BackchannelAuthenticationCompleteResponse extends ApiResponse
Response from Authlete's /api/backchannel/authentication/complete API.
Authlete's /api/backchannel/authentication/complete API returns JSON
which can be mapped to this class. The authorization server implementation
should retrieve the value of the action response parameter (which can be
obtained by getAction() method of this class) from the response and take
the following steps according to the value.
When the value returned from getAction() method is
BackchannelAuthenticationCompleteAction::$NOTIFICATION, it means that the
authorization server must send a notification to the client notification
endpoint.
According to the CIBA Core specification, the notification is an HTTP POST
request whose request body is JSON and whose Authorization header contains
the client notification token, which was included in the backchannel
authentication request as the value of the client_notification_token
request parameter, as a bearer token.
When the backchannel token delivery mode is "ping", the request body of the
notification is JSON which contains the auth_req_id property only.
When the backchannel token delivery mode is "push", the request body will
additionally contain an access token, an ID token and other properties.
Note that when the backchannel token delivery mode is "poll", a notification
does not have to be sent to the client notification endpoint.
In error cases, in the "ping" mode, however, the content of a notification
is not different from the content in successful cases. That is, the
notification contains the auth_req_id property only. The client will know
the error when it accesses the token endpoint. On the other hand, in the
"push" mode, in error cases, the content of a notification will include the
error property instead of an access token and an ID token. The client will
know the error by detecting that error is included in the notification.
In any case, the getResponseContent() method returns JSON which can be
used as the request body of the notification.
The client notification endpoint that the notification should be sent to can
be obtained by calling the getClientNotificationEndpoint() method.
Likewise, the client notification token that the notification should include
as a bearer token can be obtained by calling the
getClientNotificationToken() method. With these methods, the notification
can be built like the following.
POST (The path of getClientNotificationEndpoint()) HTTP/1.1
HOST: (The host of getClientNotificationEndpoint())
Authorization: Bearer (The value returned from getClientNotificationToken())
Content-Type: application/json
(The value returned from getResponseContent())
When the value returned from getAction() method is
BackchannelAuthenticationCompleteAction::$NO_ACTION, it means that the
authorization server does not have to take any immediate action.
NO_ACTION is returned when the backchannel token delivery mode is "poll".
In this case, the client will receive the final result at the token
endpoint.
When the value returned from getAction() method is
BackchannelAuthenticationCompleteAction::$SERVER_ERROR, it means either
(1) that the request from the authorization server to Authlete was wrong,
or (2) that an error occurred on Authlete side.
When the backchannel token delivery mode is "ping" or "push", SERVER_ERROR
is used only when an error is detected before the record of the ticket
(which is included in the API call to
/api/backchannel/authentication/complete) is retrieved from the database
successfully. If an error is detected after the record ofthe ticket is
retrieved from the database, NOTIFICATION is used instead of
SERVER_ERROR.
When the backchannel token delivery mode is "poll", SERVER_ERROR is used
regardless of whether it is before or after the record of the ticket is
retrieved from the database.
Tags
Table of Contents
- copyFromArray() : mixed
- Copy the content of the given array into this object.
- copyToArray() : mixed
- Copy the content of this object into the given array.
- fromArray() : static
- Convert an array into an instance of this class.
- fromJson() : static
- Convert a JSON string into an instance of this class.
- getAccessToken() : string
- Get the issued access token. This method returns a non-null value only when the backchannel token delivery mode is "push" and an access token has been issued successfully.
- getAccessTokenDuration() : int|string
- Get the duration of the access token in seconds. If an access token has not been issued, this method returns 0.
- getAction() : BackchannelAuthenticationCompleteAction
- Get the next action that the authorization server should take.
- getAuthReqId() : string
- Get the value of the `auth_req_id` which is associated with the ticket.
- getClientId() : int|string
- Get the client ID of the client application that has made the backchannel authentication request.
- getClientIdAlias() : string
- Get the client ID alias of the client application that has made the backchannel authentication request.
- getClientName() : string
- Get the name of the client application which has made the backchannel authentication request.
- getClientNotificationEndpoint() : string
- Get the client notification endpoint to which a notification needs to be sent.
- getClientNotificationToken() : string
- Get the client notification token which needs to be embedded as a `Bearer` token in the `Authorization` header in the notification.
- getDeliveryMode() : DeliveryMode
- Get the backchannel token delivery mode.
- getIdToken() : string
- Get the issued ID token. This method returns a non-null value only when the backchannel token delivery mode is "push" and an ID token has been issued successfully.
- getIdTokenDuration() : int|string
- Get the duration of the ID token in seconds. If an ID token has not been issued, this method returns 0.
