Use this as a value to processAuthorizationCodeOpenIDResponse expectedNonce parameter to indicate no nonce ID Token claim value is expected, i.e. no nonce parameter value was sent with the authorization request.

Use this as a value to validateAuthResponse expectedState parameter to indicate no state parameter value is expected, i.e. no state parameter value was sent with the authorization request.

Use this as a value to processAuthorizationCodeOpenIDResponse maxAge parameter to indicate no auth_time ID Token claim value check should be performed.

DANGER ZONE

DANGER ZONE

Performs an Authorization Code grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Calculates the PKCE code_verifier value to send with an authorization request using the S256 PKCE Code Challenge Method transformation.

Performs a Client Credentials Grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Performs a Device Authorization Request at the AuthorizationServer.device_authorization_endpoint | as.device_authorization_endpoint.

Performs a Device Authorization Grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Performs an authorization server metadata discovery using one of two DiscoveryRequestOptions.algorithm | transformation algorithms applied to the issuerIdentifier argument.

Generates a CryptoKeyPair for a given JWS alg Algorithm identifier.

Generate random code_verifier value.

Generate random nonce value.

Generate random state value.

Returns ID Token claims validated during processAuthorizationCodeOpenIDResponse.

Performs an Introspection Request at the AuthorizationServer.introspection_endpoint | as.introspection_endpoint.

A helper function used to determine if a response processing function returned an OAuth2Error.

Generates a signed JWT-Secured Authorization Request (JAR).

Parses the WWW-Authenticate HTTP Header from a Response instance.

(OAuth 2.0 without OpenID Connect only) Validates Authorization Code Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

(OpenID Connect only) Validates Authorization Code Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Client Credentials Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.device_authorization_endpoint | as.device_authorization_endpoint.

Validates Device Authorization Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Response instance to be one coming from the authorization server's well-known discovery endpoint.

Validates Response instance to be one coming from the AuthorizationServer.introspection_endpoint | as.introspection_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.pushed_authorization_request_endpoint | as.pushed_authorization_request_endpoint.

Validates Refresh Token Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.revocation_endpoint | as.revocation_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.userinfo_endpoint | as.userinfo_endpoint.

Performs a protected resource request at an arbitrary URL.

Performs a Pushed Authorization Request at the AuthorizationServer.pushed_authorization_request_endpoint | as.pushed_authorization_request_endpoint.

Performs a Refresh Token Grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Performs a Revocation Request at the AuthorizationServer.revocation_endpoint | as.revocation_endpoint.

Performs a UserInfo Request at the AuthorizationServer.userinfo_endpoint | as.userinfo_endpoint.

Validates an OAuth 2.0 Authorization Response or Authorization Error Response message returned from the authorization server's AuthorizationServer.authorization_endpoint | as.authorization_endpoint.

Same as validateAuthResponse but for signed JARM responses.

Authorization Server Metadata

Recognized Client Metadata that have an effect on the exposed functionality.

Interface to pass an asymmetric private key and, optionally, its associated JWK Key ID to be added as a kid JOSE Header Parameter.

Supported Client Authentication Methods.

Supported JWS alg Algorithm identifiers.