Skip to main content

ClientRegistrationResponse Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Model

ClientRegistrationResponse Class

The response returned from the client registration endpoint per RFC 7591 §3.2.1 and OIDC Dynamic Client Registration §3.2, echoing the registered metadata together with server-issued credentials and the URL of the client configuration endpoint (RFC 7592) for subsequent management operations. Unregistered metadata is omitted from the JSON per RFC 7591 §3.2.1, not emitted as an explicit null.

public record ClientRegistrationResponse : System.IEquatable<Abblix.Oidc.Server.Model.ClientRegistrationResponse>

Inheritance System.Object → ClientRegistrationResponse

Implements System.IEquatable<ClientRegistrationResponse>

Properties

ClientRegistrationResponse.ApplicationType Property

The type of application for which the client is registered (web, native). Optional — server may assign a default. Per RFC 7591 §2.

public string? ApplicationType { get; init; }

Property Value

System.String

ClientRegistrationResponse.AuthorizationDetailsTypes Property

The per-client allowlist of authorization-detail type values this client may use in RFC 9396 Rich Authorization Requests (authorization_details_types, RFC 9396 §5.1). Echoes the registered value of AuthorizationDetailsTypes.

public string[]? AuthorizationDetailsTypes { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.ClientId Property

The unique Client Identifier. It must not be currently valid for any other registered client. This identifier is critical for client identification and for securing client-to-server communication.

public string ClientId { get; init; }

Property Value

System.String

ClientRegistrationResponse.ClientIdIssuedAt Property

The time at which the Client Identifier was issued. Represented as the number of seconds since Unix Epoch (1970-01-01T0:0:0Z) in UTC.

public System.Nullable<System.DateTimeOffset> ClientIdIssuedAt { get; init; }

Property Value

System.Nullable<System.DateTimeOffset>

ClientRegistrationResponse.ClientName Property

The human-readable name of the client. Optional client metadata. Per RFC 7591 §2.

public string? ClientName { get; init; }

Property Value

System.String

ClientRegistrationResponse.ClientSecret Property

The client secret. This value must not be assigned to multiple clients and is used for authenticating the client with the server.

public string? ClientSecret { get; init; }

Property Value

System.String

ClientRegistrationResponse.ClientSecretExpiresAt Property

The time at which the client_secret will expire. Represented as the number of seconds since Unix Epoch (1970-01-01T0:0:0Z) in UTC. A value of 0 indicates that the secret does not expire.

public System.DateTimeOffset ClientSecretExpiresAt { get; init; }

Property Value

System.DateTimeOffset

ClientRegistrationResponse.Contacts Property

Array of contact email addresses for people responsible for this client. Optional. Per RFC 7591 §2.

public string[]? Contacts { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.DpopBoundAccessTokens Property

Whether access tokens issued to this client are sender-constrained via DPoP per RFC 9449 §5.2 (dpop_bound_access_tokens). Echoes the registered value of ClientInfo.RequireDPoP.

public System.Nullable<bool> DpopBoundAccessTokens { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationResponse.GrantTypes Property

The registered grant types, including server-assigned defaults. Per RFC 7591 §2/§3.2.1.

public string[]? GrantTypes { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.InitiateLoginUri Property

The URI for initiating the client's login process.

public System.Uri? InitiateLoginUri { get; init; }

Property Value

System.Uri

ClientRegistrationResponse.IntrospectionEncryptedResponseAlg Property

JWE alg algorithm for encrypting introspection responses. Optional. Per RFC 9701 §6.

public string? IntrospectionEncryptedResponseAlg { get; init; }

Property Value

System.String

ClientRegistrationResponse.IntrospectionEncryptedResponseEnc Property

JWE enc algorithm for encrypting introspection responses. Optional. Per RFC 9701 §6.

public string? IntrospectionEncryptedResponseEnc { get; init; }

Property Value

System.String

ClientRegistrationResponse.IntrospectionSignedResponseAlg Property

JWS algorithm for signing introspection responses. Optional. Per RFC 9701 §6.

public string? IntrospectionSignedResponseAlg { get; init; }

Property Value

System.String

ClientRegistrationResponse.JwksUri Property

URL for the client's JSON Web Key Set document. Optional. Per RFC 7591 §2.

public System.Uri? JwksUri { get; init; }

Property Value

System.Uri

ClientRegistrationResponse.LogoUri Property

URL that references a logo for the client. Optional. Per RFC 7591 §2.

public System.Uri? LogoUri { get; init; }

Property Value

System.Uri

ClientRegistrationResponse.RedirectUris Property

The URIs where the client expects to receive responses after user authentication. Per RFC 7591 §2.

public System.Uri[]? RedirectUris { get; init; }

Property Value

System.Uri[]

ClientRegistrationResponse.RegistrationAccessToken Property

The registration access token that can be used at the Client Configuration Endpoint to perform subsequent operations on the client registration.

public string? RegistrationAccessToken { get; init; }

Property Value

System.String

ClientRegistrationResponse.RegistrationClientUri Property

The location of the Client Configuration Endpoint where the registration access token can be used for subsequent operations.

