Documentation

Service implements ArrayCopyable, Arrayable, Jsonable Uses ArrayTrait, JsonTrait

Information about a service which represents an authorization server / OpenID provider.

Some properties correspond to the ones listed in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Interfaces, Classes and Traits

ArrayCopyable: Interface to declare instances can be converted into/from arrays.
Arrayable: Interface to declare that instances can be converted into an array.
Jsonable: Interface to declare that instances can be converted into JSON strings.

copyFromArray() : mixed: Copy the content of the given array into this object.
copyToArray() : mixed: Copy the content of this object into the given array.
fromArray() : static: Convert an array into an instance of this class.
fromJson() : static: Convert a JSON string into an instance of this class.
getAccessTokenDuration() : int|string: Get the duration of access tokens in seconds.
getAccessTokenSignAlg() : JWSAlg: Get the signature algorithm of access tokens.
getAccessTokenSignatureKeyId() : string: Get the key ID to identify a JWK used for signing access tokens.
getAccessTokenType() : string: Get the token type of access tokens issued by this authorization server.
getAllowableClockSkew() : int: Get the allowable clock skew between the server and clients in seconds.
getApiKey() : int|string: Get the API key of this service.
getApiSecret() : string: Get the API secret of this service.
getAuthenticationCallbackApiKey() : string: Get the API key to access the authentication callback endpoint.
getAuthenticationCallbackApiSecret() : string: Get the API secret to access the authentication callback endpoint.
getAuthenticationCallbackEndpoint() : string: Get the URI of the authentication callback endpoint.
getAuthorizationEndpoint() : string: Get the URI of the authorization endpoint.
getAuthorizationResponseDuration() : int|string: Get the duration of authorization response JWTs in seconds.
getAuthorizationSignatureKeyId() : string: Get the key ID to identify a JWK used for signing authorization responses using an asymmetric key.
getBackchannelAuthenticationEndpoint() : string: Get the URI of the backchannel authentication endpoint.
getBackchannelAuthReqIdDuration() : int|string: Get the duration of backchannel authentication request IDs issued from the backchannel authentication endpoint in seconds. This is used as the value of the `expires_in` property in responses from the backchannel authentication endpoint.
getBackchannelPollingInterval() : int: Get the minimum interval between polling requests to the token endpoint from client applications in seconds. This is used as the value of the `interval` property in responses from the backchannel authentication endpoint.
getClientsPerDeveloper() : int: Get the number of client applications that one developer can have.
getCreatedAt() : int|string: Get the time at which this service was created.
getDescription() : string: Get the description about this service.
getDeveloperAuthenticationCallbackApiKey() : string: Get the API key to access the developer authentication callback endpoint.
getDeveloperAuthenticationCallbackApiSecret() : string: Get the API secret to access the developer authentication callback endpoint.
getDeveloperAuthenticationCallbackEndpoint() : string: Get the URI of the developer authentication callback endpoint.
getDeveloperSnsCredentials() : array<string|int, SnsCredentials>: Get the list of SNS credentials used for social login at the developer console.
getDeviceAuthorizationEndpoint() : string: Get the URI of the device authorization endpoint.
getDeviceFlowCodeDuration() : int|string: Get the duration of device verification codes and end-user verification codes issued from the device authorization endpoint in seconds. This is used as the value of the `expires_in` property in responses from the device authorization endpoint.
getDeviceFlowPollingInterval() : int: Get the minimum interval between polling requests to the token endpoint from client applications in seconds. This is used as the value of the `interval` property in responses from the device authorization endpoint.
getDeviceVerificationUri() : string: Get the verification URI for the device flow. This URI is used as the value of the `verification_uri` parameter in responses from the device authorization endpoint.
getDeviceVerificationUriComplete() : string: Get the verification URI for the device flow with a placeholder for a user code. This URI is used to build the value of the `verification_uri_complete` parameter in responses from the device authorization endpoint.
getEndSessionEndpoint() : string: Get the end session endpoint for the service. This endpoint is used by clients to signal to the IdP that the user's session should be terminated.
getIdTokenDuration() : int|string: Get the duration of ID tokens in seconds.
getIdTokenSignatureKeyId() : string: Get the key ID to identify a JWK used for ID token signature using an asymmetric key.
getIntrospectionEndpoint() : string: Get the URI of the introspection endpoint.
getIssuer() : string: Get the issuer identifier of this OpenID provider.
getJwks() : string: Get the JWK Set document of this service.
getJwksUri() : string: Get the URI of the JWK Set document of this service.
getModifiedAt() : int|string: Get the time at which this service was last modified.
getMtlsEndpointAliases() : array<string|int, NamedUri>: Get the MTLS endpoint aliases.
getPolicyUri() : string: Get the URI that this OpenID provider provides to the person registering the client to read about the OP's requirements on how the Relying Party can use the data provided by the OP.
getPushedAuthReqDuration() : int|string: Get the duration of pushed authorization requests in seconds.
getPushedAuthReqEndpoint() : string: Get the URI of the pushed authorization request endpoint. This property corresponds to the `pushed_authorization_request_endpoint` metadata defined in "OAuth 2.0 Pushed Authorization Requests".
getRefreshTokenDuration() : int|string: Get the duration of refresh tokens in seconds.
getRegistrationEndpoint() : string: Get the URI of the registration endpoint.
getRegistrationManagementEndpoint() : string: Get the URI of the registration management endpoint.
getRevocationEndpoint() : string: Get the URI of the revocation endpoint.
getServiceDocumentation() : string: Get the URI of a page containing human-readable information that developers might want or need to know when using this OpenID provider.
getServiceName() : string: Get the service name.
getSnsCredentials() : array<string|int, SnsCredentials>: Get the list of SNS credentials used for social login.
getSupportedAcrs() : array<string|int, string>: Get ACR (Authentication Context Class Reference) values supported by this service.
getSupportedAuthorizationDataTypes() : array<string|int, string>: Get the supported data types that can be used as values of the `type` field in `authorization_details`.
getSupportedBackchannelTokenDeliveryModes() : array<string|int, DeliveryMode>: Get the supported backchannel token delivery modes. This property corresponds to the `backchannel_token_delivery_modes_supported` metadata defined in CIBA.
getSupportedClaimLocales() : array<string|int, string>: Get language and scripts for claim values supported by this service.
getSupportedClaims() : array<string|int, string>: Get claims supported by this service.
getSupportedClaimTypes() : array<string|int, ClaimType>: Get claim types supported by this service.
getSupportedDeveloperSnses() : array<string|int, Sns>: Get the list of supported SNSes used for social login at the developer console.
getSupportedDisplays() : array<string|int, Display>: Get the values of the "display" request parameter supported by this service.
getSupportedEvidence() : array<string|int, string>: Get evidence supported by this service.
getSupportedGrantTypes() : array<string|int, GrantType>: Get the grant types supported by this service.
getSupportedIdentityDocuments() : array<string|int, string>: Get identity documents supported by this service.
getSupportedIntrospectionAuthMethods() : array<string|int, ClientAuthMethod>: Get client authentication methods at the introspection endpoint supported by this service.
getSupportedResponseTypes() : array<string|int, ResponseType>: Get the response types supported by this service.
getSupportedRevocationAuthMethods() : array<string|int, ClientAuthMethod>: Get client authentication methods at the revocation endpoint supported by this service.
getSupportedScopes() : array<string|int, Scope>: Get the scopes supported by this service.
getSupportedServiceProfiles() : array<string|int, ServiceProfile>: Get the service profiles supported by this service.
getSupportedSnses() : array<string|int, Sns>: Get the list of supported SNSes for social login at the direct authorization endpoint.
getSupportedTokenAuthMethods() : array<string|int, ClientAuthMethod>: Get client authentication methods at the token endpoint supported by this service.
getSupportedTrustFrameworks() : array<string|int, string>: Get trust frameworks supported by this service.
getSupportedUiLocales() : array<string|int, string>: Get language and scripts for the user interface supported by this service.
getSupportedVerificationMethods() : array<string|int, string>: Get verification methods supported by this service.
getSupportedVerifiedClaims() : array<string|int, string>: Get verified claims supported by this service.
getTokenEndpoint() : string: Get the URI of the authorization endpoint.
getTosUri() : string: Get the URI that this OpenID provider provides to the person registering the client to read about the OP's terms of service.
getTrustedRootCertificates() : array<string|int, string>: Get trusted root certificates.
getUserCodeCharset() : UserCodeCharset: Get the character set for end-user verification codes (`user_code`) for the device flow.
getUserCodeLength() : int: Get the length of end-user verification codes (`user_code`) for the device flow.
getUserInfoEndpoint() : string: Get the URI of the UserInfo endpoint.
getUserInfoSignatureKeyId() : string: Get the key ID to identify a JWK used for ID user info signature using an asymmetric key.
isBackchannelBindingMessageRequiredInFapi() : bool: Get the flag which indicates whether the `binding_message` request parameter is always required whenever a backchannel authentication request is judged as a request for Financial-grade API.
isBackchannelUserCodeParameterSupported() : bool: Get the flag which indicates whether the `user_code` request parameter is supported at the backchannel authentication endpoint. This property corresponds to the `backchannel_user_code_parameter_supported` metadata.
isClaimShortcutRestrictive() : bool: Get the flag which indicates whether claims specified by shortcut scopes (e.g. `profile`) are included in the issued ID token only when no access token is issued.
isClientIdAliasEnabled() : bool: Get the flag which indicates whether the "Client ID Alias" feature is enabled or not.
isDirectAuthorizationEndpointEnabled() : bool: Get the flag which indicates whether the direct authorization endpoint is enabled or not.
isDirectIntrospectionEndpointEnabled() : bool: Get the flag which indicates whether the direct introspection endpoint is enabled or not.
isDirectJwksEndpointEnabled() : bool: Get the flag which indicates whether the direct JWK Set document endpoint is enabled or not.
isDirectRevocationEndpointEnabled() : bool: Get the flag which indicates whether the direct revocation endpoint is enabled or not.
isDirectTokenEndpointEnabled() : bool: Get the flag which indicates whether the direct token endpoint is enabled or not.
isDirectUserInfoEndpointEnabled() : bool: Get the flag which indicates whether the direct userinfo endpoint is enabled or not.
isDynamicRegistrationSupported() : bool: Get the flag which indicates whether dynamic client registration is supported.
isErrorDescriptionOmitted() : bool: Get the flag which indicates whether the error_description response parameter is omitted.
isErrorUriOmitted() : bool: Get the flag which indicates whether the error_uri response parameter is omitted.
isIssSuppressed() : bool: Get the flag indicating whether generation of the `iss` response parameter is suppressed.
isMissingClientIdAllowed() : bool: Get the flag which indicates whether token requests from public clients without the `client_id` request parameter are allowed when the client can be guessed from `authorization_code` or `refresh_token`.
isMutualTlsValidatePkiCertChain() : bool: Get the flag which indicates whether to check if client certificates can be reached from pre-registered trusted root certificates.
isNbfOptional() : bool: Get the flag indicating whether the `nbf` claim in the request object is optional even when the authorization request is regarded as a FAPI-Part2 request.
isParRequired() : bool: Get the flag which indicates whether this service requires that clients use PAR.
isPkceRequired() : bool: Get the flag which indicates whether the use of Proof Key for Code Exchange (PKCE) is always required for authorization requests using Authorization Code Flow.
isPkceS256Required() : bool: Get the flag which indicates whether `S256` is always required as the code challenge method whenever PKCE is used.
isRefreshTokenDurationKept() : bool: Get the flag which indicates whether the remaining duration of the used refresh token is taken over to the newly issued one.
isRefreshTokenKept() : bool: Get the flag which indicates whether a refresh token remains valid or gets renewed after its use.
isRequestObjectRequired() : bool: Get the flag which indicates whether this service requires that authorization requests always utilize a request object by using either `request` or `request_uri` request parameter.
isScopeRequired() : bool: Get the flag which indicates whether requests that request no scope are rejected or not.
isSingleAccessTokenPerSubject() : bool: Get the flag which indicates whether the number of access tokens per subject (and per client) is at most one or can be more.
isTlsClientCertificateBoundAccessTokens() : bool: Get the flag which indicates whether this service supports "TLS client certificate bound access tokens".
