import { TokenResponse } from "https://deno.land/x/authlete_deno@v1.2.10/mod.ts";
Enums
The next action that the service implementation should take. |
import { TokenResponse } from "https://deno.land/x/authlete_deno@v1.2.10/mod.ts";
Response from Authlete /auth/token
API.
Properties
The newly issued access token. This property holds a valid value
only when the value of the action
property is TokenResponse.Action.OK
.
If the service is configured to issue JWT-based access tokens,
a JWT-based access token is issued additionally. In the case,
the jwtAccessToken
property holds the JWT-based access token.
The date in milliseconds since the Unix epoch (1970-01-01) at which the access token will expire.
The target resources of the access token being issued.
See _"Resource Indicators for OAuth 2.0" for details.
The next action that the service implementation should take.
The value of the actor_token
request parameter.
The actor_token
request parameter is defined in RFC 8693 OAuth
2.0 Token Exchange.
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The information about the token specified by the actor_token
request parameter.
This property holds a non-null value only when the value of the
actor_token_type
request parameter is either urn:ietf:params:oauth:token-type:access_token
or urn:ietf:params:oauth:token-type:refresh_token
(= only when
the actorTokenType
property is either TokenType.ACCESS_TOKEN ACCESS_TOKEN
or TokenType.REFRESH_TOKEN REFRESH_TOKEN
).
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The value of the actor_token_type
request parameter.
The actor_token_type
request parameter is defined in RFC 8693 OAuth
2.0 Token Exchange.
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The values of the audience
request parameters that are contained
in the token exchange request (cf. RFC 8693).
The audience
request parameter is defined in RFC 8693 OAuth
2.0 Token Exchange.
Although RFC 6749 The OAuth 2.0 Authorization Framework
states "Request and response parameters MUST NOT be included more
than once", RFC 8693 allows a token exchange request to include
the audience
request parameter multiple times.
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The authorization details. This represents the value of the
authorization_details
request parameter which is defined in
"OAuth 2.0 Rich Authorization Requests".
When the value of the action
property is TokenResponse.Action.PASSWORD
,
this property an array that represents the authorization_details
request parameter included in the token request. In other successful
cases, this property holds the authorization details associated
with the issued access token.
Arbitrary attributes associated with the client.
The client authentication method that should be performed at the token endpoint.
If the client could not be identified by the information in the request, this property is unset.
The client ID alias.
If the client did not have an alias, the value of this property is unset.
The flag which indicates whether the client ID alias was used when the token request was made.
The grant type of the token request.
The ID token.
An ID token
is issued from a token endpoint when the authorization code
flow is used
and openid
is included in the scope list.
The newly issued access token in JWT format.
If the authorization server is configured to issue JWT-based access
tokens (= if Service.getAccessTokenSignAlg
holds a valid value),
a JWT-based access token is issued along with the original random-string
one.
Regarding the detailed format of the JWT-based access token, see
the description of the Service
class.
The password
request parameter.
This property holds a valid value only when the value of grant_type
request parameter in the token request is password
.
The extra properties associated with the access token. This property is unset when no extra property is associated with the issued access token.
The refresh token. This property holds a valid value only when
the action
property is TokenResponse.Action.OK
and the service
supports the refresh token
flow.
The date in milliseconds since the Unix epoch (1970-01-01) at which the refresh token will expire.
The value of the requested_token_type
request parameter.
The requested_token_type
request parameter is defined in RFC
8693 OAuth 2.0 Token Exchange.
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The resources specified by the resource
request parameters
in the token request.
See "Resource Indicators for OAuth 2.0" for details.
The response content which can be used as the entity body of the response returned to the client application.
Arbitrary attributes associated with the service.
The subject (= resource owner's ID) of the access token.
Even if an access token has been issued by the call of /auth/token
API, this property is unset if the flow of the token request was
Client Credentials Flow
(grant_type=client_credentials
) because it means the access
token is not associated with any specific end-user.
The value of the subject_token
request parameter.
The subject_token
request parameter is defined in RFC 8693 OAuth
2.0 Token Exchange.
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The information about the token specified by the subject_token
request parameter.
This property holds a non-null value only when the value of the
subject_token_type
request parameter is either urn:ietf:params:oauth:token-type:access_token
or urn:ietf:params:oauth:token-type:refresh_token
(= only when
the subjectTokenType
property is either TokenType.ACCESS_TOKEN ACCESS_TOKEN
or TokenType.REFRESH_TOKEN REFRESH_TOKEN
).
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The value of the subject_token_type
request parameter.
The subject_token_type
request parameter is defined in RFC 8693
OAuth 2.0 Token Exchange.
For more details, see RFC 8693 OAuth 2.0 Token Exchange.
The ticket issued from Authlete /auth/token
endpoint. The value
is to be used as ticket
request parameter for /auth/token/issue
API or /auth/token/fail
API.
This method returns a valid value only when action
is
TokenResponse.Action.PASSWORD
.
The username
request parameter.
This property holds a valid value only when the value of grant_type
request parameter in the token request is password
.