- Generated by
1.8.18
|
Authlete
|
Authentication request from Authlete to a service implementation. More...
Properties | |
| long | ServiceApiKey [get, set] |
| The API key of the target service. This property is always set when Authlete makes an authentication request. More... | |
| long | ClientId [get, set] |
| The ID of the client application that triggered this authentication request. More... | |
| string | Id [get, set] |
| The ID of the end-user. More... | |
| string | Password [get, set] |
| The password of the end-user. More... | |
| string[] | Claims [get, set] |
| The list of claims requested by the client application. More... | |
| string[] | ClaimsLocales [get, set] |
| The list of locales for claims. More... | |
| Sns | Sns [get, set] |
The SNS that the end-user used for social login. null if the end-user did not use social login. More... | |
| string | AccessToken [get, set] |
| The access token returned by the SNS which the end-user used for social login. More... | |
| string | RefreshToken [get, set] |
| The refresh token returned by the SNS which the end-user used for social login. More... | |
| long | ExpiresIn [get, set] |
| The lifetime of the access token in seconds. More... | |
| string | RawTokenResponse [get, set] |
| The raw response from the token endpoint of the SNS. More... | |
Authentication request from Authlete to a service implementation.
Authlete provides an implementation of authorization endpoint at /api/auth/authorization/direct/{service-api-key}. We call it "direct authorization endpoint". The direct endpoint is provided for development purposes only and it is not suitable for production use. Basically, Authlete users should implement their own authorization endpoints using /api/auth/authorization API, /api/auth/authorization/issue API and /api/auth/authorization/fail API.
If a client application accesses the direct authorization endpoint, the endpoint returns an authorization page (unless the endpoint is disabled by the configuration). After the end-user tries end-user authentication at the UI (by inputting his/her login ID and password to the input fields or by signing in an SNS such as Facebook), Authlete makes an authentication request to the authentication endpoint of your system. This class represents the format of the authentication request.
When the end-user tried end-user authentication by inputting his/her credentials to the input fields of the form, the "id" and "password" parameters in an authentication request are the values that the end-user input.
On the other hand, when the end-user tried end-user authentication by signing in an SNS such as Facebook, the "id" parameter represents the subject (= unique identifier) of the end-user in the SNS and the "password" parameter has no meaning. In this case, the "sns" and "accessToken" parameters are not null. The "accessToken" in an authentication request is the value of the access token issued by the SNS which an implementation of an authentication callback endpoint may use as necessary.
Some notes specific to respective SNSes.
The value of the "id" parameter is unique to each Facebook application and cannot be used across different applications. If you need the third party ID, make an API call to /me API with fields=third_party_id and access_token={accessToken}. See the API document of Facebook for details.
The value of the "rawTokenResponse" parameter is in the form of application/x-www-form-urlencoded (not application/json). This is a violation against RFC 6749.
The value of the "refreshToken" parameter is empty.
"expiresIn" parameter is the value of "expires" in the response from the token endpoint of Facebook. Authlete provides an implementation of token endpoint at /api/auth/token/direct/{service-api-key}. We call it "direct token endpoint". The direct endpoint is provided for development purposes only and it is not suitable for production use. Basically, Authlete users should implement their own token endpoints using /api/auth/token API, /api/auth/token/issue API and /api/auth/token/fail API.
If a client application accesses the direct token endpoint using Resource Owner Password Credentials flow, Authlete makes an authentication request to your system unless the direct endpoint is disabled by the configuration.
|
getset |
The access token returned by the SNS which the end-user used for social login.
|
getset |
The list of claims requested by the client application.
A claim is a piece of information about an end-user. Some standard claim names such as given_name and email are defined in 5.1. Standard Claims of OpenID Connect Core 1.0. The implementation of the authentication callback endpoint should extract data corresponding to the claims from its database and return them to Authlete. The data will be embedded in an ID token.
This property is null when claim data are not necessary (= when an ID token is not necessary to be generated).
|
getset |
The list of locales for claims.
This property holds the value of the "claims_locales" request parameter contained in an authorization request. The values are the end-user's preferred languages and scripts for claims. See 5.2. Claims Languages and Scripts of OpenID Connect Core 1.0 for details.
This property is null when claim data are not necessary (= when an ID token is not necessary to be generated).
|
getset |
The ID of the client application that triggered this authentication request.
|
getset |
The lifetime of the access token in seconds.
|
getset |
The ID of the end-user.
When the value of the Sns property is null, this property holds (1) the value of the login ID that the end-user entered to the login ID field in the authorization page displayed at the direct authorization endpoint (/api/auth/authorization/direct/{service-api-key}), or (2) the value of the "username" request parameter of a request to the direct token endpoint (/api/auth/token/direct/{service-api-key}) in the case of Resource Owner Password Credentials flow.
On the other hand, if the Sns property is not null, this property holds the subject (= unique identifier) of the end-user in the SNS.
This property is always set when Authlete makes an authentication request.
|
getset |
The password of the end-user.
This property holds (1) the value of the password that the end-user entered to the password field in the authorization page displayed at the direct authorization endpoint (/api/auth/authorization/direct/{service-api-key}), or (2) the value of the "password" request parameter of a request to the direct token endpoint (/api/auth/token/direct/{service-api-key}) in the case of Resource Owner Password Credentials flow.
If the Sns property is null, it is ensured that this property is not null. In such a case, authentication should be performed on the pair of the Id property and this Password property. On the other hand, if the Sns property is not null, this property has no meaning because authentication was performed by the SNS.
|
getset |
The raw response from the token endpoint of the SNS.
If the SNS complies with RFC 6749, the format is JSON. Note that Facebook returns data formatted in application/x-www-form-urlencoded.
|
getset |
The refresh token returned by the SNS which the end-user used for social login.
The refresh token.
|
getset |
The API key of the target service. This property is always set when Authlete makes an authentication request.
The SNS that the end-user used for social login. null if the end-user did not use social login.
1.8.18