The client certificate, used to validate binding against access tokens using the TLS client certificate confirmation method.

The scopes which are required to access the target protected resource. If the array contains a scope which is not covered by the access token, Authlete /auth/introspection API returns FORBIDDEN as the action and insufficient_scope as the error code.

The subject (= end-user ID managed by the service implementation) that is required to access the target protected resource. If the specified subject is different from the one associated with the access token, Authlete /auth/introspection API returns FORBIDDEN as the action and invalid_request as the error code.

The access token which has been issued by Authlete.