The newly issued access token. This property holds a valid value only when the value of the action property is TokenResponse.Action.OK.

If the service is configured to issue JWT-based access tokens, a JWT-based access token is issued additionally. In the case, the jwtAccessToken property holds the JWT-based access token.

The duration of the access token in seconds.

The date in milliseconds since the Unix epoch (1970-01-01) at which the access token will expire.

The target resources of the access token being issued.

See _"Resource Indicators for OAuth 2.0" for details.

The next action that the service implementation should take.

The value of the actor_token request parameter.

The actor_token request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The information about the token specified by the actor_token request parameter.

This property holds a non-null value only when the value of the actor_token_type request parameter is either urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token (= only when the actorTokenType property is either TokenType.ACCESS_TOKEN ACCESS_TOKEN or TokenType.REFRESH_TOKEN REFRESH_TOKEN).

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The value of the actor_token_type request parameter.

The actor_token_type request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The values of the audience request parameters that are contained in the token exchange request (cf. RFC 8693).

The audience request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange. Although RFC 6749 The OAuth 2.0 Authorization Framework states "Request and response parameters MUST NOT be included more than once", RFC 8693 allows a token exchange request to include the audience request parameter multiple times.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The authorization details. This represents the value of the authorization_details request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".

When the value of the action property is TokenResponse.Action.PASSWORD, this property an array that represents the authorization_details request parameter included in the token request. In other successful cases, this property holds the authorization details associated with the issued access token.

Arbitrary attributes associated with the client.

The client authentication method that should be performed at the token endpoint.

If the client could not be identified by the information in the request, this property is unset.

The client ID.

The client ID alias.

If the client did not have an alias, the value of this property is unset.

The flag which indicates whether the client ID alias was used when the token request was made.

The grant type of the token request.

The ID token.

An ID token is issued from a token endpoint when the authorization code flow is used and openid is included in the scope list.

The newly issued access token in JWT format.

If the authorization server is configured to issue JWT-based access tokens (= if Service.getAccessTokenSignAlg holds a valid value), a JWT-based access token is issued along with the original random-string one.

Regarding the detailed format of the JWT-based access token, see the description of the Service class.

The password request parameter.

This property holds a valid value only when the value of grant_type request parameter in the token request is password.

See RFC 6749, 4.3.2. Access Token Request.

The extra properties associated with the access token. This property is unset when no extra property is associated with the issued access token.

The refresh token. This property holds a valid value only when the action property is TokenResponse.Action.OK and the service supports the refresh token flow.

The duration of the refresh token in seconds.

The date in milliseconds since the Unix epoch (1970-01-01) at which the refresh token will expire.

The value of the requested_token_type request parameter.

The requested_token_type request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The resources specified by the resource request parameters in the token request.

See "Resource Indicators for OAuth 2.0" for details.

The response content which can be used as the entity body of the response returned to the client application.

The scopes covered by the access token.

Arbitrary attributes associated with the service.

The subject (= resource owner's ID) of the access token.

Even if an access token has been issued by the call of /auth/token API, this property is unset if the flow of the token request was Client Credentials Flow (grant_type=client_credentials) because it means the access token is not associated with any specific end-user.

The value of the subject_token request parameter.

The subject_token request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The information about the token specified by the subject_token request parameter.

This property holds a non-null value only when the value of the subject_token_type request parameter is either urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token (= only when the subjectTokenType property is either TokenType.ACCESS_TOKEN ACCESS_TOKEN or TokenType.REFRESH_TOKEN REFRESH_TOKEN).

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The value of the subject_token_type request parameter.

The subject_token_type request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

The ticket issued from Authlete /auth/token endpoint. The value is to be used as ticket request parameter for /auth/token/issue API or /auth/token/fail API.

This method returns a valid value only when action is TokenResponse.Action.PASSWORD.

The username request parameter.

This property holds a valid value only when the value of grant_type request parameter in the token request is password.

See RFC 6749, 4.3.2. Access Token Request.