Classes
class	Address
	Address claim that represents a physical mailing address. See 5.1.1. Address Claim in OpenID Connect Core 1.0 for details. More...

class	ApiResponse
	The base class for classes that represent responses from Authlete APIs. More...

class	AuthenticationCallbackRequest
	Authentication request from Authlete to a service implementation. More...

class	AuthenticationCallbackResponse
	Authentication response from a service implementation to Authlete. More...

class	AuthorizationFailRequest
	Request to Authlete's `/api/auth/authorization/fail` API. An authorization endpoint implementation is supposed to call the API to generate an error response to a client application. More...

class	AuthorizationFailResponse
	Response from Authlete's `/api/auth/authorization/fail` API. More...

class	AuthorizationIssueRequest
	Request to Authlete's `/api/auth/authorization/issue` API. More...

class	AuthorizationIssueResponse
	Response from Authlete's `/api/auth/authorization/issue` API. More...

class	AuthorizationRequest
	Request to Authlete's `/api/auth/authorization` API. An authorization endpoint implementation is supposed to pass all the request parameters it received from a client application to the API. More...

class	AuthorizationResponse
	Response from Authlete's `/api/auth/authorization` API. More...

class	AuthorizedClientListResponse
	Response from Authlete's `/api/client/authorization/get/list` API. More...

class	BackchannelAuthenticationCompleteRequest
	Request to Authlete's `/api/backchannel/authentication/complete` API. More...

class	BackchannelAuthenticationCompleteResponse
	Response from Authlete's `/api/backchannel/authentication/complete` API. More...

class	BackchannelAuthenticationFailRequest
	Request to Authlete's `/api/backchannel/authentication/fail` API. More...

class	BackchannelAuthenticationFailResponse
	Response from Authlete's `/api/backchannel/authentication/fail` API. More...

class	BackchannelAuthenticationIssueRequest
	Request to Authlete's `/api/backchannel/authentication/issue` API. More...

class	BackchannelAuthenticationIssueResponse
	Response from Authlete's `/api/backchannel/authentication/issue` API. More...

class	BackchannelAuthenticationRequest
	Request to Authlete's `/api/backchannel/authentication` API. More...

class	BackchannelAuthenticationResponse
	Response from Authlete's `/api/backchannel/authentication` API. More...

class	Client
	Information about a client application. More...

class	ClientAuthorizationDeleteRequest
	Request to Authlete's `/api/client/authorization/delete/{clientId}` API. The API deletes all existing access tokens issued to a client application by an end-user. More...

class	ClientAuthorizationGetListRequest
	Request to Authlete's `/api/client/authorization/get/list` API. The API returns a list of client applications to which an end-user has given authorization. More...

class	ClientAuthorizationUpdateRequest
	Request to Authlete's `/api/client/authorization/update/{clientId}` API. The API updates attributes of all existing access tokens issued to a client application by an end-user. More...

class	ClientExtension
	Extended information about a client application. More...

class	ClientListResponse
	Response from Authlete's `/api/client/get/list` API. More...

class	ClientSecretRefreshResponse
	Response from Authlete's `/api/client/secret/refresh` API. More...

class	ClientSecretUpdateRequest
	Request to Authlete's `/api/client/secret/update` API. The API replaces the client secret with the specified value. More...

class	ClientSecretUpdateResponse
	Response from Authlete's `/api/client/secret/update` API. More...

class	DeveloperAuthenticationCallbackRequest
	Developer authentication request from Authlete to a service implementation. More...

class	DeveloperAuthenticationCallbackResponse
	Developer authentication response from a service implementation to Authlete. More...

class	DeviceAuthorizationRequest
	Request to Authlete's `/api/device/authorization` API. More...

class	DeviceAuthorizationResponse
	Response from Authlete's `/api/device/authorization` API. More...

class	DeviceCompleteRequest
	Request to Authlete's `/api/device/complete` API. More...

class	DeviceCompleteResponse
	Response from Authlete's `/api/device/complete` API. More...

class	DeviceVerificationRequest
	Request to Authlete's `/api/device/verification` API. The API is used to get information associated with a user code. More...

class	DeviceVerificationResponse
	Response from Authlete's `/api/device/verification` API. More...

class	GrantedScopesGetResponse
	Response from Authlete's `/api/client/granted_scopes/get/{clientId}` API. More...

class	IntrospectionRequest
	Request to Authlete's `/api/auth/introspection` API. The API returns information about an access token. More...

class	IntrospectionResponse
	Response from Authlete's `/api/auth/introspection` API. More...

class	NamedUri
	Named URI. More...

class	Pair
	A pair of a string key and a string value. More...

class	Property
	A property associated with an access token and/or an authorization code. Some Authlete APIs accept a `"properties"` request parameter. The value of the parameter is an array of `Property`. More...

