Skip to main content
Using Deno in production at your company? Earn free Deno merch.
Give us feedback
Module

x/authlete_deno/mod.ts>AuthorizationResponse

Authlete Library for Deno
authlete/authlete-deno
Go to Latest
namespace AuthorizationResponse
Re-export
import { AuthorizationResponse } from "https://deno.land/x/authlete_deno@v1.2.3/mod.ts";
class AuthorizationResponse
extends ApiResponse
Re-export
import { AuthorizationResponse } from "https://deno.land/x/authlete_deno@v1.2.3/mod.ts";

Response from Authlete /auth/authorization API.

Properties

acrEssential: boolean

The flag which indicates whether the end-user authentication must satisfy one of the requested ACRs.

This method returns true only when the authorization request from the client contains claim request parameter and it contains an entry for acr claim with "essential":true.

For more details, see OpenID Connect Core 1.0, 5.5.1. Individual Claims Requests.

optional
acrs: string[]

The list of ACRs (Authentication Context Class References) requested by the client application. The value come from (1) acr claim in claims request parameter, (2) acr_values request parameter, or (3) default_acr_values configuration parameter of the client application.

For more details, see the following links.

action: AuthorizationResponse.Action

The next action that the service implementation should take.

optional
authorizationDetails: AuthzDetails

The authorization details. This represents the value of the authorization_details request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".

optional
claims: string[]

The list of claims that the client application requests to be embedded in the ID token. The value comes from scope and claims request parameters of the original authorization request.

For more details, see the following links.

optional
claimsLocales: string[]

The list of preferred languages and scripts for claim values contained in the ID token. The value comes from claims_locales request parameter.

For more details, see OpenID Connect Core 1.0, 5.2. Claims Languages and Scripts.

client: Client

The information about the client application.

clientIdAliasUsed: boolean

The flag which indicates whether the value of the client_id request parameter included in the authorization request is the client ID alias or the original numeric client ID.

optional
display: Display

The display mode which the client application requests by display request parameter. When the authorization request does not contain display request parameter, this method returns Display.PAGE as the default value.

For more details, see OpenID Connect Core 1.0, 3.1.2.1. Authentication Request.

optional
idTokenClaims: string

The value of the id_token property in the claims request parameter or in the "claims" property in a request object.

A client application may request certain claims be embedded in an ID token or in a response from the UserInfo endpoint. There are several ways. Including the claims request parameter and including the "claims" property in a request object are such examples. In both the cases, the value of the claims parameter/property is JSON. Its format is described in 5.5. Requesting Claims using the "claims" Request Parameter of OpenID Connect Core 1.0.

The following is an excerpt from the specification. You can find userinfo and id_token are top-level properties.

{
  "userinfo":
  {
    "given_name": {"essential": true},
    "nickname": null,
    "email": {"essential": true},
    "email_verified": {"essential": true},
    "picture": null,
    "http://example.info/claims/groups": null
  },
  "id_token":
  {
    "auth_time": {"essential": true},
    "acr": {"values": ["urn:mace:incommon:iap:silver"] }
  }
}

This property holds the value of the id_token property in JSON format. For example, if the JSON above is included in an authorization request, this property holds JSON equivalent to the following.

{
  "auth_time": {"essential": true},
  "acr": {"values": ["urn:mace:incommon:iap:silver"] }
}

Note that if a request object is given and it contains the claims property and if the claims request parameter is also given, this method returns the value in the former.

optional
loginHint: string

The value of login hint, which is specified by the client application using login_hint request parameter.

For more details, OpenID Connect Core 1.0, 3.1.2.1. Authentication Request.

maxAge: number

The maximum authentication age which is the allowable elapsed time in seconds since the last time the end-user was actively authenticated by the service implementation. The value comes from max_age request parameter or default_max_age configuration parameter of the client application. 0 may be returned which means that the max age constraint does not have to be imposed.

For more details, see the following links.

optional
prompts: Prompt[]

The list of prompts contained in the authorization request (= the value of prompt request parameter).

For more details, see OpenID Connect Core 1.0, 3.1.2.1. Authentication Request.

optional
purpose: string

The value of the purpose request parameter.

The purpose request parameter is defined in 8. Transaction-specific Purpose of OpenID Connect for Identity Assurance 1.0

purpose OPTIONAL. String describing the purpose for obtaining certain user data from the OP. The purpose MUST NOT be shorter than 3 characters and MUST NOT be longer than 300 characters. If these rules are violated, the authentication request MUST fail and the OP returns an error invalid_request to the RP.

NOTE: This property has a valid value only when Authlete server you are using supports OpenID Connect for Identity Assurance 1.0.

optional
requestObjectPayload: string

The payload part of the request object.

This property is unset if the authorization request does not include a request object.

optional
resources: string[]

The resources specified by the resource request parameters or by the resource property in the request object. If both are given, the values in the request object take precedence. See "Resource Indicators for OAuth 2.0" for details.

optional
responseContent: string

The response content which can be used to generate a response to the client application. The format of the value varies depending on the value of action.

optional
scopes: Scope[]

The scopes that the client application requests by scope request parameter. When the authorization request does not contain scope request parameter, this method returns a list of scopes which are marked as default by the service implementation. This property may be unset if the authorization request does not contain valid scopes and none of registered scopes is marked as default.

You may want to enable end-users to select/deselect scopes in the authorization page. In other words, you may want to use a different set of scopes than the set specified by the original authorization request. You can replace scopes when you call Authlete /auth/authorization/issue API. See the description of AuthorizationIssueRequest.scopes property for details.

service: Service

The information about the service.

optional
subject: string

The subject (= end-user's unique ID) that the client application requests. The value comes from sub claim in claims request parameter. This method may be unset (probably in most cases).

For more details, see OpenID Connect Core 1.0, 5.5. Requesting Claims using the "claims" Request Parameter.

ticket: string

The ticket which has been issued to the service implementation from Authlete' /auth/authorization API. This ticket is needed for calling /auth/authorization/issue API and /auth/authorization/fail API.

optional
uiLocales: string[]

The list of preferred languages and scripts for the user interface. The value comes from ui_locales request parameter.

For more details, see OpenID Connect Core 1.0, 3.1.2.1. Authentication Request.

optional
userInfoClaims: string

The value of the userinfo property in the claims request parameter or in the "claims" property in a request object.

A client application may request certain claims be embedded in an ID token or in a response from the UserInfo endpoint. There are several ways. Including the claims request parameter and including the "claims" property in a request object are such examples. In both the cases, the value of the claims parameter/property is JSON. Its format is described in 5.5. Requesting Claims using the "claims" Request Parameter of OpenID Connect Core 1.0.

The following is an excerpt from the specification. You can find userinfo and id_token are top-level properties.

{
  "userinfo":
  {
    "given_name": {"essential": true},
    "nickname": null,
    "email": {"essential": true},
    "email_verified": {"essential": true},
    "picture": null,
    "http://example.info/claims/groups": null
  },
  "id_token":
  {
    "auth_time": {"essential": true},
    "acr": {"values": ["urn:mace:incommon:iap:silver"]}
  }
}

This property holds the value of the userinfo property in JSON format. For example, if the JSON above is included in an authorization request, this property holds JSON equivalent to the following.

{
  "given_name": {"essential": true},
  "nickname": null,
  "email": {"essential": true},
  "email_verified": {"essential": true},
  "picture": null,
  "http://example.info/claims/groups": null
}

Note that if a request object is given and it contains the claims property and if the claims request parameter is also given, this method returns the value in the former.