ClientRegistrationResponse Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Model
ClientRegistrationResponse Class
The response returned from the client registration endpoint per RFC 7591 §3.2.1 and OIDC Dynamic Client Registration §3.2, echoing the registered metadata together with server-issued credentials and the URL of the client configuration endpoint (RFC 7592) for subsequent management operations. Unregistered metadata is omitted from the JSON per RFC 7591 §3.2.1, not emitted as an explicit null.
public record ClientRegistrationResponse : System.IEquatable<Abblix.Oidc.Server.Model.ClientRegistrationResponse>
Inheritance System.Object → ClientRegistrationResponse
Implements System.IEquatable<ClientRegistrationResponse>
Properties
ClientRegistrationResponse.ApplicationType Property
The type of application for which the client is registered (web, native).
Optional — server may assign a default. Per RFC 7591 §2.
public string? ApplicationType { get; init; }
Property Value
ClientRegistrationResponse.AuthorizationDetailsTypes Property
The per-client allowlist of authorization-detail type values this client may
use in RFC 9396 Rich Authorization Requests (authorization_details_types,
RFC 9396 §5.1). Echoes the registered value of
AuthorizationDetailsTypes.
public string[]? AuthorizationDetailsTypes { get; init; }
Property Value
ClientRegistrationResponse.ClientId Property
The unique Client Identifier. It must not be currently valid for any other registered client. This identifier is critical for client identification and for securing client-to-server communication.
public string ClientId { get; init; }
Property Value
ClientRegistrationResponse.ClientIdIssuedAt Property
The time at which the Client Identifier was issued. Represented as the number of seconds since Unix Epoch (1970-01-01T0:0:0Z) in UTC.
public System.Nullable<System.DateTimeOffset> ClientIdIssuedAt { get; init; }
Property Value
System.Nullable<System.DateTimeOffset>
ClientRegistrationResponse.ClientName Property
The human-readable name of the client. Optional client metadata. Per RFC 7591 §2.
public string? ClientName { get; init; }
Property Value
ClientRegistrationResponse.ClientSecret Property
The client secret. This value must not be assigned to multiple clients and is used for authenticating the client with the server.
public string? ClientSecret { get; init; }
Property Value
ClientRegistrationResponse.ClientSecretExpiresAt Property
The time at which the client_secret will expire. Represented as the number of seconds since Unix Epoch (1970-01-01T0:0:0Z) in UTC. A value of 0 indicates that the secret does not expire.
public System.DateTimeOffset ClientSecretExpiresAt { get; init; }
Property Value
ClientRegistrationResponse.Contacts Property
Array of contact email addresses for people responsible for this client. Optional. Per RFC 7591 §2.
public string[]? Contacts { get; init; }
Property Value
ClientRegistrationResponse.DpopBoundAccessTokens Property
Whether access tokens issued to this client are sender-constrained via DPoP per
RFC 9449 §5.2 (dpop_bound_access_tokens). Echoes the registered value of
ClientInfo.RequireDPoP.
public System.Nullable<bool> DpopBoundAccessTokens { get; init; }
Property Value
System.Nullable<System.Boolean>
ClientRegistrationResponse.GrantTypes Property
The registered grant types, including server-assigned defaults. Per RFC 7591 §2/§3.2.1.
public string[]? GrantTypes { get; init; }
Property Value
ClientRegistrationResponse.InitiateLoginUri Property
The URI for initiating the client's login process.
public System.Uri? InitiateLoginUri { get; init; }
Property Value
ClientRegistrationResponse.IntrospectionEncryptedResponseAlg Property
JWE alg algorithm for encrypting introspection responses. Optional. Per RFC 9701 §6.
public string? IntrospectionEncryptedResponseAlg { get; init; }
Property Value
ClientRegistrationResponse.IntrospectionEncryptedResponseEnc Property
JWE enc algorithm for encrypting introspection responses. Optional. Per RFC 9701 §6.
public string? IntrospectionEncryptedResponseEnc { get; init; }
Property Value
ClientRegistrationResponse.IntrospectionSignedResponseAlg Property
JWS algorithm for signing introspection responses. Optional. Per RFC 9701 §6.
public string? IntrospectionSignedResponseAlg { get; init; }
Property Value
ClientRegistrationResponse.JwksUri Property
URL for the client's JSON Web Key Set document. Optional. Per RFC 7591 §2.
public System.Uri? JwksUri { get; init; }
Property Value
ClientRegistrationResponse.LogoUri Property
URL that references a logo for the client. Optional. Per RFC 7591 §2.
public System.Uri? LogoUri { get; init; }
Property Value
ClientRegistrationResponse.RedirectUris Property
The URIs where the client expects to receive responses after user authentication. Per RFC 7591 §2.
public System.Uri[]? RedirectUris { get; init; }
Property Value
ClientRegistrationResponse.RegistrationAccessToken Property
The registration access token that can be used at the Client Configuration Endpoint to perform subsequent operations on the client registration.
public string? RegistrationAccessToken { get; init; }
Property Value
ClientRegistrationResponse.RegistrationClientUri Property
The location of the Client Configuration Endpoint where the registration access token can be used for subsequent operations.
public System.Uri? RegistrationClientUri { get; init; }
Property Value
ClientRegistrationResponse.RequestUris Property
Array of request_uri values pre-registered by the client.