class	PushedAuthReqRequest
	Request to Authlete's `/api/pushed_auth_req` API. More...

class	PushedAuthReqResponse
	Response from Authlete's `/api/pushed_auth_req` API. More...

class	RevocationRequest
	Request to Authlete's `/api/auth/revocation` API. More...

class	RevocationResponse
	Response from Authlete's `/api/auth/revocation` API. More...

class	Scope
	Information about a scope (3.3. Access Token Scope). More...

class	Service
	Information about a service which represents an authorization server / OpenID provider. More...

class	ServiceListResponse
	Response from Authlete's `/api/service/get/list` API. More...

class	SnsCredentials
	Sns credentials. More...

class	StandardIntrospectionRequest
	Request to Authlete's `/api/auth/introspection/standard` API. More...

class	StandardIntrospectionResponse
	Response from Authlete's `/api/auth/introspection/standard` API. Note that the API and `/api/auth/introspection` API are different. The `/api/auth/introspection/standard` API exists to help your authorization server provide its own introspection API which complies with RFC 7662 (OAuth 2.0 Token Introspection). More...

class	TaggedValue
	A string value with a language tag. More...

class	TokenCreateRequest
	Request to Authlete's `/api/auth/token/create` API. The API can be used to create an arbitrary access token without using standard flows. More...

class	TokenCreateResponse
	Response from Authlete's `/api/auth/token/create` API. More...

class	TokenFailRequest
	Request to Authlete's `/api/auth/token/fail` API. More...

class	TokenFailResponse
	Response from Authlete's `/api/auth/token/fail` API. More...

class	TokenIssueRequest
	Request to Authlete's `/api/auth/token/issue` API. More...

class	TokenIssueResponse
	Response from Authlete's `/api/auth/token/issue` API. More...

class	TokenRequest
	Request to Authlete's `/api/auth/token` API. More...

class	TokenResponse
	Response from Authlete's `/api/auth/token` API. More...

class	TokenUpdateRequest
	Request to Authlete's `/api/auth/token/update` API. More...

class	TokenUpdateResponse
	Response from Authlete's `/api/auth/token/update` API. More...

class	UserInfoIssueRequest
	Request to Authlete's `/api/auth/userinfo/issue` API. More...

class	UserInfoIssueResponse
	Response from Authlete's `/api/auth/userinfo/issue` API. More...

class	UserInfoRequest
	Request to Authlete's `/api/auth/userinfo` API. More...

class	UserInfoResponse
	Response from Authlete's `/api/auth/userinfo` API. More...

Enumerations
enum	AuthorizationAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, LOCATION, FORM, NO_INTERACTION, INTERACTION }
	The value of `action` in responses from Authlete's `/api/auth/authorization` API. More...

enum	AuthorizationFailAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, LOCATION, FORM }
	The value of `action` in responses from Authlete's `/api/auth/authorization/fail` API. More...

enum	AuthorizationFailReason { UNKNOWN, NOT_LOGGED_IN, MAX_AGE_NOT_SUPPORTED, EXCEEDS_MAX_AGE, DIFFERENT_SUBJECT, ACR_NOT_SATISFIED, DENIED, SERVER_ERROR, NOT_AUTHENTICATED, ACCOUNT_SELECTION_REQUIRED, CONSENT_REQUIRED, INTERACTION_REQUIRED, INVALID_TARGET }
	The value of `reason` in requests to Authlete's `/api/auth/authorization/fail` API. More...

enum	AuthorizationIssueAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, LOCATION, FORM }
	The value of `action` in responses from Authlete's `/api/auth/authorization/issue` API. More...

enum	BackchannelAuthenticationAction { BAD_REQUEST, UNAUTHORIZED, INTERNAL_SERVER_ERROR, USER_IDENTIFICATION }
	The value of `action` in responses from Authlete's `/api/backchannel/authentication` API. More...

enum	BackchannelAuthenticationCompleteAction { NOTIFICATION, NO_ACTION, SERVER_ERROR }
	The value of `action` in responses from Authlete's `/api/backchannel/authentication/complete` API. More...

enum	BackchannelAuthenticationCompleteResult { AUTHORIZED, ACCESS_DENIED, TRANSACTION_FAILED }
	Valid values of `result` in requests to Authlete's `/api/backchannel/authentication/complete` API. More...

enum	BackchannelAuthenticationFailAction { BAD_REQUEST, FORBIDDEN, INTERNAL_SERVER_ERROR }
	The value of `action` in responses from Authlete's `/api/backchannel/authentication/fail` API. More...

