncryptedResponseAlg Field
The introspection_encrypted_response_alg registration parameter (RFC 9701) naming the JWE
key-management algorithm used when encrypting introspection responses.
public const string IntrospectionEncryptedResponseAlg = "introspection_encrypted_response_alg";
Field Value
ClientRegistrationRequest.Parameters.IntrospectionEncryptedResponseEnc Field
The introspection_encrypted_response_enc registration parameter (RFC 9701) naming the JWE
content-encryption algorithm for introspection responses.
public const string IntrospectionEncryptedResponseEnc = "introspection_encrypted_response_enc";
Field Value
ClientRegistrationRequest.Parameters.IntrospectionSignedResponseAlg Field
The introspection_signed_response_alg registration parameter (RFC 9701) naming the JWS
algorithm the OP must use when signing introspection responses for this client.
public const string IntrospectionSignedResponseAlg = "introspection_signed_response_alg";
Field Value
ClientRegistrationRequest.Parameters.Jwks Field
The jwks registration parameter carrying the client's JSON Web Key Set inline.
public const string Jwks = "jwks";
Field Value
ClientRegistrationRequest.Parameters.JwksUri Field
The jwks_uri registration parameter referencing the client's published JSON Web
Key Set.
public const string JwksUri = "jwks_uri";
Field Value
ClientRegistrationRequest.Parameters.LogoUri Field
The logo_uri registration parameter pointing to an image rendered next to the
client name during authentication and consent.
public const string LogoUri = "logo_uri";
Field Value
ClientRegistrationRequest.Parameters.OfflineAccessAllowed Field
The offline_access_allowed registration parameter (server extension) controlling
whether the client may request the offline_access scope and obtain refresh tokens.
public const string OfflineAccessAllowed = "offline_access_allowed";
Field Value
ClientRegistrationRequest.Parameters.PkceRequired Field
The pkce_required registration parameter (server extension) marking the client
as PKCE-only at the authorization endpoint.
public const string PkceRequired = "pkce_required";
Field Value
ClientRegistrationRequest.Parameters.PolicyUri Field
The policy_uri registration parameter pointing to the client's privacy policy.
public const string PolicyUri = "policy_uri";
Field Value
ClientRegistrationRequest.Parameters.PostLogoutRedirectUris Field
The post_logout_redirect_uris registration parameter listing absolute URIs the
OP may redirect to after RP-initiated logout.
public const string PostLogoutRedirectUris = "post_logout_redirect_uris";
Field Value
ClientRegistrationRequest.Parameters.RedirectUris Field
The redirect_uris registration parameter listing the absolute URIs the OP may
use to deliver authorization responses to this client.
public const string RedirectUris = "redirect_uris";
Field Value
ClientRegistrationRequest.Parameters.RequestObjectEncryptionAlg Field
The request_object_encryption_alg registration parameter naming the JWE
key-management algorithm used when encrypting Request Objects.
public const string RequestObjectEncryptionAlg = "request_object_encryption_alg";
Field Value
ClientRegistrationRequest.Parameters.RequestObjectEncryptionEnc Field
The request_object_encryption_enc registration parameter naming the JWE
content-encryption algorithm for Request Objects.
public const string RequestObjectEncryptionEnc = "request_object_encryption_enc";
Field Value
ClientRegistrationRequest.Parameters.RequestObjectSigningAlg Field
The request_object_signing_alg registration parameter naming the JWS algorithm
the client uses when signing Request Objects.
public const string RequestObjectSigningAlg = "request_object_signing_alg";
Field Value
ClientRegistrationRequest.Parameters.RequestUris Field
The request_uris registration parameter listing URIs the OP may pre-fetch and
cache for use as request_uri values.
public const string RequestUris = "request_uris";
Field Value
ClientRegistrationRequest.Parameters.RequireAuthTime Field
The require_auth_time registration parameter; when true, the OP must
always include the auth_time claim in ID Tokens for this client.
public const string RequireAuthTime = "require_auth_time";
Field Value
ClientRegistrationRequest.Parameters.RequirePushedAuthorizationRequests Field
The require_pushed_authorization_requests registration parameter (RFC 9126 §6)
making PAR the only way this client may start an authorization flow.
public const string RequirePushedAuthorizationRequests = "require_pushed_authorization_requests";
Field Value
ClientRegistrationRequest.Parameters.RequireSignedRequestObject Field
The require_signed_request_object registration parameter (RFC 9101 §10.5)
committing this client to signed request objects.
public const string RequireSignedRequestObject = "require_signed_request_object";
Field Value
ClientRegistrationRequest.Parameters.ResponseTypes Field
The response_types registration parameter declaring the response type values
the client intends to use at the authorization endpoint.
public const string ResponseTypes = "response_types";
Field Value
ClientRegistrationRequest.Parameters.Scope Field
The scope registration parameter listing scope values the client will use
(space-separated per RFC 7591 §2).
public const string Scope = "scope";
Field Value
ClientRegistrationRequest.Parameters.SectorIdentifierUri Field
The sector_identifier_uri registration parameter used when computing pairwise
pseudonymous subject identifiers.
