ClientRequest Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Model
ClientRequest Class
Carries the OAuth 2.0 client authentication material common to back-channel endpoints (token, introspection, revocation): credentials passed in the request body per RFC 6749 §2.3.1, JWT-based client assertions per RFC 7521/7523, and the mTLS client certificate per RFC 8705. Concrete request DTOs typically expose these values alongside their endpoint-specific parameters.
public record ClientRequest : System.IEquatable<Abblix.Oidc.Server.Model.ClientRequest>
Inheritance System.Object → ClientRequest
Implements System.IEquatable<ClientRequest>
Properties
ClientRequest.AuthorizationHeader Property
The HTTP Authorization header from the inbound request, captured for transport-level
authentication schemes such as Basic (client_secret_basic) or Bearer. Not serialized.
public System.Net.Http.Headers.AuthenticationHeaderValue? AuthorizationHeader { get; set; }
Property Value
System.Net.Http.Headers.AuthenticationHeaderValue
ClientRequest.ClientAssertion Property
The client_assertion: a signed JWT used to authenticate the client via
private_key_jwt or client_secret_jwt (RFC 7523 §2.2, OIDC Core §9).
public string? ClientAssertion { get; set; }
Property Value
ClientRequest.ClientAssertionType Property
The client_assertion_type, which for JWT bearer client assertions equals
urn:ietf:params:oauth:client-assertion-type:jwt-bearer per RFC 7521 §4.2 / RFC 7523 §2.2.
public string? ClientAssertionType { get; set; }
Property Value
ClientRequest.ClientCertificate Property
The client X.509 certificate presented via mutual TLS (mTLS) at the transport layer or forwarded by a trusted reverse proxy. Used for RFC 8705 client authentication and for certificate-bound access tokens.
public System.Security.Cryptography.X509Certificates.X509Certificate2? ClientCertificate { get; set; }
Property Value
System.Security.Cryptography.X509Certificates.X509Certificate2
ClientRequest.ClientId Property
The OAuth 2.0 client_id identifying the registered client (RFC 6749 §2.3.1).
May be null when the client is identified solely by an Authorization header or a client assertion.
public string? ClientId { get; set; }
Property Value
ClientRequest.ClientSecret Property
The OAuth 2.0 client_secret presented in the request body for the
client_secret_post authentication method (RFC 6749 §2.3.1).
public string? ClientSecret { get; set; }
Property Value
ClientRequest.DPoPProof Property
The compact-form DPoP proof JWT taken from the inbound request's DPoP header
per RFC 9449 §4.1. Travels alongside AuthorizationHeader and
ClientCertificate as transport-level material so the core layer stays
ASP.NET-Core-free; the MVC binder lifts it from the header. null when no
proof was presented.
public string? DPoPProof { get; set; }