Skip to main content

ClientRequest Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Model

ClientRequest Class

Carries the OAuth 2.0 client authentication material common to back-channel endpoints (token, introspection, revocation): credentials passed in the request body per RFC 6749 §2.3.1, JWT-based client assertions per RFC 7521/7523, and the mTLS client certificate per RFC 8705. Concrete request DTOs typically expose these values alongside their endpoint-specific parameters.

public record ClientRequest : System.IEquatable<Abblix.Oidc.Server.Model.ClientRequest>

Inheritance System.Object → ClientRequest

Implements System.IEquatable<ClientRequest>

Properties

ClientRequest.AuthorizationHeader Property

The HTTP Authorization header from the inbound request, captured for transport-level authentication schemes such as Basic (client_secret_basic) or Bearer. Not serialized.

public System.Net.Http.Headers.AuthenticationHeaderValue? AuthorizationHeader { get; set; }

Property Value

System.Net.Http.Headers.AuthenticationHeaderValue

ClientRequest.ClientAssertion Property

The client_assertion: a signed JWT used to authenticate the client via private_key_jwt or client_secret_jwt (RFC 7523 §2.2, OIDC Core §9).

public string? ClientAssertion { get; set; }

Property Value

System.String

ClientRequest.ClientAssertionType Property

The client_assertion_type, which for JWT bearer client assertions equals urn:ietf:params:oauth:client-assertion-type:jwt-bearer per RFC 7521 §4.2 / RFC 7523 §2.2.

public string? ClientAssertionType { get; set; }

Property Value

System.String

ClientRequest.ClientCertificate Property

The client X.509 certificate presented via mutual TLS (mTLS) at the transport layer or forwarded by a trusted reverse proxy. Used for RFC 8705 client authentication and for certificate-bound access tokens.

public System.Security.Cryptography.X509Certificates.X509Certificate2? ClientCertificate { get; set; }

Property Value

System.Security.Cryptography.X509Certificates.X509Certificate2

ClientRequest.ClientId Property

The OAuth 2.0 client_id identifying the registered client (RFC 6749 §2.3.1). May be null when the client is identified solely by an Authorization header or a client assertion.

public string? ClientId { get; set; }

Property Value

System.String

ClientRequest.ClientSecret Property

The OAuth 2.0 client_secret presented in the request body for the client_secret_post authentication method (RFC 6749 §2.3.1).

public string? ClientSecret { get; set; }

Property Value

System.String

ClientRequest.DPoPProof Property

The compact-form DPoP proof JWT taken from the inbound request's DPoP header per RFC 9449 §4.1. Travels alongside AuthorizationHeader and ClientCertificate as transport-level material so the core layer stays ASP.NET-Core-free; the MVC binder lifts it from the header. null when no proof was presented.

public string? DPoPProof { get; set; }

Property Value

System.String