ReadClientSuccessfulResponse Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Model
ReadClientSuccessfulResponse Class
Represents the response for a successful client read request, detailing the configuration and metadata of an OAuth or OpenID Connect client. Per RFC 7592 Section 3, this response includes the registration access token and all registered client metadata. Unregistered metadata is omitted from the JSON per RFC 7592 §3, not emitted as an explicit null.
public record ReadClientSuccessfulResponse : System.IEquatable<Abblix.Oidc.Server.Model.ReadClientSuccessfulResponse>
Inheritance System.Object → ReadClientSuccessfulResponse
Implements System.IEquatable<ReadClientSuccessfulResponse>
Properties
ReadClientSuccessfulResponse.ApplicationType Property
The type of application for which the client is registered (e.g., web, native). Optional - server may assign default. Per RFC 7591 Section 2.
public string? ApplicationType { get; init; }
Property Value
ReadClientSuccessfulResponse.AuthorizationDetailsTypes Property
The per-client allowlist of authorization-detail type values this client may
use in RFC 9396 Rich Authorization Requests (authorization_details_types,
RFC 9396 §5.1). Echoes the registered value of
AuthorizationDetailsTypes.
public string[]? AuthorizationDetailsTypes { get; init; }
Property Value
ReadClientSuccessfulResponse.ClientId Property
The unique identifier of the client as registered with the authorization server. Required per RFC 7591 Section 3.2.1.
public string ClientId { get; init; }
Property Value
ReadClientSuccessfulResponse.ClientName Property
The human-readable name of the client. Optional client metadata. Per RFC 7591 Section 2.
public string? ClientName { get; init; }
Property Value
ReadClientSuccessfulResponse.ClientSecret Property
The secret associated with the client, used for authenticating with the authorization server. Optional - only present for confidential clients. Per RFC 7591 Section 3.2.1.
public string? ClientSecret { get; init; }
Property Value
ReadClientSuccessfulResponse.ClientSecretExpiresAt Property
The expiration time of the client secret. Indicates when the client secret will become invalid. Required if client_secret is issued. Per RFC 7591 Section 3.2.1. A value of 0 indicates the secret does not expire. Serialized as Unix seconds (a JSON number) per RFC 7591 §3.2.1, matching the register-path DTO.
public System.Nullable<System.DateTimeOffset> ClientSecretExpiresAt { get; init; }
Property Value
System.Nullable<System.DateTimeOffset>
ReadClientSuccessfulResponse.Contacts Property
Array of contact email addresses for people responsible for this client. Optional client metadata. Per RFC 7591 Section 2.
public string[]? Contacts { get; init; }
Property Value
ReadClientSuccessfulResponse.DpopBoundAccessTokens Property
Whether access tokens issued to this client are sender-constrained via DPoP per
RFC 9449 §5.2 (dpop_bound_access_tokens). Echoes RequireDPoP.
public System.Nullable<bool> DpopBoundAccessTokens { get; init; }
Property Value
System.Nullable<System.Boolean>
ReadClientSuccessfulResponse.GrantTypes Property
The registered grant types, including server-assigned defaults. Per RFC 7591 §2 / RFC 7592 §3.
public string[]? GrantTypes { get; init; }
Property Value
ReadClientSuccessfulResponse.InitiateLoginUri Property
URL that the authorization server can call to initiate a login at the client. Optional. Per OpenID Connect Core Section 4.
public System.Uri? InitiateLoginUri { get; init; }
Property Value
ReadClientSuccessfulResponse.JwksUri Property
URL for the client's JSON Web Key Set document. Optional - alternative to providing keys directly. Per RFC 7591 Section 2.
public System.Uri? JwksUri { get; init; }
Property Value
ReadClientSuccessfulResponse.LogoUri Property
URL that references a logo for the client. Optional client metadata. Per RFC 7591 Section 2.
public System.Uri? LogoUri { get; init; }
Property Value
ReadClientSuccessfulResponse.RedirectUris Property
The URIs where the client expects to receive responses after user authentication. Required for most grant types. Per RFC 7591 Section 2.
public System.Uri[] RedirectUris { get; init; }
Property Value
ReadClientSuccessfulResponse.RegistrationAccessToken Property
The access token for subsequent operations on the client configuration endpoint. Required per RFC 7592 Section 3.
public string RegistrationAccessToken { get; init; }
Property Value
ReadClientSuccessfulResponse.RegistrationClientUri Property
The fully qualified URL of the client configuration endpoint for this client. Required per RFC 7592 Section 3.
public System.Uri? RegistrationClientUri { get; init; }
Property Value
ReadClientSuccessfulResponse.RequestUris Property
Array of request_uri values that are pre-registered by the client. Optional. Per OpenID Connect Core Section 6.2.
