Authlete
Classes | Enumerations
Authlete.Types Namespace Reference

Classes

class  StandardClaims
 Standard claims defined in 5.1. Standard Claims of OpenID Connect Core 1.0. More...
 

Enumerations

enum  ApplicationType { WEB = 1, NATIVE }
 Values for the "application_type" metadata defined in OpenID Connect Dynamic Client Registration 1.0. More...
 
enum  ClaimType { NORMAL = 1, AGGREGATED, DISTRIBUTED }
 Claim types defined in 5.6. Claim Types in OpenID Connect Core 1.0. More...
 
enum  ClientAuthMethod {
  NONE, CLIENT_SECRET_BASIC, CLIENT_SECRET_POST, CLIENT_SECRET_JWT,
  PRIVATE_KEY_JWT, TLS_CLIENT_AUTH, SELF_SIGNED_TLS_CLIENT_AUTH
}
 Client authentication methods. More...
 
enum  ClientType { PUBLIC = 1, CONFIDENTIAL }
 Client types defined in 2.1. Client Types of RFC 6749. More...
 
enum  CodeChallengeMethod { PLAIN = 1, S256 }
 Values for the "code_challenge_method" metadata defined in RFC 7636 (Proof Key for Code Exchange by OAuth Public Clients). More...
 
enum  DeliveryMode { POLL = 1, PING, PUSH }
 Backchannel token delivery mode defined in the specification of CIBA (Client Initiated Backchannel Authentication). More...
 
enum  Display { PAGE = 1, POPUP, TOUCH, WAP }
 Values for the "display" request parameter defined in OpenID Connect Core 1.0 and for the "display_values_supported" metadata defined in OpenID Connect Discovery 1.0. More...
 
enum  GrantType {
  AUTHORIZATION_CODE = 1, IMPLICIT, PASSWORD, CLIENT_CREDENTIALS,
  REFRESH_TOKEN, CIBA, DEVICE_CODE
}
 Grant types. More...
 
enum  JWEAlg {
  RSA1_5 = 1, RSA_OAEP, RSA_OAEP_256, A128KW,
  A192KW, A256KW, DIR, ECDH_ES,
  ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW, A128GCMKW,
  A192GCMKW, A256GCMKW, PBES2_HS256_A128KW, PBES2_HS384_A192KW,
  PBES2_HS512_A256KW
}
 "alg" (Algorithm) Header Parameter Values for JWE defined in RFC 7518. More...
 
enum  JWEEnc {
  A128CBC_HS256 = 1, A192CBC_HS384, A256CBC_HS512, A128GCM,
  A192GCM, A256GCM
}
 "enc" (Encryption Algorithm) Header Parameter Values for JWE defined in RFC 7518. More...
 
enum  JWSAlg {
  NONE, HS256, HS384, HS512,
  RS256, RS384, RS512, ES256,
  ES384, ES512, PS256, PS384,
  PS512
}
 "alg" (Algorithm) Header Parameter Values for JWS defined in RFC 7518. More...
 
enum  Prompt { NONE, LOGIN, CONSENT, SELECT_ACCOUNT }
 Values for the "prompt" request parameter defined in OpenID Connect Core 1.0. More...
 
enum  ResponseType {
  NONE, CODE, TOKEN, ID_TOKEN,
  CODE_TOKEN, CODE_ID_TOKEN, ID_TOKEN_TOKEN, CODE_ID_TOKEN_TOKEN
}
 Response types. See OAuth 2.0 Multiple Response Type Encoding Practices for details. More...
 
enum  ServiceProfile { FAPI = 1, OPEN_BANKING = 2 }
 Service profile. More...
 
enum  Sns { FACEBOOK = 1 }
 SNS. More...
 
enum  SubjectType { PUBLIC = 1, PAIRWISE }
 Subject types. See 8. Subject Identifier Types of OpenID Connect Core 1.0 for details. More...
 
enum  UserCodeCharset { BASE20 = 1, NUMERIC }
 Character set for end-user verification codes in the device flow. More...
 
enum  UserIdentificationHintType { ID_TOKEN_HINT = 1, LOGIN_HINT, LOGIN_HINT_TOKEN }
 Types of hints for end-user identification. More...
 

Enumeration Type Documentation

◆ ApplicationType

enum ApplicationType
strong

Values for the "application_type" metadata defined in OpenID Connect Dynamic Client Registration 1.0.

Enumerator
WEB 

Web client application.

NATIVE 

Native client application.

◆ ClaimType

enum ClaimType
strong

Claim types defined in 5.6. Claim Types in OpenID Connect Core 1.0.

Enumerator
NORMAL 

Claims that are directly asserted by the OpenID Provider.

AGGREGATED 

Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned by the OpenID Provider.

DISTRIBUTED 

Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned as references by the OpenID Provider.

◆ ClientAuthMethod

enum ClientAuthMethod
strong

Client authentication methods.

Enumerator
NONE 

No client authentication.

Client authentication is not performed at endpoints of the authorization server, either because the client uses only the implicit flow or because the client type of the client is "public".