Optional. Per OpenID Connect Core §6.2.
public System.Uri[]? RequestUris { get; init; }
Property Value
ClientRegistrationResponse.RequirePushedAuthorizationRequests Property
Whether PAR is the only way this client may start an authorization flow per RFC 9126 §6.
Echoes ClientInfo.RequirePushedAuthorizationRequests.
public System.Nullable<bool> RequirePushedAuthorizationRequests { get; init; }
Property Value
System.Nullable<System.Boolean>
ClientRegistrationResponse.RequireSignedRequestObject Property
Whether this client must deliver authorization parameters as a signed request object per
RFC 9101 §10.5. Echoes ClientInfo.RequireSignedRequestObject.
public System.Nullable<bool> RequireSignedRequestObject { get; init; }
Property Value
System.Nullable<System.Boolean>
ClientRegistrationResponse.ResponseTypes Property
The registered response type combinations (each entry space-separated), including server-assigned defaults. Per RFC 7591 §2/§3.2.1.
public string[][]? ResponseTypes { get; init; }
Property Value
ClientRegistrationResponse.Scope Property
The registered scope values per RFC 7591 Section 2.
public string[]? Scope { get; init; }
Property Value
ClientRegistrationResponse.SectorIdentifierUri Property
URL using https scheme used in calculating pseudonymous identifiers for
pairwise subject type. Optional. Per OpenID Connect Core §8.1.
public System.Uri? SectorIdentifierUri { get; init; }
Property Value
ClientRegistrationResponse.SoftwareId Property
The software identifier per RFC 7591 Section 2.
public string? SoftwareId { get; init; }
Property Value
ClientRegistrationResponse.SoftwareStatement Property
The software statement JWT echoed back per RFC 7591 Section 3.2.1.
public string? SoftwareStatement { get; init; }
Property Value
ClientRegistrationResponse.SoftwareVersion Property
The software version per RFC 7591 Section 2.
public string? SoftwareVersion { get; init; }
Property Value
ClientRegistrationResponse.SubjectType Property
The type of subject identifier used (public, pairwise).
Optional. Per OpenID Connect Core §8.
public string? SubjectType { get; init; }
Property Value
ClientRegistrationResponse.TlsClientAuthSanDns Property
Required DNS Subject Alternative Names for tls_client_auth per RFC 8705.
public string[]? TlsClientAuthSanDns { get; init; }
Property Value
ClientRegistrationResponse.TlsClientAuthSanEmail Property
Required email Subject Alternative Names for tls_client_auth per RFC 8705.
public string[]? TlsClientAuthSanEmail { get; init; }
Property Value
ClientRegistrationResponse.TlsClientAuthSanIp Property
Required IP Subject Alternative Names for tls_client_auth per RFC 8705.
public string[]? TlsClientAuthSanIp { get; init; }
Property Value
ClientRegistrationResponse.TlsClientAuthSanUri Property
Required URI Subject Alternative Names for tls_client_auth per RFC 8705.
public System.Uri[]? TlsClientAuthSanUri { get; init; }
Property Value
ClientRegistrationResponse.TlsClientAuthSubjectDn Property
Exact Subject Distinguished Name required when using tls_client_auth per RFC 8705.
public string? TlsClientAuthSubjectDn { get; init; }
Property Value
ClientRegistrationResponse.TlsClientCertificateBoundAccessTokens Property
Whether access tokens are certificate-bound whenever the token request arrives over mutual
TLS per RFC 8705 §3.4. Echoes ClientInfo.TlsClientCertificateBoundAccessTokens.
public System.Nullable<bool> TlsClientCertificateBoundAccessTokens { get; init; }
Property Value
System.Nullable<System.Boolean>
ClientRegistrationResponse.TokenEndpointAuthMethod Property
The authentication method used by the client at the token endpoint. Possible values include "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "tls_client_auth", "self_signed_tls_client_auth", or "none". Per OpenID Connect Dynamic Client Registration Section 2.
public string? TokenEndpointAuthMethod { get; init; }
Property Value
ClientRegistrationResponse.TokenExchangeAudiences Property
Non-standard extension: default-deny per-client allowlist of RFC 8693 audience values
this client may request when exchanging a token. Echoes
TokenExchangeAllowedAudiences.
public string[]? TokenExchangeAudiences { get; init; }
Property Value
ClientRegistrationResponse.TokenExchangeSubjectTokenTypes Property
Non-standard extension: per-client allowlist of RFC 8693 subject_token_type URIs this
client may submit to the Token Exchange grant. Echoes
TokenExchangeAllowedSubjectTokenTypes.
public string[]? TokenExchangeSubjectTokenTypes { get; init; }
Property Value
ClientRegistrationResponse.UserInfoEncryptedResponseAlg Property
JWE alg algorithm for encrypting UserInfo responses.
Optional. Per OpenID Connect Core §5.6.2.
public string? UserInfoEncryptedResponseAlg { get; init; }
Property Value
ClientRegistrationResponse.UserInfoEncryptedResponseEnc Property
JWE enc algorithm for encrypting UserInfo responses.
Optional. Per OpenID Connect Core §5.6.2.
public string? UserInfoEncryptedResponseEnc { get; init; }