isTraditionalRequestObjectProcessingApplied() : bool: Get the flag which indicates whether a request object is processed based on rules defined in OpenID Connect Core 1.0 or JAR (JWT Secured Authorization Request).
setAccessTokenDuration() : Service: Set the duration of access tokens in seconds.
setAccessTokenSignAlg() : Service: Set the signature algorithm of access tokens.
setAccessTokenSignatureKeyId() : Service: Set the key ID to identify a JWK used for signing access tokens.
setAccessTokenType() : Service: Set the token type of access tokens issued by this authorization server.
setAllowableClockSkew() : Service: Get the allowable clock skew between the server and clients in seconds.
setApiKey() : Service: Set the API key of this service.
setApiSecret() : Service: Set the API secret of this service.
setAuthenticationCallbackApiKey() : Service: Set the API key to access the authentication callback endpoint.
setAuthenticationCallbackApiSecret() : Service: Set the API secret to access the authentication callback endpoint.
setAuthenticationCallbackEndpoint() : Service: Set the URI of the authentication callback endpoint.
setAuthorizationEndpoint() : Service: Set the URI of the authorization endpoint.
setAuthorizationResponseDuration() : Service: Set the duration of authorization response JWTs in seconds.
setAuthorizationSignatureKeyId() : Service: Set the key ID to identify a JWK used for signing authorization responses using an asymmetric key.
setBackchannelAuthenticationEndpoint() : Service: Set the URI of the backchannel authentication endpoint.
setBackchannelAuthReqIdDuration() : Service: Set the duration of backchannel authentication request IDs issued from the backchannel authentication endpoint in seconds. This is used as the value of the `expires_in` property in responses from the backchannel authentication endpoint.
setBackchannelBindingMessageRequiredInFapi() : Service: Set the flag which indicates whether the `binding_message` request parameter is always required whenever a backchannel authentication request is judged as a request for Financial-grade API.
setBackchannelPollingInterval() : Service: Set the minimum interval between polling requests to the token endpoint from client applications in seconds. This is used as the value of the `interval` property in responses from the backchannel authentication endpoint.
setBackchannelUserCodeParameterSupported() : Service: Set the flag which indicates whether the `user_code` request parameter is supported at the backchannel authentication endpoint. This property corresponds to the `backchannel_user_code_parameter_supported` metadata.
setClaimShortcutRestrictive() : Service: Set the flag which indicates whether claims specified by shortcut scopes (e.g. `profile`) are included in the issued ID token only when no access token is issued.
setClientIdAliasEnabled() : Service: Enable/disable the "Client ID Alias" feature.
setClientsPerDeveloper() : Service: Set the number of client applications that one developer can have.
setCreatedAt() : Service: Set the time at which this service was created.
setDescription() : Service: Set the description about this service.
setDeveloperAuthenticationCallbackApiKey() : Service: Set the API key to access the developer authentication callback endpoint.
setDeveloperAuthenticationCallbackApiSecret() : Service: Set the API secret to access the developer authentication callback endpoint.
setDeveloperAuthenticationCallbackEndpoint() : Service: Set the URI of the developer authentication callback endpoint.
setDeveloperSnsCredentials() : Service: Get the list of SNS credentials used for social login at the developer console.
setDeviceAuthorizationEndpoint() : Service: Set the URI of the device authorization endpoint.
setDeviceFlowCodeDuration() : Service: Set the duration of device verification codes and end-user verification codes issued from the device authorization endpoint in seconds. This is used as the value of the `expires_in` property in responses from the device authorization endpoint.
setDeviceFlowPollingInterval() : Service: Set the minimum interval between polling requests to the token endpoint from client applications in seconds. This is used as the value of the `interval` property in responses from the device authorization endpoint.
setDeviceVerificationUri() : Service: Set the verification URI for the device flow. This URI is used as the value of the `verification_uri` parameter in responses from the device authorization endpoint.
setDeviceVerificationUriComplete() : Service: Set the verification URI for the device flow with a placeholder for a user code. This URI is used to build the value of the `verification_uri_complete` parameter in responses from the device authorization endpoint.
setDirectAuthorizationEndpointEnabled() : Service: Set the flag which indicates whether the direct authorization endpoint is enabled or not.
setDirectIntrospectionEndpointEnabled() : Service: Set the flag which indicates whether the direct introspection endpoint is enabled or not.
setDirectJwksEndpointEnabled() : Service: Set the flag which indicates whether the direct JWK Set document endpoint is enabled or not.
setDirectRevocationEndpointEnabled() : Service: Set the flag which indicates whether the direct revocation endpoint is enabled or not.
setDirectTokenEndpointEnabled() : Service: Set the flag which indicates whether the direct token endpoint is enabled or not.
setDirectUserInfoEndpointEnabled() : Service: Set the flag which indicates whether the direct userinfo endpoint is enabled or not.
setDynamicRegistrationSupported() : Service: Set the flag which indicates whether dynamic client registration is supported.
setEndSessionEndpoint() : Service: Set the end session endpoint for the service. This endpoint is used by clients to signal to the IdP that the user's session should be terminated.
setErrorDescriptionOmitted() : Service: Omit or embed the error_description response parameter in error responses.
setErrorUriOmitted() : Service: Omit or embed the error_uri response parameter in error responses.
setIdTokenDuration() : Service: Set the duration of ID tokens in seconds.
setIdTokenSignatureKeyId() : Service: Set the key ID to identify a JWK used for ID token signature using an asymmetric key.
setIntrospectionEndpoint() : Service: Set the URI of the introspection endpoint.
setIssSuppressed() : Service: Set the flag indicating whether generation of the `iss` response parameter is suppressed.
setIssuer() : Service: Set the issuer identifier of this OpenID provider.
setJwks() : Service: Set the JWK Set document of this service.
setJwksUri() : Service: Set the URI of the JWK Set document of this service.
setMissingClientIdAllowed() : Service: Set the flag which indicates whether token requests from public clients without the `client_id` request parameter are allowed when the client can be guessed from `authorization_code` or `refresh_token`.
setModifiedAt() : Service: Set the time at which this service was last modified.
setMtlsEndpointAliases() : Service: Set the MTLS endpoint aliases.
setMutualTlsValidatePkiCertChain() : Service: Set the flag which indicates whether to check if client certificates can be reached from pre-registered trusted root certificates.
setNbfOptional() : Service: Set the flag indicating whether the `nbf` claim in the request object is optional even when the authorization request is regarded as a FAPI-Part2 request.
setParRequired() : Service: Set the flag which indicates whether this service requires that clients use PAR.
setPkceRequired() : Service: Set the flag which indicates whether the use of Proof Key for Code Exchange (PKCE) is always required for authorization requests using Authorization Code Flow.
setPkceS256Required() : Service: Set the flag which indicates whether `S256` is always required as the code challenge method whenever PKCE is used.
setPolicyUri() : Service: Set the URI that this OpenID provider provides to the person registering the client to read about the OP's requirements on how the Relying Party can use the data provided by the OP.
setPushedAuthReqDuration() : Service: Set the duration of pushed authorization requests in seconds.
setPushedAuthReqEndpoint() : Service: Set the URI of the pushed authorization request endpoint. This property corresponds to the `pushed_authorization_request_endpoint` metadata defined in "OAuth 2.0 Pushed Authorization Requests".
setRefreshTokenDuration() : Service: Set the duration of refresh tokens in seconds.
setRefreshTokenDurationKept() : Service: Set the flag which indicates whether the remaining duration of the used refresh token is taken over to the newly issued one.
setRefreshTokenKept() : Service: Set the flag which indicates whether a refresh token remains valid or gets renewed after its use.
setRegistrationEndpoint() : Service: Set the URI of the registration endpoint.
setRegistrationManagementEndpoint() : Service: Set the URI of the registration management endpoint.
setRequestObjectRequired() : Service: Set the flag which indicates whether this service requires that authorization requests always utilize a request object by using either `request` or `request_uri` request parameter.
setRevocationEndpoint() : Service: Set the URI of the revocation endpoint.
setScopeRequired() : Service: Set the flag which indicates whether requests that request no scope are rejected or not.
setServiceDocumentation() : Service: Set the URI of a page containing human-readable information that developers might want or need to know when using this OpenID provider.
setServiceName() : Service: Set the service name.
setSingleAccessTokenPerSubject() : Service: Set the flag which indicates whether the number of access tokens per subject (and per client) is at most one or can be more.
setSnsCredentials() : Service: Set the list of SNS credentials used for social login.
setSupportedAcrs() : Service: Set ACR (Authentication Context Class Reference) values supported by this service.
setSupportedAuthorizationDataTypes() : Service: Set the supported data types that can be used as values of the `type` field in `authorization_details`.
setSupportedBackchannelTokenDeliveryModes() : Service: Set the supported backchannel token delivery modes. This property corresponds to the `backchannel_token_delivery_modes_supported` metadata defined in CIBA.
setSupportedClaimLocales() : Service: Set language and scripts for claim values supported by this service.
setSupportedClaims() : Service: Set claims supported by this service.
setSupportedClaimTypes() : Service: Set claim types supported by this service.
setSupportedDeveloperSnses() : Service: Set the list of supported SNSes used for social login at the developer console.
setSupportedDisplays() : Service: Set the values of the "display" request parameter supported by this service.
setSupportedEvidence() : Service: Set evidence supported by this service.
setSupportedGrantTypes() : Service: Set the grant types supported by this service.
setSupportedIdentityDocuments() : Service: Set identity documents supported by this service.
setSupportedIntrospectionAuthMethods() : Service: Set client authentication methods at the introspection endpoint supported by this service.
setSupportedResponseTypes() : Service: Set the response types supported by this service.
setSupportedRevocationAuthMethods() : Service: Set client authentication methods at the revocation endpoint supported by this service.
setSupportedScopes() : Service: Set the scopes supported by this service.
setSupportedServiceProfiles() : Service: Set the service profile supported by this service.
setSupportedSnses() : Service: Set the list of supported SNSes for social login at the direct authorization endpoint.
setSupportedTokenAuthMethods() : Service: Set client authentication methods at the token endpoint supported by this service.
setSupportedTrustFrameworks() : Service: Set trust frameworks supported by this service.
setSupportedUiLocales() : Service: Set language and scripts for the user interface supported by this service.
setSupportedVerificationMethods() : Service: Set verification methods supported by this service.
setSupportedVerifiedClaims() : Service: Set verified claims supported by this service.
setTlsClientCertificateBoundAccessTokens() : Service: Set the flag which indicates whether this service supports "TLS client certificate bound access tokens".
setTokenEndpoint() : Service: Set the URI of the authorization endpoint.
setTosUri() : Service: Set the URI that this OpenID provider provides to the person registering the client to read about the OP's terms of service.
setTraditionalRequestObjectProcessingApplied() : Service: Set the flag which indicates whether a request object is processed based on rules defined in OpenID Connect Core 1.0 or JAR (JWT Secured Authorization Request).
setTrustedRootCertificates() : Service: Set trusted root certificates.
setUserCodeCharset() : Service: Set the character set for end-user verification codes (`user_code`) for the device flow.
setUserCodeLength() : Service: Set the length of end-user verification codes (`user_code`) for the device flow.
setUserInfoEndpoint() : Service: Set the URI of the UserInfo endpoint.
setUserInfoSignatureKeyId() : Service: Set the key ID to identify a JWK used for user info signature using an asymmetric key.
toArray() : array<string|int, mixed>: Convert this object into an array.
toJson() : string: Convert this object into a JSON string.

copyFromArray()

Copy the content of the given array into this object.


    public
                copyFromArray(array<string|int, mixed> &$array) : mixed

Parameters

$array : array<string|int, mixed>

Return values

mixed —

copyToArray()

Copy the content of this object into the given array.


    public
                copyToArray(array<string|int, mixed> &$array) : mixed

Parameters

$array : array<string|int, mixed>

Return values

mixed —

fromArray()

Convert an array into an instance of this class.


    public
            static    fromArray([array<string|int, mixed> $array = null ]) : static

This static function returns a new instance of this class. If $array is null, null is returned.