- getJwtAccessToken() : string
- Get the newly issued access token in JWT format.
- getRefreshToken() : string
- Get the issued refresh token. This method returns a non-null value only when the backchannel token delivery mode is "push" and a refresh token has been issued successfully.
- getRefreshTokenDuration() : int|string
- Get the duration of the refresh token in seconds. If a refresh token has not been issued, this method returns 0.
- getResources() : array<string|int, string>
- Get the resources specified by the `resource` request parameters or by the `resource` property in the request object in the preceding backchannel authentication request. If both are given, the values in the request object take precedence.
- getResponseContent() : string
- Get the content of the notification.
- getResultCode() : string
- Get the code of the result of an Authlete API call.
- getResultMessage() : string
- Get the message of the result of an Authlete API call.
- isClientIdAliasUsed() : bool
- Get the flag which indicates whether the client ID alias was used in the backchannel authentication request.
- setAccessToken() : BackchannelAuthenticationCompleteResponse
- Set the issued access token.
- setAccessTokenDuration() : BackchannelAuthenticationCompleteResponse
- Set the duration of the access token in seconds.
- setAction() : BackchannelAuthenticationCompleteResponse
- Set the next action that the authorization server should take.
- setAuthReqId() : BackchannelAuthenticationCompleteResponse
- Set the value of the `auth_req_id` which is associated with the ticket.
- setClientId() : BackchannelAuthenticationCompleteResponse
- Set the client ID of the client application that has made the backchannel authentication request.
- setClientIdAlias() : BackchannelAuthenticationCompleteResponse
- Set the client ID alias of the client application that has made the backchannel authentication request.
- setClientIdAliasUsed() : BackchannelAuthenticationCompleteResponse
- Set the flag which indicates whether the client ID alias was used in the backchannel authentication request.
- setClientName() : BackchannelAuthenticationCompleteResponse
- Set the name of the client application which has made the backchannel authentication request.
- setClientNotificationEndpoint() : BackchannelAuthenticationCompleteResponse
- Set the client notification endpoint to which a notification needs to be sent.
- setClientNotificationToken() : BackchannelAuthenticationCompleteResponse
- Set the client notification token which needs to be embedded as a `Bearer` token in the `Authorization` header in the notification.
- setDeliveryMode() : BackchannelAuthenticationCompleteResponse
- Set the backchannel token delivery mode.
- setIdToken() : BackchannelAuthenticationCompleteResponse
- Set the issued ID token.
- setIdTokenDuration() : BackchannelAuthenticationCompleteResponse
- Set the duration of the ID token in seconds.
- setJwtAccessToken() : BackchannelAuthenticationCompleteResponse
- Set the newly issued access token in JWT format.
- setRefreshToken() : BackchannelAuthenticationCompleteResponse
- Set the issued refresh token.
- setRefreshTokenDuration() : BackchannelAuthenticationCompleteResponse
- Set the duration of the refresh token in seconds.
- setResources() : BackchannelAuthenticationCompleteResponse
- Set the resources specified by the `resource` request parameters or by the `resource` property in the request object in the preceding backchannel authentication request. If both are given, the values in the request object take precedence.
- setResponseContent() : BackchannelAuthenticationCompleteResponse
- Set the content of the notification.
- setResultCode() : ApiResponse
- Set the code of the result of an Authlete API call.
- setResultMessage() : ApiResponse
- Set the message of the result of an Authlete API call.
- toArray() : array<string|int, mixed>
- Convert this object into an array.
- toJson() : string
- Convert this object into a JSON string.
Methods
copyFromArray()
Copy the content of the given array into this object.
public
copyFromArray(array<string|int, mixed> &$array) : mixed
Parameters
- $array : array<string|int, mixed>
Return values
mixed —copyToArray()
Copy the content of this object into the given array.
public
copyToArray(array<string|int, mixed> &$array) : mixed
Parameters
- $array : array<string|int, mixed>
Return values
mixed —fromArray()
Convert an array into an instance of this class.
public
static fromArray([array<string|int, mixed> $array = null ]) : static
This static function returns a new instance of this class.
If $array is null, null is returned.
Parameters
- $array : array<string|int, mixed> = null
-
An array
Return values
static —An instance of this class.
fromJson()
Convert a JSON string into an instance of this class.
public
static fromJson(string $json) : static
This static function returns a new instance of this class.
If $json is null or the type of $json is not string,
null is returned.
Parameters
- $json : string
-
A JSON string.