public const string SectorIdentifierUri = "sector_identifier_uri";
Field Value
ClientRegistrationRequest.Parameters.SoftwareId Field
The software_id registration parameter identifying the client software product.
public const string SoftwareId = "software_id";
Field Value
ClientRegistrationRequest.Parameters.SoftwareStatement Field
The software_statement registration parameter carrying a signed JWT assertion
of metadata values about the client software (RFC 7591 §2.3).
public const string SoftwareStatement = "software_statement";
Field Value
ClientRegistrationRequest.Parameters.SoftwareVersion Field
The software_version registration parameter naming the client software version.
public const string SoftwareVersion = "software_version";
Field Value
ClientRegistrationRequest.Parameters.SubjectType Field
The subject_type registration parameter selecting public or pairwise
ID Token sub values.
public const string SubjectType = "subject_type";
Field Value
ClientRegistrationRequest.Parameters.TlsClientAuthSanDns Field
The tls_client_auth_san_dns registration parameter (RFC 8705) carrying expected
DNS Subject Alternative Names on the client's mTLS certificate.
public const string TlsClientAuthSanDns = "tls_client_auth_san_dns";
Field Value
ClientRegistrationRequest.Parameters.TlsClientAuthSanEmail Field
The tls_client_auth_san_email registration parameter (RFC 8705) carrying expected
email Subject Alternative Names on the client's mTLS certificate.
public const string TlsClientAuthSanEmail = "tls_client_auth_san_email";
Field Value
ClientRegistrationRequest.Parameters.TlsClientAuthSanIp Field
The tls_client_auth_san_ip registration parameter (RFC 8705) carrying expected
IP-address Subject Alternative Names on the client's mTLS certificate.
public const string TlsClientAuthSanIp = "tls_client_auth_san_ip";
Field Value
ClientRegistrationRequest.Parameters.TlsClientAuthSanUri Field
The tls_client_auth_san_uri registration parameter (RFC 8705) carrying expected
URI Subject Alternative Names on the client's mTLS certificate.
public const string TlsClientAuthSanUri = "tls_client_auth_san_uri";
Field Value
ClientRegistrationRequest.Parameters.TlsClientAuthSubjectDn Field
The tls_client_auth_subject_dn registration parameter (RFC 8705) carrying the
expected Subject Distinguished Name on the client's mTLS certificate.
public const string TlsClientAuthSubjectDn = "tls_client_auth_subject_dn";
Field Value
ClientRegistrationRequest.Parameters.TlsClientCertificateBoundAccessTokens Field
The tls_client_certificate_bound_access_tokens registration parameter
(RFC 8705 §3.4) requesting certificate-bound access tokens independently of the
authentication method.
public const string TlsClientCertificateBoundAccessTokens = "tls_client_certificate_bound_access_tokens";
Field Value
ClientRegistrationRequest.Parameters.TokenEndpointAuthMethod Field
The token_endpoint_auth_method registration parameter selecting the client
authentication method used at the token endpoint.
public const string TokenEndpointAuthMethod = "token_endpoint_auth_method";
Field Value
ClientRegistrationRequest.Parameters.TokenEndpointAuthSigningAlg Field
The token_endpoint_auth_signing_alg registration parameter naming the JWS
algorithm used when the client authenticates with a signed JWT assertion.
public const string TokenEndpointAuthSigningAlg = "token_endpoint_auth_signing_alg";
Field Value
ClientRegistrationRequest.Parameters.TokenExchangeAudiences Field
The token_exchange_audiences registration parameter
(non-standard extension; RFC 8693 does not standardise it): default-deny per-client
allowlist of audience values this client may request when exchanging a token.
public const string TokenExchangeAudiences = "token_exchange_audiences";
Field Value
ClientRegistrationRequest.Parameters.TokenExchangeSubjectTokenTypes Field
The token_exchange_subject_token_types registration parameter
(non-standard extension; RFC 8693 does not standardise it): per-client allowlist of
subject_token_type URIs this client may submit to the Token Exchange grant.
public const string TokenExchangeSubjectTokenTypes = "token_exchange_subject_token_types";
Field Value
ClientRegistrationRequest.Parameters.TosUri Field
The tos_uri registration parameter pointing to the client's terms of service.
public const string TosUri = "tos_uri";
Field Value
ClientRegistrationRequest.Parameters.UserInfoEncryptedResponseAlg Field
The userinfo_encrypted_response_alg registration parameter naming the JWE
key-management algorithm used when encrypting UserInfo responses.
public const string UserInfoEncryptedResponseAlg = "userinfo_encrypted_response_alg";
Field Value
ClientRegistrationRequest.Parameters.UserInfoEncryptedResponseEnc Field
The userinfo_encrypted_response_enc registration parameter naming the JWE
content-encryption algorithm for UserInfo responses.
public const string UserInfoEncryptedResponseEnc = "userinfo_encrypted_response_enc";
Field Value
ClientRegistrationRequest.Parameters.UserInfoSignedResponseAlg Field
The userinfo_signed_response_alg registration parameter naming the JWS algorithm
the OP must use when signing UserInfo responses for this client.
public const string UserInfoSignedResponseAlg = "userinfo_signed_response_alg";