Parameters

$array : array<string|int, mixed> = null: An array

Return values

static —

An instance of this class.

fromJson()

Convert a JSON string into an instance of this class.


    public
            static    fromJson(string $json) : static

This static function returns a new instance of this class. If $json is null or the type of $json is not string, null is returned.

Parameters

$json : string: A JSON string.

Return values

static —

An instance of this class.

getAccessTokenDuration()

Get the duration of access tokens in seconds.


    public
                getAccessTokenDuration() : int|string

It is the value of the expires_in parameter in access token responses.

Return values

int|string —

The duration of access tokens.

getAccessTokenSignAlg()

Get the signature algorithm of access tokens.


    public
                getAccessTokenSignAlg() : JWSAlg

When this method returns null, access tokens issued by this service are just random strings. On the other hand, when this method returns a non-null value, access tokens issued by this service are JWTs and the value returned from this method represents the signature algorithm of the JWTs.

Return values

JWSAlg —

The signature algorithm of JWT-based access tokens.

getAccessTokenSignatureKeyId()

Get the key ID to identify a JWK used for signing access tokens.


    public
                getAccessTokenSignatureKeyId() : string

A JWK Set can be registered as a property of a Service. A JWK Set can contain 0 or more JWKs. Authlete Server has to pick one JWK for signing from the JWK Set when it generates a JWT-based access token. Authlete Server searches the registered JWK Set for a JWK which satisfies conditions for access token signature. If the number of JWK candidates which satisfy the conditions is 1, there is no problem. On the other hand, if there exist multiple candidates, a Key ID is needed to be specified so that Authlete Server can pick up one JWK from among the JWK candidates.

This accessTokenSignatureKeyId property exists for the purpose described above.

Return values

string —

A key ID of a JWK. This may be null.

getAccessTokenType()

Get the token type of access tokens issued by this authorization server.


    public
                getAccessTokenType() : string

It is the value of the token_type parameter in access token responses.

Return values

string —

The token type of access tokens.

getAllowableClockSkew()

Get the allowable clock skew between the server and clients in seconds.


    public
                getAllowableClockSkew() : int

The clock skew is taken into consideration when time-related claims in a JWT (e.g. exp, iat and nbf) are verified.

Return values

int —

Allowable clock skew in seconds.

getApiKey()

Get the API key of this service.


    public
                getApiKey() : int|string

Return values

int|string —

The API key.

getApiSecret()

Get the API secret of this service.


    public
                getApiSecret() : string

Return values

string —

The API secret.

getAuthenticationCallbackApiKey()

Get the API key to access the authentication callback endpoint.


    public
                getAuthenticationCallbackApiKey() : string

Return values

string —

The API key to access the authentication callback endpoint.

getAuthenticationCallbackApiSecret()

Get the API secret to access the authentication callback endpoint.


    public
                getAuthenticationCallbackApiSecret() : string

Return values

string —

The API secret to access the authentication callback endpoint.

getAuthenticationCallbackEndpoint()

Get the URI of the authentication callback endpoint.


    public
                getAuthenticationCallbackEndpoint() : string

Return values

string —

The URI of the authentication callback endpoint.

getAuthorizationEndpoint()

Get the URI of the authorization endpoint.


    public
                getAuthorizationEndpoint() : string

This corresponds to the authorization_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the authorization endpoint.

getAuthorizationResponseDuration()

Get the duration of authorization response JWTs in seconds.


    public
                getAuthorizationResponseDuration() : int|string

Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) defines new values for the response_mode request parameter. They are query.jwt, fragment.jwt, form_post.jwt and jwt. If one of them is specified as the response mode, response parameters from the authorization endpoint will be packed into a JWT. This property is used to compute the value of the exp claim of the JWT.

Return values

int|string —

The duration of authorization response JWTs in seconds.

getAuthorizationSignatureKeyId()

Get the key ID to identify a JWK used for signing authorization responses using an asymmetric key.


    public
                getAuthorizationSignatureKeyId() : string

Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) has added new values for the response_mode request parameter. They are query.jwt, fragment.jwt, form_post.jwt and jwt. If one of them is used, response parameters returned from the authorization endpoint will be packed into a JWT. The JWT is always signed. For the signature of the JWT, Authlete Server has to pick up one JWK from the service's JWK Set.

Authlete Server searches the JWK Set for a JWK which satisifies conditions for authorization response signature. If the number of JWK candidates which satisify the conditions is 1, there is no problem. On the other hand, if there exist multiple condidates, Key ID is needed to be specified so that Authlete Server can pick up one JWK from among the JWK candidates. This property exists to specify the key ID.

Return values

string —

A key ID of a JWK. This may be null.

getBackchannelAuthenticationEndpoint()

Get the URI of the backchannel authentication endpoint.


    public
                getBackchannelAuthenticationEndpoint() : string

Return values

string —

The URI of the backchannel authentication endpoint.

getBackchannelAuthReqIdDuration()

Get the duration of backchannel authentication request IDs issued from the backchannel authentication endpoint in seconds. This is used as the value of the `expires_in` property in responses from the backchannel authentication endpoint.


    public
                getBackchannelAuthReqIdDuration() : int|string

Return values

int|string —

The duration of backchannel authentication request IDs in seconds.

getBackchannelPollingInterval()

Get the minimum interval between polling requests to the token endpoint from client applications in seconds. This is used as the value of the `interval` property in responses from the backchannel authentication endpoint.


    public
                getBackchannelPollingInterval() : int

Return values

int —

The minimum interval between polling requests in seconds.

getClientsPerDeveloper()

Get the number of client applications that one developer can have.


    public
                getClientsPerDeveloper() : int

Return values

int —

The number of client applications that one developer can have. 0 means that developers can have as many client applications as they want.

getCreatedAt()

Get the time at which this service was created.


    public
                getCreatedAt() : int|string

Return values

int|string —

The time at which this service was created. The value is represented as milliseconds since the Unix epoch (1970-Jan-1).

getDescription()

Get the description about this service.


    public
                getDescription() : string

Return values

string —

The description about this service.

getDeveloperAuthenticationCallbackApiKey()

Get the API key to access the developer authentication callback endpoint.


    public
                getDeveloperAuthenticationCallbackApiKey() : string

Return values

string —

The API key to access the developer authentication callback endpoint.

getDeveloperAuthenticationCallbackApiSecret()

Get the API secret to access the developer authentication callback endpoint.


    public
                getDeveloperAuthenticationCallbackApiSecret() : string

Return values

string —

The API secret to access the developer authentication callback endpoint.

getDeveloperAuthenticationCallbackEndpoint()

Get the URI of the developer authentication callback endpoint.


    public
                getDeveloperAuthenticationCallbackEndpoint() : string

Return values

string —

The URI of the developer authentication callback endpoint.

getDeveloperSnsCredentials()

Get the list of SNS credentials used for social login at the developer console.


    public
                getDeveloperSnsCredentials() : array<string|int, SnsCredentials>

NOTE: This feature is not implemented yet.

Return values

array<string|int, SnsCredentials> —

The list of SNS credentials used for social login at the developer console.

getDeviceAuthorizationEndpoint()

Get the URI of the device authorization endpoint.


    public
                getDeviceAuthorizationEndpoint() : string

Return values

string —

The URI of the device authorization endpoint.

getDeviceFlowCodeDuration()

Get the duration of device verification codes and end-user verification codes issued from the device authorization endpoint in seconds. This is used as the value of the `expires_in` property in responses from the device authorization endpoint.


    public
                getDeviceFlowCodeDuration() : int|string

Return values

int|string —

The duration of device verification codes and end-user verification codes in seconds.

getDeviceFlowPollingInterval()


    public
                getDeviceFlowPollingInterval() : int

Return values

int —

The minimum interval between polling requests in seconds.

getDeviceVerificationUri()

Get the verification URI for the device flow. This URI is used as the value of the `verification_uri` parameter in responses from the device authorization endpoint.


    public
                getDeviceVerificationUri() : string

Return values

string —

The verification URI.

getDeviceVerificationUriComplete()

Get the verification URI for the device flow with a placeholder for a user code. This URI is used to build the value of the `verification_uri_complete` parameter in responses from the device authorization endpoint.


    public
                getDeviceVerificationUriComplete() : string

Return values

string —

The verification URI with a placeholder for a user code.

getEndSessionEndpoint()

Get the end session endpoint for the service. This endpoint is used by clients to signal to the IdP that the user's session should be terminated.


    public
                getEndSessionEndpoint() : string

Return values

string —

The end session endpoint.

getIdTokenDuration()

Get the duration of ID tokens in seconds.


    public
                getIdTokenDuration() : int|string

Return values

int|string —

The duration of ID tokens.

getIdTokenSignatureKeyId()

Get the key ID to identify a JWK used for ID token signature using an asymmetric key.


    public
                getIdTokenSignatureKeyId() : string

A JWK Set can be registered as a property of a Service. A JWK Set can contain 0 or more JWKs (See RFC 7517 for details). Authlete Server has to pick up one JWK for signature from the JWK Set when it generates an ID token and signature using an asymmetric key. Authlete Server searches the registered JWK Set for a JWK which satisifies conditions for ID token signature. If the number of JWK candidates which satisfy the conditions is 1, there is no problem. On the other hand, if there exist multiple candidates, a Key ID is needed to be specified so that Authlete Server can pick up one JWK from among the JWK candidates.

This idTokenSignatureKeyId property exists for the purpose described above. For key rotation (OpenID Connect Core 1.0, 10.1.1. Rotation of Asymmetric Signing Keys), this mechanism is needed.

