The newly issued access token. This property holds a valid value only when the value of the action property is TokenResponse.Action.OK.

If the service is configured to issue JWT-based access tokens, a JWT-based access token is issued additionally. In the case, the jwtAccessToken property holds the JWT-based access token.

The duration of the access token in seconds.

The date in milliseconds since the Unix epoch (1970-01-01) at which the access token will expire.

The target resources of the access token being issued.

See _"Resource Indicators for OAuth 2.0" for details.

The next action that the service implementation should take.

The authorization details. This represents the value of the authorization_details request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".

When the value of the action property is TokenResponse.Action.PASSWORD, this method returns an array that represents the authorization_details request parameter included in the token request. In other successful cases, this property holds the authorization details associated with the issued access token.

The client authentication method that should be performed at the token endpoint.

If the client could not be identified by the information in the request, this property is unset.

The client ID.

The client ID alias.

If the client did not have an alias, the value of this property is unset.

The flag which indicates whether the client ID alias was used when the token request was made.

The grant type of the token request.

The ID token.

An ID token is issued from a token endpoint when the authorization code flow is used and openid is included in the scope list.

The newly issued access token in JWT format.

If the authorization server is configured to issue JWT-based access tokens (= if Service.getAccessTokenSignAlg holds a valid value), a JWT-based access token is issued along with the original random-string one.

Regarding the detailed format of the JWT-based access token, see the description of the Service class.

The password request parameter.

This property holds a valid value only when the value of grant_type request parameter in the token request is password.

See RFC 6749, 4.3.2. Access Token Request.

The extra properties associated with the access token. This property is unset when no extra property is associated with the issued access token.

The refresh token. This property holds a valid value only when the action property is TokenResponse.Action.OK and the service supports the refresh token flow.

The duration of the refresh token in seconds.

The date in milliseconds since the Unix epoch (1970-01-01) at which the refresh token will expire.

The resources specified by the resource request parameters in the token request.

See "Resource Indicators for OAuth 2.0" for details.

The response content which can be used as the entity body of the response returned to the client application.

The scopes covered by the access token.

The subject (= resource owner's ID) of the access token.

Even if an access token has been issued by the call of /api/auth/token API, this property is unset if the flow of the token request was Client Credentials Flow (grant_type=client_credentials) because it means the access token is not associated with any specific end-user.

The ticket issued from Authlete /auth/token endpoint. The value is to be used as ticket request parameter for /auth/token/issue API or /auth/token/fail API.

This method returns a valid value only when action is TokenResponse.Action#PASSWORD PASSWORD.

The username request parameter.

This property holds a valid value only when the value of grant_type request parameter in the token request is password.

See RFC 6749, 4.3.2. Access Token Request.