import { BackchannelAuthenticationResponse } from "https://deno.land/x/authlete_deno@v1.2.10/src/dto/backchannel_authentication_response.ts";
Enums
The next action that the service implementation should take. |
import { BackchannelAuthenticationResponse } from "https://deno.land/x/authlete_deno@v1.2.10/src/dto/backchannel_authentication_response.ts";
Response from Authlete /backchannel/authentication
API.
Properties
The list of ACR values requested by the backchannel authentication request.
Basically, this property has the value of the acr_values
request
parameter in the backchannel authentication request. However,
because unsupported ACR values are dropped on Authlete side, if the
acr_values
request parameter contains unrecognized ACR values,
the list this property has becomes different from the value of the
acr_values
request parameter.
The next action that the service implementation should take.
The authorization details. This represents the value of the
authorization_details
request parameter which is defined in
"OAuth 2.0 Rich Authorization Requests".
The binding message included in the backchannel authentication
request. It is the value of the binding_message
request parameter.
Arbitrary attributes associated with the client.
The client authentication method that should be performed at the token endpoint.
If the client could not be identified by the information in the request, this property is unset.
The client ID alias.
If the client did not have an alias, the value of this property is unset.
The flag which indicates whether the client ID alias was used when the token request was made.
The name of the client application which has made the backchannel authentication request.
The names of the claims which were requested indirectly via some special scopes. See 5.4. Requesting Claims using Scope Values in OpenID Connect Core 1.0 for details.
The client notification token included in the backchannel authentication
request. It is the value of the client_notification_token
request
parameter.
When the backchannel token delivery mode is "ping"
or "push"
,
the backchannel authentication request must include a client notification
token.
The backchannel token delivery mode of the client application.
The dynamic scopes which the client application requested by the
scope
request parameter. See the description of DynamicScope
for details.
The value of the hint for end-user identification.
When hintType
has UserIdentificationHintType.ID_TOKEN_HINT ID_TOKEN_HINT
,
this property has the value of the id_token_hint
request parameter.
Likewise, this property has the value of the login_hint
request
parameter when hintType
has UserIdentificationHintType.LOGIN_HINT
,
or has the value of the login_hint_token
request parameter
when hintType
has UserIdentificationHintType.LOGIN_HINT_TOKEN
.
The type of the hint for end-user identification which was included in the backchannel authentication request.
When the backchannel authentication request contains id_token_hint
,
this property has UserIdentificationHintType.ID_TOKEN_HINT
.
Likewise, this property has UserIdentificationHintType.LOGIN_HINT LOGIN_HINT
when the request contains login_hint
, or has UserIdentificationHintType.LOGIN_HINT_TOKEN
when the request contains login_hint_token
.
Note that a backchannel authentication request must include one
and only one hint among id_token_hint
, login_hint
and
login_hint_token
.
The request context of the backchannel authentication request.
It is the value of the request_context
claim in the signed
authentication request and its format is JSON. request_context
is a new claim added by the FAPI-CIBA profile.
This property has null
if the backchannel authentication request
does not include a request
request parameter or the JWT specified
by the request parameter does not include a request_context
claim.
The requested expiry for the authentication request ID (auth_req_id
).
It is the value of the requested_expiry
request parameter.
The resources specified by the resource
request parameters or
by the resource
property in the request object. If both are
given, the values in the request object take precedence.
See "Resource Indicators for OAuth 2.0" for details.
The response content which can be used as the entity body of the response returned to the client application.
The scopes requested by the backchannel authentication request.
Basically, this property holds the value of the scope
request
parameter in the backchannel authentication request. However, because
unregistered scopes are dropped on Authlete side, if the scope
request parameter contains unknown scopes, the list this property
has becomes different from the value of the scope
request parameter.
Note that Scope.description
and Scope.descriptions
property
of each element (Scope
instance) in the array this property has
is always set to null
even if descriptions of the scopes are
registered.
Arbitrary attributes associated with the service.
The value of the sub
claim contained in the ID token hint included
in the backchannel authentication request.
This property has a value only when the backchannel authentication
request contains the id_token_hint
request parameter.
The ticket that is necessary for the implementation of the backchannel
authentication endpoint to call /backchannel/authentication/*
API.
The user code included in the backchannel authentication request.
It is the value of the user_code
request parameter.
The flag which indicates whether a user code is required.
This property has true
when both the backchannel_user_code_parameter
metadata of the client (= Client
's bcUserCodeRequired
property)
and the backchannel_user_code_parameter_supported
metadata of
the service (= Service.backchannelUserCodeParameterSupported
)
are true
.