Return values

string —

A key ID of a JWK. This may be null.

getIntrospectionEndpoint()

Get the URI of the introspection endpoint.


    public
                getIntrospectionEndpoint() : string

Return values

string —

The URI of the introspection endpoint.

getIssuer()

Get the issuer identifier of this OpenID provider.


    public
                getIssuer() : string

This corresponds to the issuer metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The issuer identifier.

getJwks()

Get the JWK Set document of this service.


    public
                getJwks() : string

Return values

string —

The JWK Set document.

getJwksUri()

Get the URI of the JWK Set document of this service.


    public
                getJwksUri() : string

This corresponds to the jwks_uri metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the JWK Set document.

getModifiedAt()

Get the time at which this service was last modified.


    public
                getModifiedAt() : int|string

Return values

int|string —

The time at which this service was last modified. The value is represented as milliseconds since the Unix epoch (1970-Jan-1).

getMtlsEndpointAliases()

Get the MTLS endpoint aliases.


    public
                getMtlsEndpointAliases() : array<string|int, NamedUri>

This property corresponds to the mtls_endpoint_aliases metadata defined in RFC 8705.

Return values

array<string|int, NamedUri> —

MTLS endpoint aliases.

getPolicyUri()

Get the URI that this OpenID provider provides to the person registering the client to read about the OP's requirements on how the Relying Party can use the data provided by the OP.


    public
                getPolicyUri() : string

This corresponds to the op_policy_uri metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the policy page.

getPushedAuthReqDuration()

Get the duration of pushed authorization requests in seconds.


    public
                getPushedAuthReqDuration() : int|string

"OAuth 2.0 Pushed Authorization Requests" (PAR) defines an endpoint (called "pushed authorization request endpoint") which client applications can register authorization requests into and get corresponding URIs (called "request URIs") from. The issued URIs represent the registered authorization requests. client applications can use the URIs as the value of the request_uri request parameter in an authorization request.

The value returned from this method represents the duration of registered authorization requests and is used as the value of the expires_in parameter in responses from the pushed authorization request endpoint.

Return values

int|string —

The duration of pushed authorization requests in seconds.

getPushedAuthReqEndpoint()

Get the URI of the pushed authorization request endpoint. This property corresponds to the `pushed_authorization_request_endpoint` metadata defined in "OAuth 2.0 Pushed Authorization Requests".


    public
                getPushedAuthReqEndpoint() : string

Return values

string —

The URI of the pushed authorization request endpoint.

getRefreshTokenDuration()

Get the duration of refresh tokens in seconds.


    public
                getRefreshTokenDuration() : int|string

Return values

int|string —

The duration of refresh tokens.

getRegistrationEndpoint()

Get the URI of the registration endpoint.


    public
                getRegistrationEndpoint() : string

This corresponds to the registration_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the registration endpoint.

getRegistrationManagementEndpoint()

Get the URI of the registration management endpoint.


    public
                getRegistrationManagementEndpoint() : string

If dynamic client registration is supported and this property is set, this URI will be used as the base of the client's management endpoint by appending /clientID/ to it as a path element. If this property is not set, the value of registrationEndpoint will be used as the URI base instead.

Return values

string —

The URI of the registration management endpoint.

getRevocationEndpoint()

Get the URI of the revocation endpoint.


    public
                getRevocationEndpoint() : string

This corresponds to the revocation_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the revocation endpoint.

getServiceDocumentation()

Get the URI of a page containing human-readable information that developers might want or need to know when using this OpenID provider.


    public
                getServiceDocumentation() : string

This corresponds to the service_documentation metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the documentation for developers.

getServiceName()

Get the service name.


    public
                getServiceName() : string

Return values

string —

The service name.

getSnsCredentials()

Get the list of SNS credentials used for social login.


    public
                getSnsCredentials() : array<string|int, SnsCredentials>

Return values

array<string|int, SnsCredentials> —

The list of SNS credentials.

getSupportedAcrs()

Get ACR (Authentication Context Class Reference) values supported by this service.


    public
                getSupportedAcrs() : array<string|int, string>

This corresponds to the acr_values_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, string> —

Supported ACR values.

getSupportedAuthorizationDataTypes()

Get the supported data types that can be used as values of the `type` field in `authorization_details`.


    public
                getSupportedAuthorizationDataTypes() : array<string|int, string>

This property corresponds to the authorization_data_types_supported metadata defined in "OAuth 2.0 Rich Authorization Requests".

Return values

array<string|int, string> —

Supported data types.

getSupportedBackchannelTokenDeliveryModes()

Get the supported backchannel token delivery modes. This property corresponds to the `backchannel_token_delivery_modes_supported` metadata defined in CIBA.


    public
                getSupportedBackchannelTokenDeliveryModes() : array<string|int, DeliveryMode>

Return values

array<string|int, DeliveryMode> —

Supported backchannel token delivery modes.

getSupportedClaimLocales()

Get language and scripts for claim values supported by this service.


    public
                getSupportedClaimLocales() : array<string|int, string>

This corresponds to the claims_locales_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, string> —

Supported language and scripts for claim values.

getSupportedClaims()

Get claims supported by this service.


    public
                getSupportedClaims() : array<string|int, string>

This corresponds to the claims_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, string> —

Supported claims.

getSupportedClaimTypes()

Get claim types supported by this service.


    public
                getSupportedClaimTypes() : array<string|int, ClaimType>

This corresponds to the claim_types_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, ClaimType> —

Supported claim types.

getSupportedDeveloperSnses()

Get the list of supported SNSes used for social login at the developer console.


    public
                getSupportedDeveloperSnses() : array<string|int, Sns>

NOTE: This feature is not implemented yet.

Return values

array<string|int, Sns> —

Supported SNSes for social login at the developer console.

getSupportedDisplays()

Get the values of the "display" request parameter supported by this service.


    public
                getSupportedDisplays() : array<string|int, Display>

This corresponds to the display_values_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, Display> —

Supported client authentication methods at the token endpoint.

getSupportedEvidence()

Get evidence supported by this service.


    public
                getSupportedEvidence() : array<string|int, string>

This property corresponds to the evidence_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Return values

array<string|int, string> —

Supported evidence.

getSupportedGrantTypes()

Get the grant types supported by this service.


    public
                getSupportedGrantTypes() : array<string|int, GrantType>

This corresponds to the grant_types_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, GrantType> —

Supported grant types.

getSupportedIdentityDocuments()

Get identity documents supported by this service.


    public
                getSupportedIdentityDocuments() : array<string|int, string>

This property corresponds to the id_documents_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Return values

array<string|int, string> —

Supported identity documents.

getSupportedIntrospectionAuthMethods()

Get client authentication methods at the introspection endpoint supported by this service.


    public
                getSupportedIntrospectionAuthMethods() : array<string|int, ClientAuthMethod>

This corresponds to the introspection_endpoint_auth_methods_supported metadata defined in "OAuth 2.0 Authorization Server Metadata".

Return values

array<string|int, ClientAuthMethod> —

Supported client authentication methods at the introspection endpoint.

getSupportedResponseTypes()

Get the response types supported by this service.


    public
                getSupportedResponseTypes() : array<string|int, ResponseType>

This corresponds to the response_types_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, ResponseType> —

Supported response types.

getSupportedRevocationAuthMethods()

Get client authentication methods at the revocation endpoint supported by this service.


    public
                getSupportedRevocationAuthMethods() : array<string|int, ClientAuthMethod>

This corresponds to the revocation_endpoint_auth_methods_supported metadata defined in "OAuth 2.0 Authorization Server Metadata".

Return values

array<string|int, ClientAuthMethod> —

Supported client authentication methods at the revocation endpoint.

getSupportedScopes()

Get the scopes supported by this service.


    public
                getSupportedScopes() : array<string|int, Scope>

This corresponds to the scopes_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, Scope> —

Supported scopes.

getSupportedServiceProfiles()

Get the service profiles supported by this service.


    public
                getSupportedServiceProfiles() : array<string|int, ServiceProfile>

Return values

array<string|int, ServiceProfile> —

Supported service profiles.

getSupportedSnses()

Get the list of supported SNSes for social login at the direct authorization endpoint.


    public
                getSupportedSnses() : array<string|int, Sns>

Return values

array<string|int, Sns> —

Supported SNSes for social login at the direct authorization endpoint.

getSupportedTokenAuthMethods()

Get client authentication methods at the token endpoint supported by this service.


    public
                getSupportedTokenAuthMethods() : array<string|int, ClientAuthMethod>

This corresponds to the token_endpoint_auth_methods_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, ClientAuthMethod> —

Supported client authentication methods at the token endpoint.

getSupportedTrustFrameworks()

Get trust frameworks supported by this service.


    public
                getSupportedTrustFrameworks() : array<string|int, string>

This property corresponds to the trust_frameworks_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Return values

array<string|int, string> —

Supported trust frameworks.

getSupportedUiLocales()

Get language and scripts for the user interface supported by this service.


    public
                getSupportedUiLocales() : array<string|int, string>

This corresponds to the ui_locales_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

array<string|int, string> —

Supported language and scripts for the user interface.

getSupportedVerificationMethods()

Get verification methods supported by this service.


    public
                getSupportedVerificationMethods() : array<string|int, string>

This property corresponds to the id_documents_verification_methods_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Return values

array<string|int, string> —

Supported verification methods.

getSupportedVerifiedClaims()

Get verified claims supported by this service.


    public
                getSupportedVerifiedClaims() : array<string|int, string>

This property corresponds to the claims_in_verified_claims_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Return values

array<string|int, string> —

Supported verified claims.

getTokenEndpoint()

Get the URI of the authorization endpoint.


    public
                getTokenEndpoint() : string

This corresponds to the token_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the token endpoint.

getTosUri()

Get the URI that this OpenID provider provides to the person registering the client to read about the OP's terms of service.


    public
                getTosUri() : string

This corresponds to the op_tos_uri metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the Terms Of Service page.

getTrustedRootCertificates()

Get trusted root certificates.


    public
                getTrustedRootCertificates() : array<string|int, string>

If isMutualTlsValidatePkiCertChain() returns true, pre-registered trusted root certificates are used to validate client certificates.

Return values

array<string|int, string> —

Trusted root certificates.

getUserCodeCharset()

Get the character set for end-user verification codes (`user_code`) for the device flow.


    public
                getUserCodeCharset() : UserCodeCharset

Return values

UserCodeCharset —

The character set for end-user verification codes.

getUserCodeLength()

Get the length of end-user verification codes (`user_code`) for the device flow.


    public
                getUserCodeLength() : int

Return values

int —

The length of end-user verification codes.

getUserInfoEndpoint()

Get the URI of the UserInfo endpoint.


    public
                getUserInfoEndpoint() : string

This corresponds to the userinfo_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Return values

string —

The URI of the UserInfo endpoint.

getUserInfoSignatureKeyId()

Get the key ID to identify a JWK used for ID user info signature using an asymmetric key.


    public
                getUserInfoSignatureKeyId() : string

A JWK Set can be registered as a property of a Service. A JWK Set can contain 0 or more JWKs (See RFC 7517 for details). Authlete Server has to pick up one JWK for signature from the JWK Set when it is required to sign user info (which is returned from UserInfo Endpoint) using an asymmetric key. Authlete Server searches the registered JWK Set for a JWK which satisifies conditions for user info signature. If the number of JWK candidates which satisfy the conditions is 1, there is no problem. On the other hand, if there exist multiple candidates, a Key ID is needed to be specified so that Authlete Server can pick up one JWK from among the JWK candidates.

