Response from Authlete's /api/auth/revocation API.
More...
Properties | |
| RevocationAction | Action [get, set] |
| The next action that the revocation endpoint should take. More... | |
| string | ResponseContent [get, set] |
| The response content which can be used as the entity body of the response returned from the revocation endpoint to the client application. More... | |
 Properties inherited from ApiResponse | |
| string | ResultCode [get, set] |
The code of the result of an Authlete API call. For example, "A004001". More... | |
| string | ResultMessage [get, set] |
| The message of the result of an Authlete API call. For example, "[A001202] /client/get/list,
Authorization header is missing." More... | |
Detailed Description
Response from Authlete's /api/auth/revocation API.
Authlete's /api/auth/revocation API returns JSON which can be mapped to this class. The authorization server implementation should retrieve the value of the "action" from the response and take the following steps according to the value.
When the value of the Action property is RevocationAction.INVALID_CLIENT, it means that authentication of the client failed. In this case, the HTTP status of the response to the client application should be either "400 Bad Request" or "401 Unauthorized". The description about "invalid_client" shown below is an excerpt from RFC 6749.
invalid_client: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.
In either case, the JSON string returned from the ResponseContent property can be used as the entity body of the response to the client application.
The following illustrates the response which the authorization server implementation should generate and return to the client application.
When the value of the Action property is RevocationAction.INTERNAL_SERVER_ERROR, it means that the request from the authorization server implementation (RevocationRequest) was wrong or that an error occurred in Authlete.
In either case, from a viewpoint of the client application, it is an error on the server side. Therefore, the authorization server implementation should generate a response to the client application with the HTTP status of "500 Internal Server Error".
In this case, ResponseContent returns a JSON string which describes the error, so it can be used as the entity body of the response. The following illustrates the response which the authorization server should generate and return to the client application.
When the value of the Action property is RevocationAction.BAD_REQUEST, it means that the request from the client application is invalid.
The HTTP status of the response returned to the client application must be "400 Bad Request" and the content type must be "application/json". 2.2.1. Error Response of RFC 7009 states "The error presentation conforms to the definition in Section 5.2 of [RFC 6749]."
In this case, ResponseContent returns a JSON string which describes the error, so it can be used as the entity body of the response. The following illustartes the response which the authorization server implementation should generate and return to the client application.
When the value of the Action property is RevocationAction.OK, it means that the request from the client application is valid and the presented token has been revoked successfully or that the client submitted an invalid token. Note that invalid tokens do not cause an error. See 2.2. Revocation Response for details.
The HTTP status of the response returned to the client application must be "200 OK".
If the original request from the client application contains the "callback" request parameter and its value is not empty, the content type should be "application/javascript" and the content should be a JavaScript snippet for JSONP.
In this case, ResponseContent returns a JavaScript snippet if the original request from the client application contains the "callback" request parameter and its value is not empty. Otherwise, ResponseContent returns null. The following illustrates the response which the authorization server implementation should generate and return to the client application.
Property Documentation
◆ Action
|
getset |
The next action that the revocation endpoint should take.
◆ ResponseContent
|
getset |
The response content which can be used as the entity body of the response returned from the revocation endpoint to the client application.
The documentation for this class was generated from the following file:
- Authlete/Dto/RevocationResponse.cs