CLIENT_SECRET_BASIC 

Client authentication using Basic Authentication as defined in 3.2.1. Client Authentication of RFC 6749.

CLIENT_SECRET_POST 

Client authentication using the "client_secret" request parameter in the request body as defined in 3.2.1. Client Authentication of RFC 6749.

CLIENT_SECRET_JWT 

Client authentication using JWT signed by the shared client secret as defined in RFC 7523.

PRIVATE_KEY_JWT 

Client authentication using JWT signed by the client's private key as defined in RFC 7523.

TLS_CLIENT_AUTH 

Client authentication using X.509 certificates as defined in "Mutual TLS Profiles for OAuth Clients".

SELF_SIGNED_TLS_CLIENT_AUTH 

Client authentication using self-signed certificates as defined in "Mutual TLS Profiles for OAuth Clients".

◆ ClientType

enum ClientType
strong

Client types defined in 2.1. Client Types of RFC 6749.

Enumerator
PUBLIC 

Clients incapable of maintaining the confidentiality of their credentials. Typical examples are native applications on smart phones.

CONFIDENTIAL 

Clients capable of maintaining the confidentiality of their credentials.

◆ CodeChallengeMethod

enum CodeChallengeMethod
strong

Values for the "code_challenge_method" metadata defined in RFC 7636 (Proof Key for Code Exchange by OAuth Public Clients).

Enumerator
PLAIN 

"plain", meaning code_challenge = code_verifier. See 4.2. Client Creates the Code Challenge of RFC 7636 for details.

S256 

S256, meaning code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))). See 4.2. Client Creates the Code Challenge of RFC 7636 for details.

◆ DeliveryMode

enum DeliveryMode
strong

Backchannel token delivery mode defined in the specification of CIBA (Client Initiated Backchannel Authentication).

Since version 1.3.0.

Enumerator
POLL 

Poll mode, a backchannel token delivery mode where a client polls the token endpoint until it gets tokens.

PING 

Ping mode, a backchannel token delivery mode where a client is notified via its client notification endpoint and then gets tokens from the token endpoint.

PUSH 

Push mode, a backchannel token delivery mode where a client receives tokens at its client notification endpoint.

◆ Display

enum Display
strong

Values for the "display" request parameter defined in OpenID Connect Core 1.0 and for the "display_values_supported" metadata defined in OpenID Connect Discovery 1.0.

Enumerator
PAGE 

The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the display mode.

POPUP 

The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over.

TOUCH 

The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface.

WAP 

The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display.

◆ GrantType

enum GrantType
strong

Grant types.

Enumerator
AUTHORIZATION_CODE 

Authorization Code flow, a grant type to request an access token and/or an ID token, and optionally a refresh token, using an authorization code.

IMPLICIT 

Implicit flow, which is not a valid value for the "grant_type" request parameter of token requests but is listed in this enum because OpenID Connect Dynamic Client Registration 1.0 uses "implicit" as a value of "grant_types" of client metadata.

PASSWORD 

Resource Owner Password Credentials flow, a grant type to request an access token using a resource owner's username and password.

CLIENT_CREDENTIALS 

Client Credentials flow, a grant type to request an access token using a client's credentials.

REFRESH_TOKEN 

Refresh Token flow, a grant type to request an access token, and optionally an ID token and/or a refresh token, using a refresh token.

CIBA 

CIBA, a grant type to request an ID token, an access token, and optionally a refresh token, using a CIBA flow.

In the "poll" mode or the "ping" mode, clients make one or more token requests to the token endpoint with grant_type=urn:openid:params:grant-type:ciba.

Since version 1.3.0.

DEVICE_CODE 

Device flow, a grant type to request an access token using the device flow.

In the device flow, the value of the

grant_type

request parameter of token requests is urn:ietf:params:oauth:grant-type:device_code.

Authlete's implementation issues an ID token in the device flow when scope includes

openid

.

Since version 1.4.0.

◆ JWEAlg

enum JWEAlg
strong

"alg" (Algorithm) Header Parameter Values for JWE defined in RFC 7518.

Enumerator
RSA1_5 

RSAES-PKCS1-V1_5.

RSA_OAEP 

RSAES OAEP using default parameters.

RSA_OAEP_256 

RSAES OAEP using SHA-256 and MGF1 with SHA-256.

A128KW 

AES Key Wrap with default initial value using 128 bit key.

A192KW 

AES Key Wrap with default initial value using 192 bit key.

A256KW 

AES Key Wrap with default initial value using 256 bit key.

DIR 

Direct use of a shared symmetric key as the CEK.

ECDH_ES 

Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using Concat KDF.

ECDH_ES_A128KW 

ECDH-ES using Concat KDF and CEK wrapped with "A128KW".

ECDH_ES_A192KW 

ECDH-ES using Concat KDF and CEK wrapped with "A192KW".

ECDH_ES_A256KW 

ECDH-ES using Concat KDF and CEK wrapped with "A256KW".