This userInfoSignatureKeyId property exists for the purpose described above. For key rotation (OpenID Connect Core 1.0, 10.1.1. Rotation of Asymmetric Signing Keys), this mechanism is needed.

Return values

string —

A key ID of a JWK. This may be null.

isBackchannelBindingMessageRequiredInFapi()

Get the flag which indicates whether the `binding_message` request parameter is always required whenever a backchannel authentication request is judged as a request for Financial-grade API.


    public
                isBackchannelBindingMessageRequiredInFapi() : bool

Return values

bool —

true if the binding_message request parameter is required whenever a backchannel authentication request is judged as a request for Financial-grade API.

isBackchannelUserCodeParameterSupported()

Get the flag which indicates whether the `user_code` request parameter is supported at the backchannel authentication endpoint. This property corresponds to the `backchannel_user_code_parameter_supported` metadata.


    public
                isBackchannelUserCodeParameterSupported() : bool

Return values

bool —

true if the user_code request parameter is supported at the backchannel authentication endpoint.

isClaimShortcutRestrictive()

Get the flag which indicates whether claims specified by shortcut scopes (e.g. `profile`) are included in the issued ID token only when no access token is issued.


    public
                isClaimShortcutRestrictive() : bool

Return values

bool —

true if claims specified by shortcut scopes are included in the issued ID token only when no access token is issued. false if the claims are included in the issued ID token regardless of whether an access token is issued or not.

isClientIdAliasEnabled()

Get the flag which indicates whether the "Client ID Alias" feature is enabled or not.


    public
                isClientIdAliasEnabled() : bool

Return values

bool —

true if the "Client ID Alias" feature is enabled. false if the feature is disabled.

isDirectAuthorizationEndpointEnabled()

Get the flag which indicates whether the direct authorization endpoint is enabled or not.


    public
                isDirectAuthorizationEndpointEnabled() : bool

The path of the endpoint is /api/auth/authorization/direct/{serviceApiKey}. The default value of this flag is true, but it is recommended to disable the endpoint for production use.

Authlete provides APIs for developers to implement an authorization endpoint such as /api/auth/authorization, /api/auth/authorization/issue and /api/auth/authorization/fail. On the other hand, the direct authorization endpoint is an implementation that directly works as an authorization endpoint. However, the endpoint exists mainly for development / experiment purposes, so it is recommended to disable it in a production environment.

Return values

bool —

true if the direct authorization endpoint is enabled.

isDirectIntrospectionEndpointEnabled()

Get the flag which indicates whether the direct introspection endpoint is enabled or not.


    public
                isDirectIntrospectionEndpointEnabled() : bool

The path of the endpoint is /api/auth/introspection/standard/direct. The API is protected by pairs of API key and API secret of services.

Authlete provides an API (/api/auth/introspection/standard) for developers to implement an introspection endpoint (RFC 7662). On the other hand, the direct introspection endpoint is an implementation that directly works as an introspection endpoint.

Note that Authlete provides another different introspection API (/api/auth/introspection). It does not comply with RFC 7662 but is much more useful for developers who implement protected resource endpoints.

Return values

bool —

true if the direct introspection endpoint is enabled.

isDirectJwksEndpointEnabled()

Get the flag which indicates whether the direct JWK Set document endpoint is enabled or not.


    public
                isDirectJwksEndpointEnabled() : bool

The path of the endpoint is /api/service/jwks/get/direct/{serviceApiKey}.

Authlete provides an API (/api/service/jwks/get) for developers to implement a JWK Set document endpoint which exposes the JWK Set document (RFC 7517) of the service. On the other hand, the direct JWK Set document endpoint is an implementation that directly works as a JWK Set document endpoint.

Return values

bool —

true if the direct JWK Set document endpoint is enabled.

isDirectRevocationEndpointEnabled()

Get the flag which indicates whether the direct revocation endpoint is enabled or not.


    public
                isDirectRevocationEndpointEnabled() : bool

The path of the endpoint is /api/auth/revocation/direct/{serviceApiKey}.

Authlete provides an API (/api/auth/revocation) for developers to implement a revocation endpoint (RFC 7009. On the other hand, the direct revocation endpoint is an implementation that directly works as a revocation endpoint.

Return values

bool —

true if the direct revocation endpoint is enabled.

isDirectTokenEndpointEnabled()

Get the flag which indicates whether the direct token endpoint is enabled or not.


    public
                isDirectTokenEndpointEnabled() : bool

The path of the endpoint is /api/auth/token/direct/{serviceApiKey}. The default value of this flag is true, but it is recommended to disable the endpoint for production use.

Authlete provides APIs for developers to implement a token endpoint such as /api/auth/token, /api/auth/token/issue and /api/auth/token/fail. On the other hand, the direct token endpoint is an implementation that directly works as a token endpoint. However, the endpoint exists mainly for development / experiment purposes, so it is recommended to disable it in a production environment.

Return values

bool —

true if the direct token endpoint is enabled.

isDirectUserInfoEndpointEnabled()

Get the flag which indicates whether the direct userinfo endpoint is enabled or not.


    public
                isDirectUserInfoEndpointEnabled() : bool

NOTE: This feature has not been implemented yet.

Authlete provides APIs for developers to implement a userinfo endpoint (5.3. UserInfo Endpoint) such as /api/auth/userinfo and /api/auth/userinfo/issue.

Return values

bool —

true if the direct userinfo endpoint is enabled.

isDynamicRegistrationSupported()

Get the flag which indicates whether dynamic client registration is supported.


    public
                isDynamicRegistrationSupported() : bool

Return values

bool —

true if dynamic client registration is supported.

isErrorDescriptionOmitted()

Get the flag which indicates whether the error_description response parameter is omitted.


    public
                isErrorDescriptionOmitted() : bool

According to RFC 6749, authorization servers may include the error_description response parameter in error responses. When this property is true, Authlete does not embed the error_description response parameter in error responses.

Return values

bool —

true if the error_description response parameter is omitted. false if the error_description response parameter is included in error responses from the authorization server.

isErrorUriOmitted()

Get the flag which indicates whether the error_uri response parameter is omitted.


    public
                isErrorUriOmitted() : bool

According to RFC 6749, authorization servers may include the error_uri response parameter in error responses. When this property is true, Authlete does not embed the error_uri response parameter in error responses.

Return values

bool —

true if the error_uri response parameter is omitted. false if the error_uri response parameter is included in error responses from the authorization server.

isIssSuppressed()

Get the flag indicating whether generation of the `iss` response parameter is suppressed.


    public
                isIssSuppressed() : bool

"OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response" has defined a new authorization response parameter, iss, as a countermeasure for a certain type of mix-up attacks.

The specification requires that the iss response parameter always be included in authorization responses unless JARM (JWT Secured Authorization Response Mode) is used.

When this flag is true, the authorization server does not include the iss response parameter in authorization responses. By turning this flag on and off, developers can experiment the mix-up attack and the effect of the iss response parameter.

Note that this flag should not be true in production environment unless there are special reasons for it.

Return values

bool —

true if the authorization server does not include the iss response parameter in authorization responses.

isMissingClientIdAllowed()

Get the flag which indicates whether token requests from public clients without the `client_id` request parameter are allowed when the client can be guessed from `authorization_code` or `refresh_token`.


    public
                isMissingClientIdAllowed() : bool

This flag should not be set unless you have special reasons.

Return values

bool —

true if token requests from public clients without the client_id request parameter are allowed in the authorization code flow and the refresh token flow.

isMutualTlsValidatePkiCertChain()

Get the flag which indicates whether to check if client certificates can be reached from pre-registered trusted root certificates.


    public
                isMutualTlsValidatePkiCertChain() : bool

Return values

bool —

true if validation of client certificates is performed.

isNbfOptional()

Get the flag indicating whether the `nbf` claim in the request object is optional even when the authorization request is regarded as a FAPI-Part2 request.


    public
                isNbfOptional() : bool

The final version of Financial-grade API was approved in January, 2021. The Part 2 of the final version has new requirements on lifetime of request objects. They require that request objects contain an nbf claim and the lifetime computed by exp - nbf be no longer than 60 minutes.

Therefore, when an authorization request is regarded as a FAPI-Part2 request, the request object used in the authorization request must contain an nbf claim. Otherwise, the authorization server rejects the authorization request.

When this flag is true, the nbf claim is treated as an optional claim even when the authorization request is regarded as a FAPI-Part2 request. That is, the authorization server does not perform the validation on lifetime of the request object.

Skipping the validation is a violation of the FAPI specification. The reason why this flag has been prepared nevertheless is that the new requirements (which do not exist in the Implementer's Draft 2 released in October, 2018) have big impacts on deployed implementations of client applications and Authlete thinks there should be a mechanism whereby to make the migration from ID2 to Final smooth without breaking live systems.

Return values

bool —

true if the nbf claim is treated as an optional claim even when the authorization request is regarded as a FAPI-Part2 request.

isParRequired()

Get the flag which indicates whether this service requires that clients use PAR.


    public
                isParRequired() : bool

This property corresponds to the require_pushed_authorization_requests metadata defined in "OAuth 2.0 Pushed Authorization Requests" (PAR).

Return values

bool —

true if clients of this service are required to use PAR.

isPkceRequired()

Get the flag which indicates whether the use of Proof Key for Code Exchange (PKCE) is always required for authorization requests using Authorization Code Flow.


    public
                isPkceRequired() : bool

Return values

bool —

true if PKCE is always required for the authorization code flow.

isPkceS256Required()

Get the flag which indicates whether `S256` is always required as the code challenge method whenever PKCE is used.


    public
                isPkceS256Required() : bool

If this flag is true, code_challenge_method=S256 must be included in the authorization request whenever it includes the code_challenge request parameter. Neither omission of code_challenge_method request parameter nor use of plain (code_challenge_method=plain) is allowed.

Return values

bool —

true if S256 is always required as the code challenge method whenever PKCE is used.

isRefreshTokenDurationKept()

Get the flag which indicates whether the remaining duration of the used refresh token is taken over to the newly issued one.


    public
                isRefreshTokenDurationKept() : bool

Return values

bool —

true if the remaining duration of the used refresh token is taken over to the newly issued one.

isRefreshTokenKept()

Get the flag which indicates whether a refresh token remains valid or gets renewed after its use.


    public
                isRefreshTokenKept() : bool

Return values

bool —

true if a refresh token remains valid after its use. false if a new refresh token is issued after its use.

isRequestObjectRequired()

Get the flag which indicates whether this service requires that authorization requests always utilize a request object by using either `request` or `request_uri` request parameter.


    public
                isRequestObjectRequired() : bool

If this method returns true and isTraditionalRequestObjectProcessingApplied() returns false, the value of require_signed_request_object server metadata of this service is reported as true in the discovery document. The metadata is defined in JAR (JWT Secured Authorization Request). That require_signed_request_object is true means that authorization requests which don't conform to the JAR specification are rejected.

Return values

bool —

true if this service requires that authorization requests always utilize a request object.

isScopeRequired()

Get the flag which indicates whether requests that request no scope are rejected or not.


    public
                isScopeRequired() : bool

When a request has no explicit scope parameter and the service's pre-defined default scope set is empty, the authorization server regards the request requests no scope. When this method returns true, requests that request no scope are rejected.