enum	BackchannelAuthenticationFailReason { EXPIRED_LOGIN_HINT_TOKEN, UNKNOWN_USER_ID, UNAUTHORIZED_CLIENT, MISSING_USER_CODE, INVALID_USER_CODE, INVALID_BINDING_MESSAGE, INVALID_TARGET, ACCESS_DENIED, SERVER_ERROR }
	Failure reasons of backchannel authentication requests. More...

enum	BackchannelAuthenticationIssueAction { OK, INTERNAL_SERVER_ERROR, INVALID_TICKET }
	The value of `action` in responses from Authlete's `/api/backchannel/authentication/issue` API. More...

enum	DeviceAuthorizationAction { OK, BAD_REQUEST, UNAUTHORIZED, INTERNAL_SERVER_ERROR }
	The value of `action` in responses from Authlete's `/api/device/authorization` API. More...

enum	DeviceCompleteAction { SUCCESS, INVALID_REQUEST, USER_CODE_EXPIRED, USER_CODE_NOT_EXIST, SERVER_ERROR }
	The value of `action` in responses from Authlete's `/api/device/complete` API. More...

enum	DeviceCompleteResult { AUTHORIZED, ACCESS_DENIED, TRANSACTION_FAILED }
	Valid values of `result` in requests to Authlete's `/api/device/complete` API. More...

enum	DeviceVerificationAction { VALID, EXPIRED, NOT_EXIST, SERVER_ERROR }
	The value of `action` in responses from Authlete's `/api/device/verification` API. More...

enum	IntrospectionAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, OK }
	The value of `action` in responses from Authlete's `/api/auth/introspection` API. More...

enum	PushedAuthReqAction { CREATED, BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, PAYLOAD_TOO_LARGE, INTERNAL_SERVER_ERROR }
	The value of `action` in responses from Authlete's `/api/pushed_auth_req` API. More...

enum	RevocationAction { INVALID_CLIENT, INTERNAL_SERVER_ERROR, BAD_REQUEST, OK }
	The value of `action` in responses from Authlete's `/api/auth/revocation` API. More...

enum	StandardIntrospectionAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, OK }
	The value of `action` in responses from Authlete's `/api/auth/introspection/standard` API. More...

enum	TokenAction { INVALID_CLIENT, INTERNAL_SERVER_ERROR, BAD_REQUEST, PASSWORD, OK }
	The value of `action` in responses from Authlete's `/api/auth/token` API. More...

enum	TokenCreateAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, FORBIDDEDN, OK }
	The value of `action` in responses from Authlete's `/api/auth/token/create` API. More...

enum	TokenFailAction { INTERNAL_SERVER_ERROR, BAD_REQUEST }
	The value of `action` in responses from Authlete's `/api/auth/token/fail` API. More...

enum	TokenFailReason { UNKNOWN, INVALID_RESOURCE_OWNER_CREDENTIALS, INVALID_TARGET }
	The value of `reason` in requests to Authlete's `/api/auth/token/fail` API. More...

enum	TokenIssueAction { INTERNAL_SERVER_ERROR, OK }
	The value of `action` in responses from Authlete's `/api/auth/token/issue` API. More...

enum	TokenUpdateAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, FORBIDDEN, NOT_FOUND, OK }
	The value of `action` in responses from Authlete's `/api/auth/token/update` API. More...

enum	UserInfoAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, OK }
	The value of `action` in responses from Authlete's `/api/auth/userinfo` API. More...

enum	UserInfoIssueAction { INTERNAL_SERVER_ERROR, BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, JSON, JWT }
	The value of `action` in responses from Authlete's `/api/auth/userinfo/issue` API. More...

Enumeration Type Documentation

◆ AuthorizationAction

enum AuthorizationAction

strong

The value of action in responses from Authlete's /api/auth/authorization API.

Enumerator
INTERNAL_SERVER_ERROR	The request from the authorization server implementation was wrong or an error occurred in Authlete. The authorization server implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The authorization request was wrong and the authorization server implementation should notify the client application of the error by `"400 Bad Request"`.
LOCATION	The authorization request was wrong and the authorization server implementation should notify the client application of the error by `"302 Found"`.
FORM	The authorization request was wrong and the authorization server implementation should notify the client application of the error by `"200 OK"` with an HTML which triggers redirection by JavaScript. See OAuth 2.0 Form Post Response Mode for details.
NO_INTERACTION	The authorization request was valid and the authorization server implementation should issue an authorization code, an ID token and/or an access token without interaction with the end-user.
INTERACTION	The authorization request was valid and the authorization server implementation should display UI to ask for authorization from the end-user.

◆ AuthorizationFailAction

enum AuthorizationFailAction

strong

The value of action in responses from Authlete's /api/auth/authorization/fail API.