public System.Uri? RegistrationClientUri { get; init; }

Property Value

System.Uri

ClientRegistrationResponse.RequestUris Property

Array of request_uri values pre-registered by the client. Optional. Per OpenID Connect Core §6.2.

public System.Uri[]? RequestUris { get; init; }

Property Value

System.Uri[]

ClientRegistrationResponse.RequirePushedAuthorizationRequests Property

Whether PAR is the only way this client may start an authorization flow per RFC 9126 §6. Echoes ClientInfo.RequirePushedAuthorizationRequests.

public System.Nullable<bool> RequirePushedAuthorizationRequests { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationResponse.RequireSignedRequestObject Property

Whether this client must deliver authorization parameters as a signed request object per RFC 9101 §10.5. Echoes ClientInfo.RequireSignedRequestObject.

public System.Nullable<bool> RequireSignedRequestObject { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationResponse.ResponseTypes Property

The registered response type combinations (each entry space-separated), including server-assigned defaults. Per RFC 7591 §2/§3.2.1.

public string[][]? ResponseTypes { get; init; }

Property Value

System.String[][]

ClientRegistrationResponse.Scope Property

The registered scope values per RFC 7591 Section 2.

public string[]? Scope { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.SectorIdentifierUri Property

URL using https scheme used in calculating pseudonymous identifiers for pairwise subject type. Optional. Per OpenID Connect Core §8.1.

public System.Uri? SectorIdentifierUri { get; init; }

Property Value

System.Uri

ClientRegistrationResponse.SoftwareId Property

The software identifier per RFC 7591 Section 2.

public string? SoftwareId { get; init; }

Property Value

System.String

ClientRegistrationResponse.SoftwareStatement Property

The software statement JWT echoed back per RFC 7591 Section 3.2.1.

public string? SoftwareStatement { get; init; }

Property Value

System.String

ClientRegistrationResponse.SoftwareVersion Property

The software version per RFC 7591 Section 2.

public string? SoftwareVersion { get; init; }

Property Value

System.String

ClientRegistrationResponse.SubjectType Property

The type of subject identifier used (public, pairwise). Optional. Per OpenID Connect Core §8.

public string? SubjectType { get; init; }

Property Value

System.String

ClientRegistrationResponse.TlsClientAuthSanDns Property

Required DNS Subject Alternative Names for tls_client_auth per RFC 8705.

public string[]? TlsClientAuthSanDns { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.TlsClientAuthSanEmail Property

Required email Subject Alternative Names for tls_client_auth per RFC 8705.

public string[]? TlsClientAuthSanEmail { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.TlsClientAuthSanIp Property

Required IP Subject Alternative Names for tls_client_auth per RFC 8705.

public string[]? TlsClientAuthSanIp { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.TlsClientAuthSanUri Property

Required URI Subject Alternative Names for tls_client_auth per RFC 8705.

public System.Uri[]? TlsClientAuthSanUri { get; init; }

Property Value

System.Uri[]

ClientRegistrationResponse.TlsClientAuthSubjectDn Property

Exact Subject Distinguished Name required when using tls_client_auth per RFC 8705.

public string? TlsClientAuthSubjectDn { get; init; }

Property Value

System.String

ClientRegistrationResponse.TlsClientCertificateBoundAccessTokens Property

Whether access tokens are certificate-bound whenever the token request arrives over mutual TLS per RFC 8705 §3.4. Echoes ClientInfo.TlsClientCertificateBoundAccessTokens.

public System.Nullable<bool> TlsClientCertificateBoundAccessTokens { get; init; }

Property Value

System.Nullable<System.Boolean>

ClientRegistrationResponse.TokenEndpointAuthMethod Property

The authentication method used by the client at the token endpoint. Possible values include "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "tls_client_auth", "self_signed_tls_client_auth", or "none". Per OpenID Connect Dynamic Client Registration Section 2.

public string? TokenEndpointAuthMethod { get; init; }

Property Value

System.String

ClientRegistrationResponse.TokenExchangeAudiences Property

Non-standard extension: default-deny per-client allowlist of RFC 8693 audience values this client may request when exchanging a token. Echoes TokenExchangeAllowedAudiences.

public string[]? TokenExchangeAudiences { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.TokenExchangeSubjectTokenTypes Property

Non-standard extension: per-client allowlist of RFC 8693 subject_token_type URIs this client may submit to the Token Exchange grant. Echoes TokenExchangeAllowedSubjectTokenTypes.

public string[]? TokenExchangeSubjectTokenTypes { get; init; }

Property Value

System.String[]

ClientRegistrationResponse.UserInfoEncryptedResponseAlg Property

JWE alg algorithm for encrypting UserInfo responses. Optional. Per OpenID Connect Core §5.6.2.

public string? UserInfoEncryptedResponseAlg { get; init; }

Property Value

System.String

ClientRegistrationResponse.UserInfoEncryptedResponseEnc Property

JWE enc algorithm for encrypting UserInfo responses. Optional. Per OpenID Connect Core §5.6.2.

public string? UserInfoEncryptedResponseEnc { get; init; }

Property Value

System.String