Return values
static —An instance of this class.
getAccessToken()
Get the issued access token. This method returns a non-null value only when the backchannel token delivery mode is "push" and an access token has been issued successfully.
public
getAccessToken() : string
Return values
string —The issued access token.
getAccessTokenDuration()
Get the duration of the access token in seconds. If an access token has not been issued, this method returns 0.
public
getAccessTokenDuration() : int|string
Return values
int|string —The duration of the access token in seconds.
getAction()
Get the next action that the authorization server should take.
public
getAction() : BackchannelAuthenticationCompleteAction
Return values
BackchannelAuthenticationCompleteAction —The next action that the authorization server should take.
getAuthReqId()
Get the value of the `auth_req_id` which is associated with the ticket.
public
getAuthReqId() : string
Return values
string —The value of auth_req_id.
getClientId()
Get the client ID of the client application that has made the backchannel authentication request.
public
getClientId() : int|string
Return values
int|string —The client ID.
getClientIdAlias()
Get the client ID alias of the client application that has made the backchannel authentication request.
public
getClientIdAlias() : string
Return values
string —The client ID alias.
getClientName()
Get the name of the client application which has made the backchannel authentication request.
public
getClientName() : string
Return values
string —The name of the client application.
getClientNotificationEndpoint()
Get the client notification endpoint to which a notification needs to be sent.
public
getClientNotificationEndpoint() : string
Return values
string —The client notification endpoint.
getClientNotificationToken()
Get the client notification token which needs to be embedded as a `Bearer` token in the `Authorization` header in the notification.
public
getClientNotificationToken() : string
Return values
string —The client notification token.
getDeliveryMode()
Get the backchannel token delivery mode.
public
getDeliveryMode() : DeliveryMode
Return values
DeliveryMode —The backchannel token delivery mode.
getIdToken()
Get the issued ID token. This method returns a non-null value only when the backchannel token delivery mode is "push" and an ID token has been issued successfully.
public
getIdToken() : string
Return values
string —The issued ID token.
getIdTokenDuration()
Get the duration of the ID token in seconds. If an ID token has not been issued, this method returns 0.
public
getIdTokenDuration() : int|string
Return values
int|string —The duration of the ID token in seconds.
getJwtAccessToken()
Get the newly issued access token in JWT format.
public
getJwtAccessToken() : string
If the authorization server is configured to issue JWT-based access
tokens (= if Service.getAccessTokenSignAlg() returns a non-null
value), a JWT-based access token is issued along with the original
random-string one.
Return values
string —The newly issued access token in JWT format.
getRefreshToken()
Get the issued refresh token. This method returns a non-null value only when the backchannel token delivery mode is "push" and a refresh token has been issued successfully.
public
getRefreshToken() : string
Note that refresh tokens are not issued if the service does not support the refresh token flow.
Return values
string —The issued refresh token.
getRefreshTokenDuration()
Get the duration of the refresh token in seconds. If a refresh token has not been issued, this method returns 0.
public
getRefreshTokenDuration() : int|string
Return values
int|string —The duration of the refresh token in seconds.
getResources()
Get the resources specified by the `resource` request parameters or by the `resource` property in the request object in the preceding backchannel authentication request. If both are given, the values in the request object take precedence.
public
getResources() : array<string|int, string>
Tags
Return values
array<string|int, string> —The target resources.
getResponseContent()
Get the content of the notification.
public
getResponseContent() : string
When getAction() returns NOTIFICATION, this method returns JSON which
should be used as the request body of the notification.
In successful cases, when the backchannel token delivery mode is "ping",
the JSON contains auth_req_id. On the other hand, when the backchannel
token delivery mode is "push", the JSON contains an access token, an ID
token, and optionally a refresh token (and some other properties).
Return values
string —The content of the notification.
getResultCode()
Get the code of the result of an Authlete API call.
public
getResultCode() : string
Return values
string —The result code.
getResultMessage()
Get the message of the result of an Authlete API call.
public
getResultMessage() : string
Return values
string —The result message.
isClientIdAliasUsed()
Get the flag which indicates whether the client ID alias was used in the backchannel authentication request.
public
isClientIdAliasUsed() : bool
Return values
bool —true if the client ID alias was used in the request.
setAccessToken()
Set the issued access token.
public
setAccessToken(string $accessToken) : BackchannelAuthenticationCompleteResponse
Parameters
- $accessToken : string
-
The issued access token.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setAccessTokenDuration()
Set the duration of the access token in seconds.
public
setAccessTokenDuration(int|string $duration) : BackchannelAuthenticationCompleteResponse
Parameters
- $duration : int|string
-
The duration of the access token in seconds.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setAction()
Set the next action that the authorization server should take.