Return values

bool —

true if the authorization server rejects requests that request no scope. false if the authorization server admits requests that request no scope.

isSingleAccessTokenPerSubject()

Get the flag which indicates whether the number of access tokens per subject (and per client) is at most one or can be more.


    public
                isSingleAccessTokenPerSubject() : bool

If this flag is true, an attempt to issue a new access token invalidates existing access tokens which are associated with the same subject and the same client application.

Note that, however, attempts by Client Credentials Flow do not invalidate existing access tokens because access tokens issued by Client Credentials Flow are not associated with any end-user's subject. Also note that an attempt by Refresh Token Flow invalidates the coupled access token only and this invalidation is always performed regardless of whether this flag is true or false.

Return values

bool —

true if the number of access tokens per subject per client is at most one.

isTlsClientCertificateBoundAccessTokens()

Get the flag which indicates whether this service supports "TLS client certificate bound access tokens".


    public
                isTlsClientCertificateBoundAccessTokens() : bool

If this method returns true, client applications whose isTlsClientCertificateBoundAccessTokens() returns true are required to present a client certificate on token requests to the authorization server and on API calls to the resource server.

Return values

bool —

true if this service supports "TLS client certificate bound access tokens".

isTraditionalRequestObjectProcessingApplied()

Get the flag which indicates whether a request object is processed based on rules defined in OpenID Connect Core 1.0 or JAR (JWT Secured Authorization Request).


    public
                isTraditionalRequestObjectProcessingApplied() : bool

Differences between rules in OpenID Connect Core 1.0 and ones in JAR are as follows.

JAR requires that a request object be always signed.
JAR does not allow request parameters outside a request object to be referred to.
OIDC Core 1.0 requires that response_type request parameter exist outside a request object even if the request object includes the request parameter.
OIDC Core 1.0 requires that scope request parameter exist outside a request object if the authorization request is an OIDC request even if the request object includes the request parameter.

If this method returns false and isRequestObjectRequired() method returns true, the value of require_signed_request_object server metadata of this service is reported as true in the discovery document. That require_signed_request_object is true means that authorization requests which don't conform to the JAR specification are rejected.

Return values

bool —

true if rules defined in OpenID Connect Core 1.0 are applied on processing a request object. false if rules defined in JAR (JWT Secured Authorization Request) are applied.

setAccessTokenDuration()

Set the duration of access tokens in seconds.


    public
                setAccessTokenDuration(int|string $duration) : Service

It is the value of the expires_in parameter in access token responses.

Parameters

$duration : int|string: The duration of access tokens.

Return values

Service —

$this object.

setAccessTokenSignAlg()

Set the signature algorithm of access tokens.


    public
                setAccessTokenSignAlg([JWSAlg $alg = null ]) : Service

When null is set, access tokens issued by this service are just random strings. On the other hand, when a non-null value is set, access tokens issued by this service are JWTs and the value set by this method is used as the signature algorithm of the JWTs.

Parameters

$alg : JWSAlg = null: The signature algorithm of JWT-based access tokens. Note that symmetric algorithms (HS256, HS384 and HS512) are not supported.

Return values

Service —

$this object.

setAccessTokenSignatureKeyId()

Set the key ID to identify a JWK used for signing access tokens.


    public
                setAccessTokenSignatureKeyId(string $keyId) : Service

See the description of getAccessTokenSignatureKeyId() for details.

Parameters

$keyId : string: A key ID of a JWK. This may be null.

Return values

Service —

$this object.

setAccessTokenType()

Set the token type of access tokens issued by this authorization server.


    public
                setAccessTokenType(string $type) : Service

It is the value of the token_type parameter in access token responses. Bearer is recommended.

Parameters

$type : string: The token type of access tokens.

Return values

Service —

$this object.

setAllowableClockSkew()

Get the allowable clock skew between the server and clients in seconds.


    public
                setAllowableClockSkew(int $seconds) : Service

The clock skew is taken into consideration when time-related claims in a JWT (e.g. exp, iat and nbf) are verified.

Parameters

$seconds : int: Allowable clock skew in seconds. Must be in between 0 and 65535.

Return values

Service —

$this object.

setApiKey()

Set the API key of this service.


    public
                setApiKey(int|string $apiKey) : Service

Parameters

$apiKey : int|string: The API key.

Return values

Service —

$this object.

setApiSecret()

Set the API secret of this service.


    public
                setApiSecret(string $secret) : Service

Parameters

$secret : string: The API secret.

Return values

Service —

$this object.

setAuthenticationCallbackApiKey()

Set the API key to access the authentication callback endpoint.


    public
                setAuthenticationCallbackApiKey(string $apiKey) : Service

Parameters

$apiKey : string: The API key to access the authentication callback endpoint.

Return values

Service —

$this object.

setAuthenticationCallbackApiSecret()

Set the API secret to access the authentication callback endpoint.


    public
                setAuthenticationCallbackApiSecret(string $apiSecret) : Service

Parameters

$apiSecret : string: The API secret to access the authentication callback endpoint.

Return values

Service —

$this object.

setAuthenticationCallbackEndpoint()

Set the URI of the authentication callback endpoint.


    public
                setAuthenticationCallbackEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The URI of the authentication callback endpoint.

Return values

Service —

$this object.

setAuthorizationEndpoint()

Set the URI of the authorization endpoint.


    public
                setAuthorizationEndpoint(string $endpoint) : Service

This corresponds to the authorization_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$endpoint : string: The URI of the authorization endpoint.

Return values

Service —

$this object.

setAuthorizationResponseDuration()

Set the duration of authorization response JWTs in seconds.


    public
                setAuthorizationResponseDuration(int|string $duration) : Service

Parameters

$duration : int|string: The duration of authorization response JWTs in seconds.

Return values

Service —

$this object.

setAuthorizationSignatureKeyId()

Set the key ID to identify a JWK used for signing authorization responses using an asymmetric key.


    public
                setAuthorizationSignatureKeyId(string $keyId) : Service

See the description of getAuthorizationSignatureKeyId() for details.

Parameters

$keyId : string: A key ID of a JWK. This may be null.

Return values

Service —

$this object.

setBackchannelAuthenticationEndpoint()

Set the URI of the backchannel authentication endpoint.


    public
                setBackchannelAuthenticationEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The URI of the backchannel authentication endpoint.

Return values

Service —

$this object.

setBackchannelAuthReqIdDuration()

Set the duration of backchannel authentication request IDs issued from the backchannel authentication endpoint in seconds. This is used as the value of the `expires_in` property in responses from the backchannel authentication endpoint.


    public
                setBackchannelAuthReqIdDuration(int|string $duration) : Service

Parameters

$duration : int|string: The duration of backchannel authentication request IDs in seconds.

Return values

Service —

$this object.

setBackchannelBindingMessageRequiredInFapi()

Set the flag which indicates whether the `binding_message` request parameter is always required whenever a backchannel authentication request is judged as a request for Financial-grade API.


    public
                setBackchannelBindingMessageRequiredInFapi(bool $required) : Service

The FAPI-CIBA profile requires that the authorization server "shall ensure unique authorization context exists in the authorization request or require a binding_message in the authorization request" (FAPI-CIBA, 5.2.2., 2). The simplest way to fulfill this requirement is to set true to this property.

If false is set to this property, the binding_message request parameter remains optional even in FAPI context, but in exchange, your authorization server must implement a custom mechanism that ensures each backchannel authentication request has unique context.

Parameters

$required : bool: true to require the binding_message request parameter whenever a backchannel authentication request is judged as a request for Financial-grade API.

Return values

Service —

$this object.

setBackchannelPollingInterval()

Set the minimum interval between polling requests to the token endpoint from client applications in seconds. This is used as the value of the `interval` property in responses from the backchannel authentication endpoint.


    public
                setBackchannelPollingInterval(int $interval) : Service

Parameters

$interval : int: The minimum interval between polling requests in seconds.

Return values

Service —

$this object.

setBackchannelUserCodeParameterSupported()

Set the flag which indicates whether the `user_code` request parameter is supported at the backchannel authentication endpoint. This property corresponds to the `backchannel_user_code_parameter_supported` metadata.


    public
                setBackchannelUserCodeParameterSupported(bool $supported) : Service

Parameters

$supported : bool: true to indicate that the user_code request parameter is supported at the backchannel authentication endpoint.

Return values

Service —

$this object.

setClaimShortcutRestrictive()

Set the flag which indicates whether claims specified by shortcut scopes (e.g. `profile`) are included in the issued ID token only when no access token is issued.


    public
                setClaimShortcutRestrictive(bool $restrictive) : Service

To strictly conform to the description below excerpted from OpenID Connect Core 1.0 Section 5.4, true has to be set.

"The Claims requested by the profile, email, address, and phone scope values are returned from the UserInfo Endpoint, as described in Section 5.3.2, when a response_type value is used that results in an Access Token being issued. However, when no Access Token is issued (which is the case for response_type value id_token), the resulting Claims are returned in the ID Token."

Parameters

$restrictive : bool: true to include claims specified by shortcut scopes in the issued ID token only when no access token is issued. false to include the claims in the issued ID token regardless of whether an access token is issued or not.

Return values

Service —

$this object.

setClientIdAliasEnabled()

Enable/disable the "Client ID Alias" feature.


    public
                setClientIdAliasEnabled(bool $enabled) : Service

When a new client is created, Authlete generates a numeric value and assigns it as a client ID to the newly created client. In addition to the client ID, each client can have a client ID alias. The client ID alias is, however, recognized only when this property is true.

Parameters

$enabled : bool: true to enable the "Client ID Alias" feature. falses to disable the feature.

Return values

Service —

$this object.

setClientsPerDeveloper()

Set the number of client applications that one developer can have.


    public
                setClientsPerDeveloper(int $count) : Service

Parameters

$count : int: The number of client applications that one developer can have. 0 means that developers can have as many client applications as they want.

Return values

Service —

$this object.

setCreatedAt()

Set the time at which this service was created.


    public
                setCreatedAt(int|string $createdAt) : Service

Parameters

$createdAt : int|string: The time at which this service was created. The value should be represented as milliseconds since the Unix epoch (1970-Jan-1).

Return values

Service —

$this object.

setDescription()

Set the description about this service.


    public
                setDescription(string $description) : Service

Parameters

$description : string: The description about this service.

Return values

Service —

$this object.

setDeveloperAuthenticationCallbackApiKey()

Set the API key to access the developer authentication callback endpoint.


    public
                setDeveloperAuthenticationCallbackApiKey(string $apiKey) : Service

Parameters

$apiKey : string: The API key to access the developer authentication callback endpoint.

Return values

Service —

$this object.

setDeveloperAuthenticationCallbackApiSecret()

Set the API secret to access the developer authentication callback endpoint.


    public
                setDeveloperAuthenticationCallbackApiSecret(string $apiSecret) : Service

Parameters

$apiSecret : string: The API secret to access the developer authentication callback endpoint.

Return values

Service —

$this object.

setDeveloperAuthenticationCallbackEndpoint()

Set the URI of the developer authentication callback endpoint.


    public
                setDeveloperAuthenticationCallbackEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The URI of the developer authentication callback endpoint.

Return values

Service —

$this object.

setDeveloperSnsCredentials()

Get the list of SNS credentials used for social login at the developer console.


    public
                setDeveloperSnsCredentials([array<string|int, SnsCredentials> $credentials = null ]) : Service

NOTE: This feature is not implemented yet.

