The reference of the authentication context class which the end-user authentication satisfied.

The time at which the end-user was authenticated.

Additional claims which will be embedded in the ID token.

The description of the error. This corresponds to the error_description property in the response to the client.

The URI of a document which describes the error in detail. This corresponds to the error_uri property in the response to the client.

JSON that represents additional JWS header parameters for the ID token that may be issued from the token endpoint.

The extra properties associated with the access token that will be issued.

The result of end-user authentication and authorization.

Scopes associated with the access token. If this property has a non-null value, the set of scopes will be used instead of the scopes specified in the original device authorization request.

The value of the sub claim that should be used in the ID token. If this property is null or empty, the value of subject is used as the value of the sub claim. The main purpose of this sub property is to hide the actual value of the subject from client applications.

Note that the value of the subject request parameter is used as the value of the subject associated with the access token regardless of whether this sub property is a non-empty value or not. In other words, this sub property affects only the sub claim in the ID token.

The subject (= unique identifier) of the end-user who has granted authorization to the client application.

This subject property is used as the value of the subject associated with the access token and as the value of the sub claim in the ID token.

Note that, if sub has a non-empty value, it is used as the value of the sub claim in the ID token. However, even in the case, the value of the subject associated with the access token is still the value of this subject property.

The user code input by the end-user.