Home > Reference > Stores > Pushed Authorization Request Store

Pushed Authorization Request Store

The pushed authorization request store is responsible for creating, retrieving, and consuming pushed authorization requests.

Duende.IdentityServer.Stores.IPushedAuthorizationRequestStore

/// <summary>
/// The interface for a service that stores pushed authorization requests.
/// </summary>
public interface IPushedAuthorizationRequestStore
{
    /// <summary>
    /// Stores the pushed authorization request.
    /// </summary>
    /// <param name="pushedAuthorizationRequest">The request.</param>
    /// <returns></returns>
    Task StoreAsync(PushedAuthorizationRequest pushedAuthorizationRequest);

    /// <summary>
    /// Consumes the pushed authorization request, indicating that it should not
    /// be used again. Repeated use could indicate some form of replay attack,
    /// but also could indicate that an end user refreshed their browser or
    /// otherwise retried a request that consumed the pushed authorization
    /// request.
    /// </summary>
    /// <param name="referenceValueHash">The hash of the reference value of the
    /// pushed authorization request. The reference value is the identifier
    /// within the request_uri parameter.</param>
    /// <returns></returns>
    Task ConsumeByHashAsync(string referenceValueHash);

    /// <summary>
    /// Gets the pushed authorization request.
    /// </summary>
    /// <param name="referenceValueHash">The hash of the reference value of the
    /// pushed authorization request. The reference value is the identifier
    /// within the request_uri parameter.</param>
    /// <returns>The pushed authorization request, or null if the request does
    /// not exist or was previously consumed.
    /// </returns>
    Task<PushedAuthorizationRequest?> GetByHashAsync(string referenceValueHash);
}

Duende.IdentityServer.Models.PushedAuthorizationRequest

/// <summary>
/// Represents a persisted Pushed Authorization Request.
/// </summary>
public class PushedAuthorizationRequest
{
    /// <summary>
    /// The hash of the identifier within this pushed request's request_uri
    /// value. Request URIs that IdentityServer produces take the form
    /// urn:ietf:params:oauth:request_uri:{ReferenceValue}. 
    /// </summary>
    public string ReferenceValueHash { get; set; }

    /// <summary>
    /// The UTC time at which this pushed request will expire. The Pushed
    /// request will be used throughout the authentication process, beginning
    /// when it is passed to the authorization endpoint by the client, and then
    /// subsequently after user interaction, such as login and/or consent occur.
    /// If the expiration time is exceeded before a response to the client can
    /// be produced, IdentityServer will raise an error, and the user will be
    /// redirected to the IdentityServer error page. 
    /// </summary>

    public DateTime ExpiresAtUtc { get; set; }
    
    /// <summary>
    /// The data protected content of the pushed authorization request.  
    /// </summary>
    public string Parameters { get; set; }
}