Parameters

$credentials : array<string|int, SnsCredentials> = null: The list of SNS credentials used for social login at the developer console.

Return values

Service —

$this object.

setDeviceAuthorizationEndpoint()

Set the URI of the device authorization endpoint.


    public
                setDeviceAuthorizationEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The URI of the device authorization endpoint.

Return values

Service —

$this object.

setDeviceFlowCodeDuration()

Set the duration of device verification codes and end-user verification codes issued from the device authorization endpoint in seconds. This is used as the value of the `expires_in` property in responses from the device authorization endpoint.


    public
                setDeviceFlowCodeDuration(int|string $duration) : Service

Parameters

$duration : int|string: The duration of device verification codes and end-user verification codes in seconds.

Return values

Service —

$this object.

setDeviceFlowPollingInterval()


    public
                setDeviceFlowPollingInterval(int $interval) : Service

Parameters

$interval : int: The minimum interval between polling requests in seconds.

Return values

Service —

$this object.

setDeviceVerificationUri()

Set the verification URI for the device flow. This URI is used as the value of the `verification_uri` parameter in responses from the device authorization endpoint.


    public
                setDeviceVerificationUri(string $uri) : Service

Parameters

$uri : string: The verification URI.

Return values

Service —

$this object.

setDeviceVerificationUriComplete()

Set the verification URI for the device flow with a placeholder for a user code. This URI is used to build the value of the `verification_uri_complete` parameter in responses from the device authorization endpoint.


    public
                setDeviceVerificationUriComplete(string $uri) : Service

It is expected that the URI contains a fixed string USER_CODE somewhere as a placeholder for a user code. For example, https://example.com/device?user_code=USER_CODE.

The fixed string is replaced with an actual user code when Authlete builds a verification URI with a user code for the verification_uri_complete parameter.

If this URI is not set, the verification_uri_complete parameter won't appear in device authorization responses.

Parameters

$uri : string: The verification URI with a placeholder for a user code.

Return values

Service —

$this object.

setDirectAuthorizationEndpointEnabled()

Set the flag which indicates whether the direct authorization endpoint is enabled or not.


    public
                setDirectAuthorizationEndpointEnabled(bool $enabled) : Service

The path of the endpoint is /api/auth/authorization/direct/{serviceApiKey}. The default value of this flag is true, but it is recommended to disable the endpoint for production use.

Parameters

$enabled : bool: true if the direct authorization endpoint is enabled.

Return values

Service —

$this object.

setDirectIntrospectionEndpointEnabled()

Set the flag which indicates whether the direct introspection endpoint is enabled or not.


    public
                setDirectIntrospectionEndpointEnabled(bool $enabled) : Service

The path of the endpoint is /api/auth/introspection/standard/direct. The API is protected by pairs of API key and API secret of services.

Parameters

$enabled : bool: true if the direct introspection endpoint is enabled.

Return values

Service —

$this object.

setDirectJwksEndpointEnabled()

Set the flag which indicates whether the direct JWK Set document endpoint is enabled or not.


    public
                setDirectJwksEndpointEnabled(bool $enabled) : Service

The path of the endpoint is /api/service/jwks/get/direct/{serviceApiKey}.

Parameters

$enabled : bool: true to enable the direct JWK Set document endpoint.

Return values

Service —

$this object.

setDirectRevocationEndpointEnabled()

Set the flag which indicates whether the direct revocation endpoint is enabled or not.


    public
                setDirectRevocationEndpointEnabled(bool $enabled) : Service

The path of the endpoint is /api/auth/revocation/direct/{serviceApiKey}.

Parameters

$enabled : bool: true to enable the direct revocation endpoint.

Return values

Service —

$this object.

setDirectTokenEndpointEnabled()

Set the flag which indicates whether the direct token endpoint is enabled or not.


    public
                setDirectTokenEndpointEnabled(bool $enabled) : Service

The path of the endpoint is /api/auth/token/direct/{serviceApiKey}. The default value of this flag is true, but it is recommended to disable the endpoint for production use.

Parameters

$enabled : bool: true to enable the direct token endpoint.

Return values

Service —

$this object.

setDirectUserInfoEndpointEnabled()

Set the flag which indicates whether the direct userinfo endpoint is enabled or not.


    public
                setDirectUserInfoEndpointEnabled(bool $enabled) : Service

NOTE: This feature has not been implemented yet.

Authlete provides APIs for developers to implement a userinfo endpoint (5.3. UserInfo Endpoint) such as /api/auth/userinfo and /api/auth/userinfo/issue.

Parameters

$enabled : bool: true to enable the direct userinfo endpoint.

Return values

Service —

$this object.

setDynamicRegistrationSupported()

Set the flag which indicates whether dynamic client registration is supported.


    public
                setDynamicRegistrationSupported(bool $supported) : Service

Parameters

$supported : bool: true to indicate that dynamic client registration is supported.

Return values

Service —

$this object.

setEndSessionEndpoint()

Set the end session endpoint for the service. This endpoint is used by clients to signal to the IdP that the user's session should be terminated.


    public
                setEndSessionEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The end session endpoint.

Return values

Service —

$this object.

setErrorDescriptionOmitted()

Omit or embed the error_description response parameter in error responses.


    public
                setErrorDescriptionOmitted(bool $omitted) : Service

Parameters

$omitted : bool: true to omit the error_description response parameter. false to embed the parameter.

Return values

Service —

$this object.

setErrorUriOmitted()

Omit or embed the error_uri response parameter in error responses.


    public
                setErrorUriOmitted(bool $omitted) : Service

Parameters

$omitted : bool: true to omit the error_uri response parameter. false to embed the parameter.

Return values

Service —

$this object.

setIdTokenDuration()

Set the duration of ID tokens in seconds.


    public
                setIdTokenDuration(int|string $duration) : Service

Parameters

$duration : int|string: The duration of ID tokens.

Return values

Service —

$this object.

setIdTokenSignatureKeyId()

Set the key ID to identify a JWK used for ID token signature using an asymmetric key.


    public
                setIdTokenSignatureKeyId(string $keyId) : Service

See the description of getIdTokenSignatureKeyId() for details.

Parameters

$keyId : string: A key ID of a JWK. This may be null.

Return values

Service —

$this object.

setIntrospectionEndpoint()

Set the URI of the introspection endpoint.


    public
                setIntrospectionEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The URI of the introspection endpoint.

Return values

Service —

$this object.

setIssSuppressed()

Set the flag indicating whether generation of the `iss` response parameter is suppressed.


    public
                setIssSuppressed(bool $suppressed) : Service

See the description of isIssSuppressed() for details about this flag.

Parameters

$suppressed : bool: true to make the authorization server suppress the iss response parameter.

Return values

Service —

$this object.

setIssuer()

Set the issuer identifier of this OpenID provider.


    public
                setIssuer(string $issuer) : Service

This corresponds to the issuer metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$issuer : string: The issuer identifier.

Return values

Service —

$this object.

setJwks()

Set the JWK Set document of this service.


    public
                setJwks(string $jwks) : Service

Parameters

$jwks : string: The JWK Set document.

Return values

Service —

$this object.

setJwksUri()

Set the URI of the JWK Set document of this service.


    public
                setJwksUri(string $uri) : Service

This corresponds to the jwks_uri metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$uri : string: The URI of the JWK Set document.

Return values

Service —

$this object

setMissingClientIdAllowed()

Set the flag which indicates whether token requests from public clients without the `client_id` request parameter are allowed when the client can be guessed from `authorization_code` or `refresh_token`.


    public
                setMissingClientIdAllowed(bool $allowed) : Service

This flag should not be set unless you have special reasons.

Parameters

$allowed : bool: true to allow token requests from public clients without the client_id request parameter are allowed in the authorization code flow and the refresh token flow.

Return values

Service —

$this object.

setModifiedAt()

Set the time at which this service was last modified.


    public
                setModifiedAt(int|string $modifiedAt) : Service

Parameters

$modifiedAt : int|string: The time at which this service was last modified. The value should be represented as milliseconds since the Unix epoch (1970-Jan-1).

Return values

Service —

$this object.

setMtlsEndpointAliases()

Set the MTLS endpoint aliases.


    public
                setMtlsEndpointAliases([array<string|int, NamedUri> $aliases = null ]) : Service

This property corresponds to the mtls_endpoint_aliases metadata defined in RFC 8705.

Parameters

$aliases : array<string|int, NamedUri> = null: MTLS endpoint aliases.

Return values

Service —

$this object.

setMutualTlsValidatePkiCertChain()

Set the flag which indicates whether to check if client certificates can be reached from pre-registered trusted root certificates.


    public
                setMutualTlsValidatePkiCertChain(bool $enabled) : Service

Parameters

$enabled : bool: true to perform validation of client certificates.

Return values

Service —

$this object.

setNbfOptional()

Set the flag indicating whether the `nbf` claim in the request object is optional even when the authorization request is regarded as a FAPI-Part2 request.


    public
                setNbfOptional(bool $optional) : Service

See the description of isNbfOptional() for details about this flag.

Parameters

$optional : bool: true to treat the nbf claim as an optional claim.

Return values

Service —

$this object.

setParRequired()

Set the flag which indicates whether this service requires that clients use PAR.


    public
                setParRequired(bool $required) : Service

This property corresponds to the require_pushed_authorization_requests metadata defined in "OAuth 2.0 Pushed Authorization Requests" (PAR).

Parameters

$required : bool: true to indicate that this service requires that clients use PAR.

Return values

Service —

$this object.

setPkceRequired()

Set the flag which indicates whether the use of Proof Key for Code Exchange (PKCE) is always required for authorization requests using Authorization Code Flow.


    public
                setPkceRequired(bool $required) : Service

Parameters

$required : bool: true to always require PKCE for the authorization code flow.

Return values

Service —

$this object.

setPkceS256Required()

Set the flag which indicates whether `S256` is always required as the code challenge method whenever PKCE is used.


    public
                setPkceS256Required(bool $required) : Service

Parameters

$required : bool: true to require S256 as the code challenge method whenever PKCE is used.

Return values

Service —

$this object.

setPolicyUri()

Set the URI that this OpenID provider provides to the person registering the client to read about the OP's requirements on how the Relying Party can use the data provided by the OP.


    public
                setPolicyUri(string $uri) : Service

This corresponds to the op_policy_uri metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$uri : string: The URI of the policy page.

Return values

Service —

$this object.

setPushedAuthReqDuration()

Set the duration of pushed authorization requests in seconds.


    public
                setPushedAuthReqDuration(int|string $duration) : Service

The value given to this method represents the duration of registered authorization requests and is used as the value of the expires_in parameter in responses from the pushed authorization request endpoint.

Parameters

$duration : int|string: The duration of pushed authorization requests in seconds.

Return values

Service —

$this object.

setPushedAuthReqEndpoint()

Set the URI of the pushed authorization request endpoint. This property corresponds to the `pushed_authorization_request_endpoint` metadata defined in "OAuth 2.0 Pushed Authorization Requests".


    public
                setPushedAuthReqEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The URI of the pushed authorization request endpoint.

Return values

Service —

$this object.

setRefreshTokenDuration()

Set the duration of refresh tokens in seconds.


    public
                setRefreshTokenDuration(int|string $duration) : Service

Parameters

$duration : int|string: The duration of refresh tokens.