public
setAction([BackchannelAuthenticationCompleteAction $action = null ]) : BackchannelAuthenticationCompleteResponse
Parameters
- $action : BackchannelAuthenticationCompleteAction = null
-
The next action that the authorization server should take.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setAuthReqId()
Set the value of the `auth_req_id` which is associated with the ticket.
public
setAuthReqId(string $authReqId) : BackchannelAuthenticationCompleteResponse
Parameters
- $authReqId : string
-
The value of
auth_req_id.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setClientId()
Set the client ID of the client application that has made the backchannel authentication request.
public
setClientId(int|string $clientId) : BackchannelAuthenticationCompleteResponse
Parameters
- $clientId : int|string
-
The client ID.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setClientIdAlias()
Set the client ID alias of the client application that has made the backchannel authentication request.
public
setClientIdAlias(string $alias) : BackchannelAuthenticationCompleteResponse
Parameters
- $alias : string
-
The client ID alias.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setClientIdAliasUsed()
Set the flag which indicates whether the client ID alias was used in the backchannel authentication request.
public
setClientIdAliasUsed(bool $used) : BackchannelAuthenticationCompleteResponse
Parameters
- $used : bool
-
trueto indicate that the client ID alias was used in the request.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setClientName()
Set the name of the client application which has made the backchannel authentication request.
public
setClientName(string $name) : BackchannelAuthenticationCompleteResponse
Parameters
- $name : string
-
The name of the client application.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setClientNotificationEndpoint()
Set the client notification endpoint to which a notification needs to be sent.
public
setClientNotificationEndpoint(string $endpoint) : BackchannelAuthenticationCompleteResponse
Parameters
- $endpoint : string
-
The client notification endpoint.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setClientNotificationToken()
Set the client notification token which needs to be embedded as a `Bearer` token in the `Authorization` header in the notification.
public
setClientNotificationToken(string $token) : BackchannelAuthenticationCompleteResponse
Parameters
- $token : string
-
The client notification token.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setDeliveryMode()
Set the backchannel token delivery mode.
public
setDeliveryMode([DeliveryMode $mode = null ]) : BackchannelAuthenticationCompleteResponse
Parameters
- $mode : DeliveryMode = null
-
The backchannel token delivery mode.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setIdToken()
Set the issued ID token.
public
setIdToken(string $idToken) : BackchannelAuthenticationCompleteResponse
Parameters
- $idToken : string
-
The issued ID token.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setIdTokenDuration()
Set the duration of the ID token in seconds.
public
setIdTokenDuration(int|string $duration) : BackchannelAuthenticationCompleteResponse
Parameters
- $duration : int|string
-
The duration of the ID token in seconds.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setJwtAccessToken()
Set the newly issued access token in JWT format.
public
setJwtAccessToken(string $jwtAccessToken) : BackchannelAuthenticationCompleteResponse
Parameters
- $jwtAccessToken : string
-
The newly issued access token in JWT format.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setRefreshToken()
Set the issued refresh token.
public
setRefreshToken(string $refreshToken) : BackchannelAuthenticationCompleteResponse
Parameters
- $refreshToken : string
-
The issued refresh token.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setRefreshTokenDuration()
Set the duration of the refresh token in seconds.
public
setRefreshTokenDuration(int|string $duration) : BackchannelAuthenticationCompleteResponse
Parameters
- $duration : int|string
-
The duration of the refresh token in seconds.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setResources()
Set the resources specified by the `resource` request parameters or by the `resource` property in the request object in the preceding backchannel authentication request. If both are given, the values in the request object take precedence.
public
setResources([array<string|int, string> $resources = null ]) : BackchannelAuthenticationCompleteResponse
Parameters
- $resources : array<string|int, string> = null
-
The target resources.
Tags
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setResponseContent()
Set the content of the notification.
public
setResponseContent(string $responseContent) : BackchannelAuthenticationCompleteResponse
Parameters
- $responseContent : string
-
The content of the notification.
Return values
BackchannelAuthenticationCompleteResponse —$this object.
setResultCode()
Set the code of the result of an Authlete API call.
public
setResultCode(string $resultCode) : ApiResponse
Parameters
- $resultCode : string
-
The result code.
Return values
ApiResponse —$this object.
setResultMessage()
Set the message of the result of an Authlete API call.
public
setResultMessage(string $resultMessage) : ApiResponse
Parameters
- $resultMessage : string
-
The result message.
Return values
ApiResponse —$this object.
toArray()
Convert this object into an array.
public
toArray() : array<string|int, mixed>
Return values
array<string|int, mixed> —An array.
toJson()
Convert this object into a JSON string.
public
toJson(int $options) : string
Parameters
- $options : int
-
Options passed to
json_encode(). This parameter is optional and its default value is 0.
Return values
string —A JSON string.