Skip to content
Duende Software Docs
We just launched Duende IdentityServer v7.2.0 and BFF v3.0. Check it out!

Pushed Authorization Request Store

The pushed authorization request store is responsible for creating, retrieving, and consuming pushed authorization requests.

Duende.IdentityServer.Stores.IPushedAuthorizationRequestStore

Section titled “Duende.IdentityServer.Stores.IPushedAuthorizationRequestStore”
/// <summary>
/// The interface for a service that stores pushed authorization requests.
/// </summary>
public interface IPushedAuthorizationRequestStore
{
    /// <summary>
    /// Stores the pushed authorization request.
    /// </summary>
    /// <param name="pushedAuthorizationRequest">The request.</param>
    /// <returns></returns>
    Task StoreAsync(PushedAuthorizationRequest pushedAuthorizationRequest);


    /// <summary>
    /// Consumes the pushed authorization request, indicating that it should not
    /// be used again. Repeated use could indicate some form of replay attack,
    /// but also could indicate that an end user refreshed their browser or
    /// otherwise retried a request that consumed the pushed authorization
    /// request.
    /// </summary>
    /// <param name="referenceValueHash">The hash of the reference value of the
    /// pushed authorization request. The reference value is the identifier
    /// within the request_uri parameter.</param>
    /// <returns></returns>
    Task ConsumeByHashAsync(string referenceValueHash);


    /// <summary>
    /// Gets the pushed authorization request.
    /// </summary>
    /// <param name="referenceValueHash">The hash of the reference value of the
    /// pushed authorization request. The reference value is the identifier
    /// within the request_uri parameter.</param>
    /// <returns>The pushed authorization request, or null if the request does
    /// not exist or was previously consumed.
    /// </returns>
    Task<PushedAuthorizationRequest?> GetByHashAsync(string referenceValueHash);
}

Duende.IdentityServer.Models.PushedAuthorizationRequest

Section titled “Duende.IdentityServer.Models.PushedAuthorizationRequest”
/// <summary>
/// Represents a persisted Pushed Authorization Request.
/// </summary>
public class PushedAuthorizationRequest
{
    /// <summary>
    /// The hash of the identifier within this pushed request's request_uri
    /// value. Request URIs that IdentityServer produces take the form
    /// urn:ietf:params:oauth:request_uri:{ReferenceValue}.
    /// </summary>
    public string ReferenceValueHash { get; set; }


    /// <summary>
    /// The UTC time at which this pushed request will expire. The Pushed
    /// request will be used throughout the authentication process, beginning
    /// when it is passed to the authorization endpoint by the client, and then
    /// subsequently after user interaction, such as login and/or consent occur.
    /// If the expiration time is exceeded before a response to the client can
    /// be produced, IdentityServer will raise an error, and the user will be
    /// redirected to the IdentityServer error page.
    /// </summary>


    public DateTime ExpiresAtUtc { get; set; }


    /// <summary>
    /// The data protected content of the pushed authorization request.
    /// </summary>
    public string Parameters { get; set; }
}