A128GCMKW 

Key wrapping with AES GCM using 128 bit key.

A192GCMKW 

Key wrapping with AES GCM using 192 bit key.

A256GCMKW 

Key wrapping with AES GCM using 256 bit key.

PBES2_HS256_A128KW 

PBES2 with HMAC SHA-256 and "A128KW".

PBES2_HS384_A192KW 

PBES2 with HMAC SHA-384 and "A192KW".

PBES2_HS512_A256KW 

PBES2 with HMAC SHA-512 and "A256KW".

◆ JWEEnc

enum JWEEnc
strong

"enc" (Encryption Algorithm) Header Parameter Values for JWE defined in RFC 7518.

Enumerator
A128CBC_HS256 

Algorithm defined in 5.2.3. AES_128_CBC_HMAC_SHA_256 of RFC 7518.

A192CBC_HS384 

Algorithm defined in 5.2.4. AES_192_CBC_HMAC_SHA_384 of RFC 7518.

A256CBC_HS512 

Algorithm defined in 5.2.5. AES_256_CBC_HMAC_SHA_512 of RFC 7518.

A128GCM 

AES GCM using 128 bit key.

A192GCM 

AES GCM using 192 bit key.

A256GCM 

AES GCM using 256 bit key.

◆ JWSAlg

enum JWSAlg
strong

"alg" (Algorithm) Header Parameter Values for JWS defined in RFC 7518.

Enumerator
NONE 

No digital signature or MAC performed.

HS256 

HMAC using SHA-256.

HS384 

HMAC using SHA-384.

HS512 

HMAC using SHA-512.

RS256 

RSASSA-PKCS-v1_5 using SHA-256.

RS384 

RSASSA-PKCS-v1_5 using SHA-384.

RS512 

RSASSA-PKCS-v1_5 using SHA-512.

ES256 

ECDSA using P-256 and SHA-256.

ES384 

ECDSA using P-384 and SHA-384.

ES512 

ECDSA using P-521 and SHA-512.

PS256 

RSASSA-PSS using SHA-256 and MGF1 with SHA-256.

PS384 

RSASSA-PSS using SHA-384 and MGF1 with SHA-384.

PS512 

RSASSA-PSS using SHA-512 and MGF1 with SHA-512.

◆ Prompt

enum Prompt
strong

Values for the "prompt" request parameter defined in OpenID Connect Core 1.0.

Enumerator
NONE 

The Authorization Server MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6. This can be used as a method to check for existing authentication and/or consent.

LOGIN 

The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required.

CONSENT 

The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required.

SELECT_ACCOUNT 

The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required.

◆ ResponseType

enum ResponseType
strong

Response types. See OAuth 2.0 Multiple Response Type Encoding Practices for details.

Enumerator
NONE 

"none"; a response_type to request no access credentials.

CODE 

"code"; a response_type to request an authorization code.

TOKEN 

"token"; a response_type to request an access token.

ID_TOKEN 

"id_token"; a response_type to request an ID token.

CODE_TOKEN 

"code token"; a response_type to request an authorization code and an access token.

CODE_ID_TOKEN 

"code id_token"; a response_type to request an authorization code and an ID token.

ID_TOKEN_TOKEN 

"id_token token"; a response_type to request an ID token and an access token.

CODE_ID_TOKEN_TOKEN 

"code id_token token"; a response_type to request an authorization code, an ID token and an access token.

◆ ServiceProfile

enum ServiceProfile
strong

Service profile.

Enumerator
FAPI 

Financial-grade API.

OPEN_BANKING 

Open Banking.

Since version 1.2.0.

◆ Sns

enum Sns
strong

SNS.

Enumerator
FACEBOOK 

Facebook.

◆ SubjectType

enum SubjectType
strong

Subject types. See 8. Subject Identifier Types of OpenID Connect Core 1.0 for details.

Enumerator
PUBLIC 

This provides the same sub (subject) value to all Clients. It is the default if the provider has no subject_types_supported element in its discovery document.

PAIRWISE 

This provides a different sub (subject) value to each Client, so as not to enable Clients to correlate the End-User's activities without permission.

◆ UserCodeCharset

enum UserCodeCharset
strong

Character set for end-user verification codes in the device flow.

See 6.1. User Code Recommendations in RFC 8628 (OAuth 2.0 Device Authorization Grant) for recommendations for use code values.

Since version 1.4.0.

Enumerator
BASE20 

"BCDFGHJKLMNPQRSTVWXZ"; 20 upper-case non-vowel characters.

NUMERIC 

"0123456789"; 10 digit characters from 0 to 9.

◆ UserIdentificationHintType

enum UserIdentificationHintType
strong

Types of hints for end-user identification.

Since version 1.3.0.

Enumerator
ID_TOKEN_HINT 

"id_token_hint"; an ID token previously issued to the client application.

LOGIN_HINT 

"login_hint"; an arbitrary string whose interpretation varies depending on implementations.

LOGIN_HINT_TOKEN 

"login_hint_token"; a token whose format is deployment or profile specific.