public System.Uri[]? RequestUris { get; init; }
Property Value
ReadClientSuccessfulResponse.RequirePushedAuthorizationRequests Property
Whether PAR is the only way this client may start an authorization flow per RFC 9126 §6. Echoes RequirePushedAuthorizationRequests.
public System.Nullable<bool> RequirePushedAuthorizationRequests { get; init; }
Property Value
System.Nullable<System.Boolean>
ReadClientSuccessfulResponse.RequireSignedRequestObject Property
Whether this client must deliver authorization parameters as a signed request object per RFC 9101 §10.5. Echoes RequireSignedRequestObject.
public System.Nullable<bool> RequireSignedRequestObject { get; init; }
Property Value
System.Nullable<System.Boolean>
ReadClientSuccessfulResponse.ResponseTypes Property
The registered response type combinations (each entry space-separated), including server-assigned defaults. Per RFC 7591 §2 / RFC 7592 §3.
public string[][]? ResponseTypes { get; init; }
Property Value
ReadClientSuccessfulResponse.Scope Property
The registered scope values, serialized as a space-separated string. Per RFC 7591 §2 / RFC 7592 §3.
public string[]? Scope { get; init; }
Property Value
ReadClientSuccessfulResponse.SectorIdentifierUri Property
URL using the https scheme to be used in calculating pseudonymous identifiers for pairwise subject type. Optional - only relevant for pairwise subject identifiers. Per OpenID Connect Core Section 8.1.
public System.Uri? SectorIdentifierUri { get; init; }
Property Value
ReadClientSuccessfulResponse.SubjectType Property
The type of subject identifier used (e.g., public, pairwise). Optional - server may assign default. Per OpenID Connect Core Section 8.
public string? SubjectType { get; init; }
Property Value
ReadClientSuccessfulResponse.TlsClientAuthSanDns Property
Required DNS Subject Alternative Names for tls_client_auth.
public string[]? TlsClientAuthSanDns { get; init; }
Property Value
ReadClientSuccessfulResponse.TlsClientAuthSanEmail Property
Required email Subject Alternative Names for tls_client_auth.
public string[]? TlsClientAuthSanEmail { get; init; }
Property Value
ReadClientSuccessfulResponse.TlsClientAuthSanIp Property
Required IP Subject Alternative Names for tls_client_auth.
public string[]? TlsClientAuthSanIp { get; init; }
Property Value
ReadClientSuccessfulResponse.TlsClientAuthSanUri Property
Required URI Subject Alternative Names for tls_client_auth.
public System.Uri[]? TlsClientAuthSanUri { get; init; }
Property Value
ReadClientSuccessfulResponse.TlsClientAuthSubjectDn Property
Exact Subject Distinguished Name required when using tls_client_auth.
public string? TlsClientAuthSubjectDn { get; init; }
Property Value
ReadClientSuccessfulResponse.TlsClientCertificateBoundAccessTokens Property
Whether access tokens are certificate-bound whenever the token request arrives over mutual TLS per RFC 8705 §3.4. Echoes TlsClientCertificateBoundAccessTokens.
public System.Nullable<bool> TlsClientCertificateBoundAccessTokens { get; init; }
Property Value
System.Nullable<System.Boolean>
ReadClientSuccessfulResponse.TokenEndpointAuthMethod Property
The method used for authenticating the client at the token endpoint. Optional - server may assign default. Per RFC 7591 Section 2.
public string? TokenEndpointAuthMethod { get; init; }
Property Value
ReadClientSuccessfulResponse.TokenExchangeAudiences Property
Non-standard extension: default-deny per-client allowlist of RFC 8693 audience values
this client may request when exchanging a token. Echoes
TokenExchangeAllowedAudiences.
public string[]? TokenExchangeAudiences { get; init; }
Property Value
ReadClientSuccessfulResponse.TokenExchangeSubjectTokenTypes Property
Non-standard extension: per-client allowlist of RFC 8693 subject_token_type URIs this
client may submit to the Token Exchange grant. Echoes
TokenExchangeAllowedSubjectTokenTypes.
public string[]? TokenExchangeSubjectTokenTypes { get; init; }
Property Value
ReadClientSuccessfulResponse.UserInfoEncryptedResponseAlg Property
JWE alg algorithm for encrypting UserInfo responses. Optional. Per OpenID Connect Core Section 5.6.2.
public string? UserInfoEncryptedResponseAlg { get; init; }
Property Value
ReadClientSuccessfulResponse.UserInfoEncryptedResponseEnc Property
JWE enc algorithm for encrypting UserInfo responses. Optional. Per OpenID Connect Core Section 5.6.2.
public string? UserInfoEncryptedResponseEnc { get; init; }