Enumerator
INTERNAL_SERVER_ERROR	The request from the authorization server implementation was wrong or an error occurred in Authlete, so the authorization server implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The ticket was no longer valid. The authorization server implementation should return `"400 Bad Request"` to the client application.
LOCATION	The authorization server implementation should return `"302 Found"` to the client application with `"Location"` header.
FORM	The authorization server implementation should return `"200 OK"` to the client application with an HTML which triggers redirection. See OAuth 2.0 Form Post Response Mode for details.

◆ AuthorizationFailReason

enum AuthorizationFailReason

strong

The value of reason in requests to Authlete's /api/auth/authorization/fail API.

Enumerator
UNKNOWN	Unknown reason. Using this reason will result in `error=server_error`.
NOT_LOGGED_IN	The authorization request from the client application contained `prompt=none`, but any end-user has not logged in. Using this reason will result in `error=login_required`. See 3.1.2.1. Authentication Request of OpenID Connect Core 1.0 for the `"prompt"` request parameter.
MAX_AGE_NOT_SUPPORTED	The authorization request from the client application contained the `"max_age"` request parameter with a non-zero value or the client's configuration has a non-zero value for the `"default_max_age"` configuration parameter, but the authorization server implementation cannot behave properly based on the max age value mainly because the authorization server implementation does not manage authentication time of end-users. Using this reason will result in `error=login_required`. See 3.1.2.1. Authentication Request of OpenID Connect Core 1.0 for the `"max_age"` request parameter. See 2. Client Metadata of OpenID Connect Dynamic Client Registration 1.0 for the `"default_max_age"` configuration parameter.
EXCEEDS_MAX_AGE	The authorization request from the client application contained `prompt=none`, but the time specified by the `"max_age"` request parameter or by the `"default_max_age"` configuration parameter has passed since the time at which the end-user logged in. Using this reason will result in `error=login_required`. See 3.1.2.1. Authentication Request of OpenID Connect Core 1.0 for the `"prompt"` and `"max_age"` request parameters. See 2. Client Metadata of OpenID Connect Dynamic Client Registration 1.0 for the `"default_max_age"` configuration parameter.
DIFFERENT_SUBJECT	The authorization request from the client application requested a specific value for the `"sub"` claim, but the current end-user (in the case of `prompt=none`) or the end-user after the authentication is different from the specified value. Using this reason will result in `error=login_required`.
ACR_NOT_SATISFIED	The authorization request from the client application contained the `"acr"` claim in the `"claims"` request parameter and the claim was marked as essential, but the ACR performed for the end-user does not match any one of the requested ACRs. Using this reason will result in `error=login_required`.
DENIED	The end-user denied the authorization request from the client application. Using this reason will result in `error=access_denied`.
SERVER_ERROR	Server error. Using this reason will result in `error=server_error`.
NOT_AUTHENTICATED	The end-user was not authenticated. Using this reason will result in `error=login_required`.
ACCOUNT_SELECTION_REQUIRED	The authorization server cannot obtain an account selection choice made by the end-user. Using this reason will result in `error=account_selection_required`.
CONSENT_REQUIRED	The authorization server cannot obtain consent from the end-user. Using this reason will result in `error=consent_required`.
INTERACTION_REQUIRED	The authorization server needs interaction with the end-user. Using this reason will result in `error=interaction_required`.
INVALID_TARGET	The requested resource is invalid, missing, unknown, or malformed. Using this reason will result in `error=invalid_target`. See RFC 8707 (Resource Indicators for OAuth 2.0) for details. Since version 1.4.0.

◆ AuthorizationIssueAction

enum AuthorizationIssueAction

strong

The value of action in responses from Authlete's /api/auth/authorization/issue API.

Enumerator
INTERNAL_SERVER_ERROR	The request from the authorization server implementation was wrong or an error occurred in Authlete, so the authorization server implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The ticket was no longer valid. The authorization server implementation should return `"400 Bad Request"` to the client application.
LOCATION	The authorization server implementation should return `"302 Found"` to the client application with a `"Location"` header.
FORM	The authorization server implementation should return `"200 OK"` to the client application with an HTML which triggers redirection.

◆ BackchannelAuthenticationAction

enum BackchannelAuthenticationAction

strong

The value of action in responses from Authlete's /api/backchannel/authentication API.

Since version 1.3.0.

Enumerator
BAD_REQUEST	The backchannel authentication request is invalid. The authorization server implementation should return an error response with `400 Bad Request` and `application/json` to the client application.
UNAUTHORIZED	Client authentication of the backchannel authentication request failed. The authorization server implementation should return an error response with `401 Unauthorized` and `application/json` to the client application.
INTERNAL_SERVER_ERROR	The API call from the authorization server implementation was wrong or an error occurred on Authlete side. The authorization server implementation should return an error response with `500 Internal Server Error` and `application/json` to the client application.
USER_IDENTIFICATION	The backchannel authentication request was valid. The authorization server implementation is required to (1) identify the subject of the end-user from the given hint, (2) issue `auth_req_id` to the client application, (3) communicate with an authentication device of the end-user to perform end-user authentication and authorization, etc. See the API document of `BackchannelAuthenticationResponse` for details.

◆ BackchannelAuthenticationCompleteAction

enum BackchannelAuthenticationCompleteAction

strong

The value of action in responses from Authlete's /api/backchannel/authentication/complete API.

Since version 1.3.0.

Enumerator

NOTIFICATION

The authorization server implementation must send a notification to the client's notification endpoint. This action code is returned when the backchannel token delivery mode is "ping" or "push".

NO_ACTION

The authorization server implementation does not have to take any immediate action for this API response. The remaining task is just to handle polling requests from the client to the token endpoint. This action code is returned when the backchannel token delivery mode is "poll".

SERVER_ERROR

An error occurred either because the ticket included in the API call was invalid or because an error occurred on Authlete side.

If an error occurred after Authlete succeeded in retrieving data associated with the ticket from the database and if the backchannel token delivery mode is "ping" or "push", NOTIFICATION is used as the value of action instead of SERVER_ERROR.

◆ BackchannelAuthenticationCompleteResult

enum BackchannelAuthenticationCompleteResult

strong

Valid values of result in requests to Authlete's /api/backchannel/authentication/complete API.

Since version 1.3.0.

Enumerator

AUTHORIZED

The end-user was authenticated and has granted authorization to the client application.

ACCESS_DENIED

The end-user denied the backchannel authentication request.

TRANSACTION_FAILED

The authorization server could not get the result of end-user authentication and authorization from the authentication device for some reasons.

For example, the authorization server failed to communicate with the authentication device due to a network error, the device did not return a response within a reasonable time, etc.

This result can be used as a generic error.

◆ BackchannelAuthenticationFailAction

enum BackchannelAuthenticationFailAction

strong

The value of action in responses from Authlete's /api/backchannel/authentication/fail API.

Since version 1.3.0.

Enumerator

BAD_REQUEST

The implementation of the backchannel authentication endpoint should return a 400 Bad Request response to the client application.

FORBIDDEN

The implementation of the backchannel authentication endpoint should return a 403 Forbidden response to the client application.

BackchannelAuthenticationFailResponse.Action holds this value only when the reason request parameter of the API call was BackchannelAuthenticationFailReason.ACCESS_DENIED.

INTERNAL_SERVER_ERROR

The implementation of the backchannel authentication endpoint should return a 500 Internal Server Error response to the client application. However, in most cases, commercial implementations prefer to use other HTTP status code than 5xx.

BackchannelAuthenticationFailResponse.Action holds this value only when (1) the reason request parameter of the API call was BackchannelAuthenticationFailReason.SERVER_ERROR, (2) an error occurred on Authlete side, or (3) the request parameters of the API call were wrong.

◆ BackchannelAuthenticationFailReason

enum BackchannelAuthenticationFailReason

strong

Failure reasons of backchannel authentication requests.

Since version 1.3.0.

Enumerator
EXPIRED_LOGIN_HINT_TOKEN	The "login_hint_token" included in the backchannel authentication request is not valid because it has expired. Note that the CIBA Core specification does not describe the format of `login_hint_token` and how to detect expiration. Using this reason will result in `"error":"expired_login_hint_token"`.
UNKNOWN_USER_ID	The authorization server is not able to identify which end-user the client wishes to be authenticated by means of the hint (`login_hint_token`, `id_token_hint` or `login_hint`) included in the backchannel authentication request. Using this reason will result in `"error":"unknown_user_id"`.
UNAUTHORIZED_CLIENT	The client is not authorized to use the CIBA flow. Note that `/api/backchannel/authentication` API does not return `action=USER_IDENTIFICATION` in cases where the client does not exist or client authentication has failed. Therefore, the authorization server implementation will never have to call `/api/backchannel/authentication/fail` API with `reason=UNAUTHORIZED_CLIENT` unless the server has intentionally implemented custom rules to reject backchannel authentication requests from particular clients. Using this reason will result in `"error":"unauthorized_client"`.
MISSING_USER_CODE	A user code is required but the backchannel authentication request does not contain it. Note that `/api/backchannel/authentication` API does not return `action=USER_IDENTIFICATION` when both the `backchannel_user_code_parameter_supported` metadata of the server and the `backchannel_user_code_parameter` metadata of the client are `true` and the backchannel authentication request does not include the `user_code` request parameter. In this case, `/api/backchannel/authentication` API returns `action=BAD_REQUEST` with JSON containing `"error":"missing_user_code"`. Therefore, the authorization server implementation will never have to call `/api/backchannel/authentication/fail` API with `reason=MISSING_USER_CODE` unless the server has intentionally implemented custom rules to require a user code even in the case where the `backchannel_user_code_parameter` metadata of the client which has made the backchannel authentication request is `false`. Using this reason will result in `"error":"missing_user_code"`.
INVALID_USER_CODE	The user code included in the backchannel authentication request is invalid. Using this reason will result in `"error":"invalid_user_code"`.
INVALID_BINDING_MESSAGE	The binding message is invalid or unacceptable for use in the context of the given backchannel authentication request. Using this reason will result in `"error":"invalid_binding_message"`.
INVALID_TARGET	The requested resource is invalid, missing, unknown, or malformed. See RFC 8707 (Resource Indicators for OAuth 2.0) for details. Using this reason will result in `"error":"invalid_target"`. Since version 1.4.0.
ACCESS_DENIED	The resource owner or the authorization server denied the request. Calling `/api/backchannel/authentication/fail` API with this reason implies that the backchannel authentication endpoint is going to return an error of `access_denied` to the client application without asking the end-user whether she authorizes or rejects the request. Using this reason will result in `"error":"access_denied"`.
SERVER_ERROR	The backchannel authentication request cannot be processed successfully due to a server-side error. Using this reason will result in `"error":"server_error"`.

◆ BackchannelAuthenticationIssueAction

enum BackchannelAuthenticationIssueAction

strong

The value of action in responses from Authlete's /api/backchannel/authentication/issue API.

Since version 1.3.0.

Enumerator
OK	The implementation of the backchannel authentication endpoint should return a `200 OK` response to the client application.
INTERNAL_SERVER_ERROR	The implementation of the backchannel authentication endpoint should return a `500 Internal Server Error` response to the client application. However, in most cases, commercial implementations prefer to use other HTTP status code than `5xx`.
INVALID_TICKET	The ticket included in the API call is invalid. It does not exist or has expired.

◆ DeviceAuthorizationAction

enum DeviceAuthorizationAction

strong

The value of action in responses from Authlete's /api/device/authorization API.

Since version 1.5.0.

Enumerator
OK	The device authorization request is valid. The authorization server implementation should return a successful response with `200 OK` and `application/json` to the client application.
BAD_REQUEST	The device authorization request is invalid. The authorization server implementation should return an error response with `400 Bad Request` and `application/json` to the client application.
UNAUTHORIZED	Client authentication of the device authorization request failed. The authorization server implementation should return an error response with `401 Unauthorized` and `application/json` to the client application.
INTERNAL_SERVER_ERROR	The API call from the authorization server implementation was wrong or an error occurred on Authlete side. The authorization server implementation should return an error response with `500 Internal Server Error` and `application/json` to the client application.

◆ DeviceCompleteAction

enum DeviceCompleteAction

strong

The value of action in responses from Authlete's /api/device/complete API.

Since version 1.5.0.

Enumerator
SUCCESS	The API call has been processed successfully. The authorization server should return a successful response to the web browser the end-user is using.
INVALID_REQUEST	The API call is invalid. Probably, the authorization server implementation has some bugs.
USER_CODE_EXPIRED	The user code has expired. The authorization server implementation should tell the end-user that the user code has expired and urge her to re-initiate a device flow.
USER_CODE_NOT_EXIST	The user code does not exist. The authorization server implementation should tell the end-user that the user code has been invalidated and urge her to re-initiate a device flow.
SERVER_ERROR	An error occurred on Authlete side. The authorization server implementation should tell the end-user that something wrong happened and urge her to re-initiate a device flow.

◆ DeviceCompleteResult

enum DeviceCompleteResult

strong

Valid values of result in requests to Authlete's /api/device/complete API.

Since version 1.5.0.

Enumerator

AUTHORIZED

The end-user was authenticated and has granted authorization to the client application.

ACCESS_DENIED

The end-user denied the device authorization request.

TRANSACTION_FAILED

The authorization server could not get decision from the end-user for some reasons.

This result can be used as a generic error.

◆ DeviceVerificationAction

enum DeviceVerificationAction

strong

The value of action in responses from Authlete's /api/device/verification API.

Since version 1.5.0.

Enumerator
VALID	The user code is valid. This means that the user code exists, has not expired, and belongs to the service. The authorization server implementation should interact with the end-user to ask whether she approves or rejects the authorization request from the device.
EXPIRED	The user code has expired. The authorization server implementation should tell the end-user that the user code has expired and urge her to re-initiate a device flow.
NOT_EXIST	The user code does not exist. The authorization server implementation should tell the end-user that the user code is invalid and urge her to retry to input a valid user code.
SERVER_ERROR	An error occurred on Authlete side. The authorization server implementation should tell the end-user that something wrong happened and urge her to re-initiate a device flow.

◆ IntrospectionAction

enum IntrospectionAction

strong

The value of action in responses from Authlete's /api/auth/introspection API.

Enumerator
INTERNAL_SERVER_ERROR	The request from the resource server was wrong or an error occurred in Authlete. The resource server should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The request does not contain an access token. The resource server should return `"400 Bad Request"` to the client application.
UNAUTHORIZED	The access token does not exist or has expired. The resource server should return `"401 Unauthorized"` to the client application.
FORBIDDEN	The access token does not cover the required scopes. The resource server should return `"403 Forbidden"` to the client application.
OK	The access token is valid. The resource server should return the protected resource to the client application.

◆ PushedAuthReqAction

enum PushedAuthReqAction

strong

The value of action in responses from Authlete's /api/pushed_auth_req API.

Since version 1.5.0.

Enumerator
CREATED	The pushed authorization request has been registered successfully. The endpoint should return `201 Created` to the client application.
BAD_REQUEST	The request is invalid. The pushed authorization request endpoint should return `400 Bad Request` to the client application.
UNAUTHORIZED	The client authentication at the pushed authorization request endpoint failed. The endpoint should return `401 Unauthorized` to the client application.
FORBIDDEN	The client application is not allowed to use the pushed authorization request endpoint. The endpoint should return `403 Forbidden` to the client application.
PAYLOAD_TOO_LARGE	The size of the pushed authorization request is too large. The endpoint should return `413 Payload Too Large` to the client application.
INTERNAL_SERVER_ERROR	The API call was wrong or an error occurred on Authlete side. The pushed authorization request endpoint should return `500 Internal Server Error` to the client application. However, it is up to the authorization server's policy whether to return `500` actually.

◆ RevocationAction

enum RevocationAction

strong

The value of action in responses from Authlete's /api/auth/revocation API.

Enumerator
INVALID_CLIENT	Authentication of the client application failed. The authorization server implementation should return either `"400 Bad Request"` or `"401 Unauthorized"` to the client application.
INTERNAL_SERVER_ERROR	The request from the authorization server implementation was wrong or an error occurred in Authlete. The authorization server implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The request from the client application was wrong. The authorization server implementation should return `"400 Bad Request"` to the client application.
OK	The request from the client application was valid. The authorization server implementation should return `"200 OK"` to the client application.

◆ StandardIntrospectionAction

enum StandardIntrospectionAction

strong

The value of action in responses from Authlete's /api/auth/introspection/standard API.

Enumerator
INTERNAL_SERVER_ERROR	The request from the implementation of your introspection endpoint was wrong or an error occurred in Authlete. The introspection endpoint should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The request from the client application was wrong. The introspection endpoint of your authorization server should return `"400 Bad Request"` to the client application.
OK	The request from the client application was valid. The introspection endpoint of your authorization server should return `"200 OK"` to the client application.

◆ TokenAction

enum TokenAction

strong

The value of action in responses from Authlete's /api/auth/token API.

Enumerator
INVALID_CLIENT	Authentication of the client application failed. The token endpoint implementation should return either `"400 Bad Request"` or `"401 Unauthorized"` to the client application.
INTERNAL_SERVER_ERROR	The request from your system to Authlete was wrong or an error occurred in Authlete. The token endpoint implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The token request from the client application was wrong. The token endpoint implementation should return `"400 Bad Request"` to the client appication.
PASSWORD	The token request from the client application was valid and the grant type is `"password"`. The token endpoint implementation should validate the credentials of the resource owner and call Authlete's `/api/auth/token/issue` API or `/api/auth/token/fail` API according to the result of the validation.
OK	The token request from the client was valid. The token endpoint implementation should return `"200 OK"` to the client application with an access token.

◆ TokenCreateAction

enum TokenCreateAction

strong

The value of action in responses from Authlete's /api/auth/token/create API.

Enumerator
INTERNAL_SERVER_ERROR	An error occurred on Authlete side.
BAD_REQUEST	The request from your system was wrong. For example, this happens when the `"grantType"` request parameter is missing.
FORBIDDEDN	The request from your system was not allowed. For example, this happens when the client application identified by the `"clientId"` request parameter does not belong to the service identified by the API key used for the API call.
OK	An access token and optionally a refresh token were issued successfully.

◆ TokenFailAction

enum TokenFailAction

strong

The value of action in responses from Authlete's /api/auth/token/fail API.

Enumerator
INTERNAL_SERVER_ERROR	The request from your system was wrong or an error occurred in Authlete. The token endpoint implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	Authlete's `/api/auth/token/fail` API successfully generated an error response for the client application. The token endpoint implementation should return `"400 Bad Request"` to the client application.

