Authlete
TokenCreateRequest Class Reference

Request to Authlete's /api/auth/token/create API. The API can be used to create an arbitrary access token without using standard flows. More...

Properties

GrantType GrantType [get, set]
 The grant type to be emulated for a newly created access token. When this property is either GrantType.IMPLICIT or GrantType.CLIENT_CREDENTIALS, a refresh token is not issued. This request parameter is mandatory. More...
 
long ClientId [get, set]
 The ID of the client application which will be associated with a newly created access token. This request parameter is mandatory. More...
 
string Subject [get, set]
 The subject (= unique identifier) of the user who will be associated with a newly created access token. This request parameter is required unless the grant type is GrantType.CLIENT_CREDENTIALS. The value must consist of only ASCII characters and its length must not exceed 100. More...
 
string[] Scopes [get, set]
 The scopes which will be associated with a newly created access token. Scopes that are not supported by the service cannot be specified and requesting them will cause an error. This request parameter is optional. More...
 
long AccessTokenDuration [get, set]
 The duration of a newly created access token in seconds. If the value is 0, the duration is determined according to the settings of the service. This request parameter is optional. More...
 
long RefreshTokenDuration [get, set]
 The duration of a newly created refresh token in seconds. If the value is 0, the duration is determined according to the settings of the service. This request parameter is optional. More...
 
Property[] Properties [get, set]
 Extra properties to be associated with a newly created access token. Note that the "properties" request parameter is accepted only when Content-Type of the request is "application/json", so don't use "application/x-www-form-urlencoded" if you want to use this "properties" request parameter. More...
 
bool IsClientIdAliasUsed [get, set]
 The flag which indicates whether to emulate that the client ID alias is used instead of the original numeric client ID when a new access token is created. More...
 
string AccessToken [get, set]
 The value of the new access token. This request parameter is optional. More...
 
string RefreshToken [get, set]
 The value of the new refresh token. This request parameter is optional. More...
 
bool IsAccessTokenPersistent [get, set]
 The flag which indicates whether the access token expires or not. More...
 
string CertificateThumbprint [get, set]
 The thumbprint of the client certificate bound to the token. If this property is set, a certificate whose thumbprint matches the value must be presented with the access token when it is used by a client. More...
 
string DpopKeyThumbprint [get, set]
 The thumbprint of the public key used for DPoP presentation of the token. If this property is set, a DPoP proof JWT signed with the corresponding private key must be presented with the access token when it is used by a client. More...
 

Detailed Description

Request to Authlete's /api/auth/token/create API. The API can be used to create an arbitrary access token without using standard flows.

Property Documentation

◆ AccessToken

string AccessToken
getset

The value of the new access token. This request parameter is optional.

The /api/auth/token/create API generates an access token. Therefore, callers of the API do not have to specify values of newly created access tokens. However, in some cases, for example, if you want to migrate existing access tokens from an old system to Authlete, you may want to specify values of access tokens. In such a case, you can specify the value of a newly created access token by passing a non-null value as the value of the "accessToken" request parameter. The implementation of the /api/auth/token/create API uses the value of the "accessToken" request parameter instead of generating a new value when the request parameter holds a non-null value.

Note that if the hash value of the specified access token already exists in Authlete's database, the access token cannot be inserted and the /api/auth/token/create API will report an error.

◆ AccessTokenDuration

long AccessTokenDuration
getset

The duration of a newly created access token in seconds. If the value is 0, the duration is determined according to the settings of the service. This request parameter is optional.

◆ CertificateThumbprint

string CertificateThumbprint
getset

The thumbprint of the client certificate bound to the token. If this property is set, a certificate whose thumbprint matches the value must be presented with the access token when it is used by a client.

See RFC 8705 (OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens) for details.

The value should be a base64url-encoded SHA-256 certificate thumbprint.

Since version 1.4.0.

◆ ClientId

long ClientId
getset

The ID of the client application which will be associated with a newly created access token. This request parameter is mandatory.

◆ DpopKeyThumbprint

string DpopKeyThumbprint
getset

The thumbprint of the public key used for DPoP presentation of the token. If this property is set, a DPoP proof JWT signed with the corresponding private key must be presented with the access token when it is used by a client.

See "OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)" for details.

Since version 1.4.0.

◆ GrantType

The grant type to be emulated for a newly created access token. When this property is either GrantType.IMPLICIT or GrantType.CLIENT_CREDENTIALS, a refresh token is not issued. This request parameter is mandatory.

◆ IsAccessTokenPersistent

bool IsAccessTokenPersistent
getset

The flag which indicates whether the access token expires or not.

By default, all access tokens expire after a period of time determined by their service. If this request parameter is true then the access token will not automatically expire and must be revoked or deleted manually at the service.

If this request parameter is true, the accessTokenDuration request parameter is ignored.

Since version 1.3.0.

◆ IsClientIdAliasUsed

bool IsClientIdAliasUsed
getset

The flag which indicates whether to emulate that the client ID alias is used instead of the original numeric client ID when a new access token is created.

This has an effect only on the value of the "aud" claim in a response from a userinfo endpoint. When you access the userinfo endpoint (which is expected to be implemented using Authlete's /api/auth/userinfo API and /api/auth/userinfo/issue API) with an access token which has been created using Authlete's /api/auth/token/create API with this property (IsClientIdAliasUsed) true, the client ID alias is used as the value of the "aud" claim in a response from the userinfo endpoint.

Note that if a client ID alias is not assigned to the client when Authlete's /api/auth/token/create API is called, this property has no effect (it is always regarded as false).

◆ Properties

Property [] Properties
getset

Extra properties to be associated with a newly created access token. Note that the "properties" request parameter is accepted only when Content-Type of the request is "application/json", so don't use "application/x-www-form-urlencoded" if you want to use this "properties" request parameter.

◆ RefreshToken

string RefreshToken
getset

The value of the new refresh token. This request parameter is optional.

The /api/auth/token/create API generates a refresh token as necessary. Therefore, callers of the API do not have to specify values of newly created refresh tokens. However, in some cases, for example, if you want to migrate existing refresh tokens from an old system to Authlete, you may want to specify values of refresh tokens. In such a case, you can specify the value of a newly created refresh token by passing a non-null value as the value of the "refreshToken" request parameter. The implementation of the /api/auth/token/create API uses the value of the "refreshToken" request parameter instead of generating a new value when the request parameter holds a non-null value.

Note that if the hash value of the specified refresh token already exists in Authlete's database, the refresh token cannot be inserted and the /api/auth/token/create API will report an error.

◆ RefreshTokenDuration

long RefreshTokenDuration
getset

The duration of a newly created refresh token in seconds. If the value is 0, the duration is determined according to the settings of the service. This request parameter is optional.

A refresh token is not created (1) if the service is configured not to support GrantType.REFRESH_TOKEN, or (2) if the specified grant type is either GrantType.IMPLICIT or GrantType.CLIENT_CREDENTIALS.

◆ Scopes

string [] Scopes
getset

The scopes which will be associated with a newly created access token. Scopes that are not supported by the service cannot be specified and requesting them will cause an error. This request parameter is optional.

◆ Subject

string Subject
getset

The subject (= unique identifier) of the user who will be associated with a newly created access token. This request parameter is required unless the grant type is GrantType.CLIENT_CREDENTIALS. The value must consist of only ASCII characters and its length must not exceed 100.


The documentation for this class was generated from the following file: