Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

interface Duende.​IdentityServer.​Validation.​IRedirectUriValidator

Assembly: Duende.IdentityServer

Validates redirect URIs and post-logout redirect URIs submitted in authorization and end-session requests.

Remarks

IdentityServer invokes this validator during the authorization request pipeline to confirm that the <c>redirect_uri</c> parameter supplied by the client is permitted for that client, and during the end-session pipeline to confirm that the <c>post_logout_redirect_uri</c> is permitted. <para> The default implementation performs an exact string match against the URIs registered on the <see cref="T:Duende.IdentityServer.Models.Client" />. Override this interface to apply custom matching logic, such as wildcard or pattern-based URI validation. </para> <para> Register a custom implementation using <c>AddRedirectUriValidator&lt;T&gt;()</c> on the IdentityServer builder. </para>

Methods

IsRedirectUriValidAsync​(string requestedUri, Models.​Client client)
Determines whether a redirect URI is valid for a client.
Returns <c>true</c> if the URI is permitted for the client; <c>false</c> otherwise.
requestedUri The <c>redirect_uri</c> value submitted in the authorization request.
client The client whose registered redirect URIs should be checked.
IsRedirectUriValidAsync​(RedirectUriValidationContext context, System.​Threading.​CancellationToken ct)
Determines whether a redirect URI is valid for a client.
Returns <c>true</c> if the URI is permitted for the client; <c>false</c> otherwise.
context The validation context containing the requested URI, the client, the raw request parameters, and the authorize request type.
ct The cancellation token.
Remarks This overload is preferred over the deprecated string-based overload because it provides additional context such as the full request parameters, any validated request object values, and the type of authorize request (e.g., PAR vs. standard authorize).
IsPostLogoutRedirectUriValidAsync​(string requestedUri, Models.​Client client, System.​Threading.​CancellationToken ct)
Determines whether a post-logout redirect URI is valid for a client.
Returns <c>true</c> if the URI is permitted for the client; <c>false</c> otherwise.
requestedUri The <c>post_logout_redirect_uri</c> value submitted in the end-session request.
client The client whose registered post-logout redirect URIs should be checked.
ct The cancellation token.
Remarks Called during end-session request processing to verify that the <c>post_logout_redirect_uri</c> parameter supplied by the client is registered and permitted.