Authlete
Properties | List of all members
AuthorizationIssueResponse Class Reference

Response from Authlete's /api/auth/authorization/issue API. More...

Inheritance diagram for AuthorizationIssueResponse:
ApiResponse

Properties

AuthorizationIssueAction Action [get, set]
 The next action that the authorization server implementation should take. More...
 
string ResponseContent [get, set]
 The response content which can be used to generate a response to the client application. The format of the value varies depending on the value of the Action property. More...
 
string AccessToken [get, set]
 The newly issued access token. An access token is issued when the response_type request parameter of the authorization request includes token. More...
 
long AccessTokenExpiresAt [get, set]
 The time in milliseconds since the Unix epoch at which the access token will expire. More...
 
long AccessTokenDuration [get, set]
 The duration of the access token in seconds. More...
 
string IdToken [get, set]
 The newly issued ID token. An ID token is issued when the response_type request parameter of the authorization request includes id_token. More...
 
string AuthorizationCode [get, set]
 The newly issued authorization code. An authorization code is issued when the response_type request parameter of the authorization request includes code. More...
 
string JwtAccessToken [get, set]
 The newly issued access token in JWT format. More...
 
- Properties inherited from ApiResponse
string ResultCode [get, set]
 The code of the result of an Authlete API call. For example, "A004001". More...
 
string ResultMessage [get, set]
 The message of the result of an Authlete API call. For example, "[A001202] /client/get/list, Authorization header is missing." More...
 

Detailed Description

Response from Authlete's /api/auth/authorization/issue API.

Authlete's /api/auth/authorization/issue API returns JSON which can be mapped to this class. The authorization server implementation should retrieve the value of the action response parameter (which can be obtained via the Action property) from the response and take the following steps according to the value.

When the value of the Action property is AuthorizationIssueAction.INTERNAL_SERVER_ERROR, it means that the request from the authorization server implementation was wrong or that an error ocurred in Authlete. In either case, from a viewpoint of the client application, it is an error on the server side. Therefore, the authorization server implementation should generate a response to the client application with the HTTP status of "500 Internal Server Error".

In this case, ResponseContent returns a JSON string which describes the error, so it can be used as the entity body of the response. The following illustrates the response which the authorization server implementation should generate and return to the client application.

HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
(The value returned from ResponseContent)

When the value of the Action property is AuthorizationIssueAction.BAD_REQUEST, it means that the ticket is no longer valid (deleted or expired) and that the reason of the invalidity was probably due to the end-user's too-delayed response to the authorization UI.

The HTTP status of the response returned to the client application should be "400 Bad Request" and the content type should be "application/json" although OAuth 2.0 specification does not mention the format of the error response for this case.

In this case, ResponseContent returns a JSON string which describes the error, so it can be used as the entity body of the response. The following illustrates the response which the authorization server implementation should generate and return to the client application.

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
(The value returned from ResponseContent)

When the value of the Action property is AuthorizationIssueAction.LOCATION, it means that the response to the client application should be "302 Found" with a "Location" header.

In this case, ResponseContent returns a redirect URI which contains (1) an authorization code, an ID token and/or an access token (on success) or (2) an error code (on failure), so it can be used as the value of "Location" header. The following illustrates the response which the authorization server implementation should generate and return to the client application.

HTTP/1.1 302 Found
Location: (The value returned from ResponseContent)
Cache-Control: no-store
Pragma: no-cache

When the value of the Action property is AuthorizationIssueAction.FORM, it means that the response to the client application should be "200 OK" with an HTML which triggers redirection by JavaScript. This happens when the authorization request from the client application contains response_mode=form_post.

In this case, ResponseContent returns an HTML which satisfies the requirements of response_mode=form_post, so it can be used as the entity body of the response. The following illustrates the response which the authorization server implementation should generate and return to the client application.

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Cache-Control: no-store
Pragma: no-store
(The value returned from ResponseContent)

Property Documentation

◆ AccessToken

string AccessToken
getset

The newly issued access token. An access token is issued when the response_type request parameter of the authorization request includes token.

If the service is configured to issue JWT-based access tokens, a JWT-based access token is issued additionally. In the case, the JwtAccessToken property holds the JWT-based access token.

Since version 1.3.0.

◆ AccessTokenDuration

long AccessTokenDuration
getset

The duration of the access token in seconds.

Since version 1.3.0.

◆ AccessTokenExpiresAt

long AccessTokenExpiresAt
getset

The time in milliseconds since the Unix epoch at which the access token will expire.

Since version 1.3.0.

◆ Action

AuthorizationIssueAction Action
getset

The next action that the authorization server implementation should take.

◆ AuthorizationCode

string AuthorizationCode
getset

The newly issued authorization code. An authorization code is issued when the response_type request parameter of the authorization request includes code.

Since version 1.3.0.

◆ IdToken

string IdToken
getset

The newly issued ID token. An ID token is issued when the response_type request parameter of the authorization request includes id_token.

Since version 1.3.0.

◆ JwtAccessToken

string JwtAccessToken
getset

The newly issued access token in JWT format.

If the authorization server is configured to issue JWT-based access tokens (= if AccessTokenSignAlg property of Service holds a non-null value), a JWT-based access token is issued along with the original random-string one.

Regarding the detailed format of the JWT-based access token, see the description of the Service class.

Since version 1.3.0.

◆ ResponseContent

string ResponseContent
getset

The response content which can be used to generate a response to the client application. The format of the value varies depending on the value of the Action property.

The documentation for this class was generated from the following file:
Authlete.Dto.BackchannelAuthenticationIssueAction.OK
@ OK
The implementation of the backchannel authentication endpoint should return a 200 OK response to the ...
Authlete.Dto.AuthorizationIssueResponse.ResponseContent
string ResponseContent
The response content which can be used to generate a response to the client application....
Definition: AuthorizationIssueResponse.cs:171