◆ TokenFailReason

enum TokenFailReason

strong

The value of reason in requests to Authlete's /api/auth/token/fail API.

Enumerator

UNKNOWN

Unknown reason. Using this reason will result in error=server_error.

INVALID_RESOURCE_OWNER_CREDENTIALS

The resource owner's credentials (username and password contained in the token request whose flow is Resource Owner Password Credentials) are invalid. Using this reason will result in error=invalid_request.

INVALID_TARGET

The requested resource is invalid, missing, unknown, or malformed. Using this reason will result in error=invalid_target.

See RFC 8707 (Resource Indicators for OAuth 2.0) for details.

Since version 1.4.0.

◆ TokenIssueAction

enum TokenIssueAction

strong

The value of action in responses from Authlete's /api/auth/token/issue API.

Enumerator
INTERNAL_SERVER_ERROR	The request from your system was wrong or an error occurred in Authlete. The token endpoint should return `"500 Internal Server Error"` to the client application.
OK	Authlete's `/api/auth/token/issue` API successfully generated an access token. The token endpoint should return `"200 OK"` to the client application with the access token.

◆ TokenUpdateAction

enum TokenUpdateAction

strong

The value of action in responses from Authlete's /api/auth/token/update API.

Enumerator
INTERNAL_SERVER_ERROR	An error occurred on Authlete side.
BAD_REQUEST	The request from the caller was wrong. For example, this happens when the `"accessToken"` request parameter was missing.
FORBIDDEN	The request from the caller was not allowed. For example, this happens when the access token identified by the `"accessToken"` request parameter does not belong to the service identified by the API key used for the API call.
NOT_FOUND	The specified access token does not exist.
OK	The access token was updated successfully.

◆ UserInfoAction

enum UserInfoAction

strong

The value of action in responses from Authlete's /api/auth/userinfo API.

Enumerator
INTERNAL_SERVER_ERROR	The request from your system was wrong or an error occurred in Authlete. The userinfo endpoint implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The request does not contain an access token. The userinfo endpoint implementation should return `"400 Bad Request"` to the client application.
UNAUTHORIZED	The access token does not exist or has expired. The userinfo endpoint implementation should return `"401 Unauthorized"` to the client application.
FORBIDDEN	The access token does not cover the required scopes. To be concrete, the access token does not have the `"openid"` scope. The userinfo endpoint implementation should return `"403 Forbidden"` to the client application.
OK	The access token is valid. The userinfo endpoint implementation should collect information about requested claims and pass the information to Authlete's `/api/auth/userinfo/issue` API in order to make Authlete generate a userinfo response.

◆ UserInfoIssueAction

enum UserInfoIssueAction

strong

The value of action in responses from Authlete's /api/auth/userinfo/issue API.

Enumerator
INTERNAL_SERVER_ERROR	The request from your system was wrong or an error occurred in Authlete. The userinfo endpoint implementation should return `"500 Internal Server Error"` to the client application.
BAD_REQUEST	The request does not contain an access token. The userinfo endpoint implementation should return `"400 Bad Request"` to the client application.
UNAUTHORIZED	The access token does not exist or has expired. The userinfo endpoint implementation should return `"401 Unauthorized"` to the client application.
FORBIDDEN	The access token does not cover the required scopes. To be concrete, the access token does not have the `"openid"` scope. The userinfo endpoint implementation should return `"403 Forbidden"` to the client application.
JSON	The access token was valid and a userinfo response was generated successfully in JSON format. The userinfo endpoint implementation should return `"200 OK"` to the client application with the content type `"application/json;charset=UTF-8"`.
JWT	The access token was valid and a userinfo response was generated successfully in JWT format. The userinfo endpoint implementation should return `"200 OK"` to the client application with the content type `"application/jwt"`.

Classes

Enumerations

Enumeration Type Documentation

◆ AuthorizationAction

◆ AuthorizationFailAction

◆ AuthorizationFailReason

◆ AuthorizationIssueAction

◆ BackchannelAuthenticationAction

◆ BackchannelAuthenticationCompleteAction

◆ BackchannelAuthenticationCompleteResult

◆ BackchannelAuthenticationFailAction

◆ BackchannelAuthenticationFailReason

◆ BackchannelAuthenticationIssueAction

◆ DeviceAuthorizationAction

◆ DeviceCompleteAction

◆ DeviceCompleteResult

◆ DeviceVerificationAction

◆ IntrospectionAction

◆ PushedAuthReqAction

◆ RevocationAction

◆ StandardIntrospectionAction

◆ TokenAction

◆ TokenCreateAction

◆ TokenFailAction

◆ TokenFailReason

◆ TokenIssueAction

◆ TokenUpdateAction

◆ UserInfoAction

◆ UserInfoIssueAction