Skip to main content
Module

x/authlete_deno/mod.ts>TokenResponse

Authlete Library for Deno
Go to Latest
namespace TokenResponse
Re-export
import { TokenResponse } from "https://deno.land/x/authlete_deno@v1.2.9/mod.ts";

Enums

The next action that the service implementation should take.

class TokenResponse
extends ApiResponse
Re-export
import { TokenResponse } from "https://deno.land/x/authlete_deno@v1.2.9/mod.ts";

Response from Authlete /auth/token API.

Properties

optional
accessToken: string

The newly issued access token. This property holds a valid value only when the value of the action property is TokenResponse.Action.OK.

If the service is configured to issue JWT-based access tokens, a JWT-based access token is issued additionally. In the case, the jwtAccessToken property holds the JWT-based access token.

accessTokenDuration: number

The duration of the access token in seconds.

accessTokenExpiresAt: number

The date in milliseconds since the Unix epoch (1970-01-01) at which the access token will expire.

optional
accessTokenResources: string[]

The target resources of the access token being issued.

See _"Resource Indicators for OAuth 2.0" for details.

The next action that the service implementation should take.

optional
actorToken: string

The value of the actor_token request parameter.

The actor_token request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

optional
actorTokenInfo: TokenInfo

The information about the token specified by the actor_token request parameter.

This property holds a non-null value only when the value of the actor_token_type request parameter is either urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token (= only when the actorTokenType property is either TokenType.ACCESS_TOKEN ACCESS_TOKEN or TokenType.REFRESH_TOKEN REFRESH_TOKEN).

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

optional
actorTokenType: TokenType

The value of the actor_token_type request parameter.

The actor_token_type request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

optional
audiences: string[]

The values of the audience request parameters that are contained in the token exchange request (cf. RFC 8693).

The audience request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange. Although RFC 6749 The OAuth 2.0 Authorization Framework states "Request and response parameters MUST NOT be included more than once", RFC 8693 allows a token exchange request to include the audience request parameter multiple times.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

optional
authorizationDetails: AuthzDetails

The authorization details. This represents the value of the authorization_details request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".

When the value of the action property is TokenResponse.Action.PASSWORD, this property an array that represents the authorization_details request parameter included in the token request. In other successful cases, this property holds the authorization details associated with the issued access token.

optional
clientAttributes: Pair[]

Arbitrary attributes associated with the client.

optional
clientAuthMethod: ClientAuthMethod

The client authentication method that should be performed at the token endpoint.

If the client could not be identified by the information in the request, this property is unset.

clientId: number

The client ID.

optional
clientIdAlias: string

The client ID alias.

If the client did not have an alias, the value of this property is unset.

clientIdAliasUsed: boolean

The flag which indicates whether the client ID alias was used when the token request was made.

grantType: GrantType

The grant type of the token request.

optional
idToken: string

The ID token.

An ID token is issued from a token endpoint when the authorization code flow is used and openid is included in the scope list.

optional
jwtAccessToken: string

The newly issued access token in JWT format.

If the authorization server is configured to issue JWT-based access tokens (= if Service.getAccessTokenSignAlg holds a valid value), a JWT-based access token is issued along with the original random-string one.

Regarding the detailed format of the JWT-based access token, see the description of the Service class.

optional
password: string

The password request parameter.

This property holds a valid value only when the value of grant_type request parameter in the token request is password.

See RFC 6749, 4.3.2. Access Token Request.

optional
properties: Property[]

The extra properties associated with the access token. This property is unset when no extra property is associated with the issued access token.

optional
refreshToken: string

The refresh token. This property holds a valid value only when the action property is TokenResponse.Action.OK and the service supports the refresh token flow.

refreshTokenDuration: number

The duration of the refresh token in seconds.

refreshTokenExpiresAt: number

The date in milliseconds since the Unix epoch (1970-01-01) at which the refresh token will expire.

optional
requestedTokenType: TokenType

The value of the requested_token_type request parameter.

The requested_token_type request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

optional
resources: string[]

The resources specified by the resource request parameters in the token request.

See "Resource Indicators for OAuth 2.0" for details.

optional
responseContent: string

The response content which can be used as the entity body of the response returned to the client application.

optional
scopes: string[]

The scopes covered by the access token.

optional
serviceAttributes: Pair[]

Arbitrary attributes associated with the service.

optional
subject: string

The subject (= resource owner's ID) of the access token.

Even if an access token has been issued by the call of /auth/token API, this property is unset if the flow of the token request was Client Credentials Flow (grant_type=client_credentials) because it means the access token is not associated with any specific end-user.

optional
subjectToken: string

The value of the subject_token request parameter.

The subject_token request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

optional
subjectTokenInfo: TokenInfo

The information about the token specified by the subject_token request parameter.

This property holds a non-null value only when the value of the subject_token_type request parameter is either urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token (= only when the subjectTokenType property is either TokenType.ACCESS_TOKEN ACCESS_TOKEN or TokenType.REFRESH_TOKEN REFRESH_TOKEN).

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

optional
subjectTokenType: TokenType

The value of the subject_token_type request parameter.

The subject_token_type request parameter is defined in RFC 8693 OAuth 2.0 Token Exchange.

For more details, see RFC 8693 OAuth 2.0 Token Exchange.

ticket: string

The ticket issued from Authlete /auth/token endpoint. The value is to be used as ticket request parameter for /auth/token/issue API or /auth/token/fail API.

This method returns a valid value only when action is TokenResponse.Action.PASSWORD.

optional
username: string

The username request parameter.

This property holds a valid value only when the value of grant_type request parameter in the token request is password.

See RFC 6749, 4.3.2. Access Token Request.