Return values

Service —

$this object.

setRefreshTokenDurationKept()

Set the flag which indicates whether the remaining duration of the used refresh token is taken over to the newly issued one.


    public
                setRefreshTokenDurationKept(bool $kept) : Service

Parameters

$kept : bool: true to indicate that the remaining duration of the used refresh token is taken over to the newly issued one.

Return values

Service —

$this object.

setRefreshTokenKept()

Set the flag which indicates whether a refresh token remains valid or gets renewed after its use.


    public
                setRefreshTokenKept(bool $kept) : Service

Parameters

$kept : bool: true to keep a refresh token valid after its use. false to renew a refresh token after its use.

Return values

Service —

$this object.

setRegistrationEndpoint()

Set the URI of the registration endpoint.


    public
                setRegistrationEndpoint(string $endpoint) : Service

This corresponds to the registration_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$endpoint : string: The URI of the registration endpoint.

Return values

Service —

$this object.

setRegistrationManagementEndpoint()

Set the URI of the registration management endpoint.


    public
                setRegistrationManagementEndpoint(string $endpoint) : Service

Parameters

$endpoint : string: The URI of the registration management endpoint.

Return values

Service —

$this object.

setRequestObjectRequired()

Set the flag which indicates whether this service requires that authorization requests always utilize a request object by using either `request` or `request_uri` request parameter.


    public
                setRequestObjectRequired(bool $required) : Service

Parameters

$required : bool: true to require that authorization requests always utilize a request object.

Return values

Service —

$this object.

setRevocationEndpoint()

Set the URI of the revocation endpoint.


    public
                setRevocationEndpoint(string $endpoint) : Service

This corresponds to the revocation_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$endpoint : string: The URI of the revocation endpoint.

Return values

Service —

$this object.

setScopeRequired()

Set the flag which indicates whether requests that request no scope are rejected or not.


    public
                setScopeRequired(bool $required) : Service

When a request has no explicit scope parameter and the service's pre-defined default scope set is empty, the authorization server regards the request requests no scope. When true is set by this method, requests that request no scope are rejected.

Parameters

$required : bool: true to reject requests that request no scope. false to admit requests that request no scope.

Return values

Service —

$this object.

setServiceDocumentation()

Set the URI of a page containing human-readable information that developers might want or need to know when using this OpenID provider.


    public
                setServiceDocumentation(string $serviceDocumentation) : Service

This corresponds to the service_documentation metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$serviceDocumentation : string: The URI of the documentation for developers.

Return values

Service —

$this object.

setServiceName()

Set the service name.


    public
                setServiceName(string $serviceName) : Service

Parameters

$serviceName : string: The service name.

Return values

Service —

$this object.

setSingleAccessTokenPerSubject()

Set the flag which indicates whether the number of access tokens per subject (and per client) is at most one or can be more.


    public
                setSingleAccessTokenPerSubject(bool $enabled) : Service

If this flag is true, an attempt to issue a new access token invalidates existing access tokens which are associated with the same subject and the same client application.

Parameters

$enabled : bool: true to ensure that the number of access tokens per subject per client is at most one. false to allow multiple access tokens to be issued to a combination of the same subject and the same client.

Return values

Service —

$this object.

setSnsCredentials()

Set the list of SNS credentials used for social login.


    public
                setSnsCredentials([array<string|int, SnsCredentials> $credentials = null ]) : Service

Parameters

$credentials : array<string|int, SnsCredentials> = null: The list of SNS credentials.

Return values

Service —

$this object.

setSupportedAcrs()

Set ACR (Authentication Context Class Reference) values supported by this service.


    public
                setSupportedAcrs([array<string|int, string> $acrs = null ]) : Service

This corresponds to the acr_values_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$acrs : array<string|int, string> = null: Supported ACR values.

Return values

Service —

$this object.

setSupportedAuthorizationDataTypes()

Set the supported data types that can be used as values of the `type` field in `authorization_details`.


    public
                setSupportedAuthorizationDataTypes([array<string|int, string> $types = null ]) : Service

This property corresponds to the authorization_data_types_supported metadata defined in "OAuth 2.0 Rich Authorization Requests".

Parameters

$types : array<string|int, string> = null: Supported data types.

Return values

Service —

$this object.

setSupportedBackchannelTokenDeliveryModes()

Set the supported backchannel token delivery modes. This property corresponds to the `backchannel_token_delivery_modes_supported` metadata defined in CIBA.


    public
                setSupportedBackchannelTokenDeliveryModes([array<string|int, DeliveryMode> $modes = null ]) : Service

Parameters

$modes : array<string|int, DeliveryMode> = null: Supported backchannel token delivery modes.

Return values

Service —

$this object.

setSupportedClaimLocales()

Set language and scripts for claim values supported by this service.


    public
                setSupportedClaimLocales([array<string|int, string> $locales = null ]) : Service

This corresponds to the claims_locales_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$locales : array<string|int, string> = null: Supported language and scripts for claim values.

Return values

Service —

$this object.

setSupportedClaims()

Set claims supported by this service.


    public
                setSupportedClaims([array<string|int, string> $claims = null ]) : Service

This corresponds to the claims_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$claims : array<string|int, string> = null: Supported claims.

Return values

Service —

$this object.

setSupportedClaimTypes()

Set claim types supported by this service.


    public
                setSupportedClaimTypes([array<string|int, ClaimType> $claimTypes = null ]) : Service

This corresponds to the claim_types_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$claimTypes : array<string|int, ClaimType> = null: Supported claim types.

Return values

Service —

$this object.

setSupportedDeveloperSnses()

Set the list of supported SNSes used for social login at the developer console.


    public
                setSupportedDeveloperSnses([array<string|int, Sns> $snses = null ]) : Service

NOTE: This feature is not implemented yet.

Parameters

$snses : array<string|int, Sns> = null: Supported SNSes for social login at the developer console.

Return values

Service —

$this object.

setSupportedDisplays()

Set the values of the "display" request parameter supported by this service.


    public
                setSupportedDisplays([array<string|int, Display> $displays = null ]) : Service

This corresponds to the display_values_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$displays : array<string|int, Display> = null: Supported client authentication methods at the token endpoint.

Return values

Service —

$this object.

setSupportedEvidence()

Set evidence supported by this service.


    public
                setSupportedEvidence([array<string|int, string> $evidence = null ]) : Service

This property corresponds to the evidence_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Parameters

$evidence : array<string|int, string> = null: Supported evidence.

Return values

Service —

$this object.

setSupportedGrantTypes()

Set the grant types supported by this service.


    public
                setSupportedGrantTypes([array<string|int, GrantType> $grantTypes = null ]) : Service

This corresponds to the grant_types_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$grantTypes : array<string|int, GrantType> = null: Supported grant types.

Return values

Service —

$this object.

setSupportedIdentityDocuments()

Set identity documents supported by this service.


    public
                setSupportedIdentityDocuments([array<string|int, string> $documents = null ]) : Service

This property corresponds to the id_documents_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Parameters

$documents : array<string|int, string> = null: Supported identity documents.

Return values

Service —

$this object.

setSupportedIntrospectionAuthMethods()

Set client authentication methods at the introspection endpoint supported by this service.


    public
                setSupportedIntrospectionAuthMethods([array<string|int, ClientAuthMethod> $methods = null ]) : Service

This corresponds to the introspection_endpoint_auth_methods_supported metadata defined in "OAuth 2.0 Authorization Server Metadata".

Parameters

$methods : array<string|int, ClientAuthMethod> = null: Supported client authentication methods at the introspection endpoint.

Return values

Service —

$this object.

setSupportedResponseTypes()

Set the response types supported by this service.


    public
                setSupportedResponseTypes([array<string|int, ResponseType> $responseTypes = null ]) : Service

This corresponds to the response_types_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$responseTypes : array<string|int, ResponseType> = null: Supported response types.

Return values

Service —

$this object.

setSupportedRevocationAuthMethods()

Set client authentication methods at the revocation endpoint supported by this service.


    public
                setSupportedRevocationAuthMethods([array<string|int, ClientAuthMethod> $methods = null ]) : Service

This corresponds to the revocation_endpoint_auth_methods_supported metadata defined in "OAuth 2.0 Authorization Server Metadata".

Parameters

$methods : array<string|int, ClientAuthMethod> = null: Supported client authentication methods at the revocation endpoint.

Return values

Service —

$this object.

setSupportedScopes()

Set the scopes supported by this service.


    public
                setSupportedScopes([array<string|int, Scope> $scopes = null ]) : Service

This corresponds to the scopes_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$scopes : array<string|int, Scope> = null: Supported scopes.

Return values

Service —

$this object.

setSupportedServiceProfiles()

Set the service profile supported by this service.


    public
                setSupportedServiceProfiles([array<string|int, ServiceProfile> $serviceProfiles = null ]) : Service

Parameters

$serviceProfiles : array<string|int, ServiceProfile> = null: Supported service profiles.

Return values

Service —

$this object.

setSupportedSnses()

Set the list of supported SNSes for social login at the direct authorization endpoint.


    public
                setSupportedSnses([array<string|int, Sns> $snses = null ]) : Service

Parameters

$snses : array<string|int, Sns> = null: Supported SNSes for social login at the direct authorization endpoint.

Return values

Service —

$this object.

setSupportedTokenAuthMethods()

Set client authentication methods at the token endpoint supported by this service.


    public
                setSupportedTokenAuthMethods([array<string|int, ClientAuthMethod> $methods = null ]) : Service

This corresponds to the token_endpoint_auth_methods_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$methods : array<string|int, ClientAuthMethod> = null: Supported client authentication methods at the token endpoint.

Return values

Service —

$this object.

setSupportedTrustFrameworks()

Set trust frameworks supported by this service.


    public
                setSupportedTrustFrameworks([array<string|int, string> $frameworks = null ]) : Service

This property corresponds to the trust_frameworks_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Parameters

$frameworks : array<string|int, string> = null: Supported trust frameworks.

Return values

Service —

$this object.

setSupportedUiLocales()

Set language and scripts for the user interface supported by this service.


    public
                setSupportedUiLocales([array<string|int, string> $locales = null ]) : Service

This corresponds to the ui_locales_supported metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$locales : array<string|int, string> = null: Supported language and scripts for the user interface.

Return values

Service —

$this object.

setSupportedVerificationMethods()

Set verification methods supported by this service.


    public
                setSupportedVerificationMethods([array<string|int, string> $methods = null ]) : Service

This property corresponds to the id_documents_verification_methods_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Parameters

$methods : array<string|int, string> = null: Supported verification methods.

Return values

Service —

$this object.

setSupportedVerifiedClaims()

Set verified claims supported by this service.


    public
                setSupportedVerifiedClaims([array<string|int, string> $claims = null ]) : Service

This property corresponds to the claims_in_verified_claims_supported metadata defined in "OpenID Connect for Identity Assurance 1.0".

Parameters

$claims : array<string|int, string> = null: Supported verified claims.

Return values

Service —

$this object.

setTlsClientCertificateBoundAccessTokens()

Set the flag which indicates whether this service supports "TLS client certificate bound access tokens".


    public
                setTlsClientCertificateBoundAccessTokens(bool $enabled) : Service

If true is set to this property, client applications whose isTlsClientCertificateBoundAccessTokens() returns true are required to present a client certificate on token requests to the authorization server and on API calls to the resource server.

Parameters

$enabled : bool: true to enable support of "TLS client certificate bound access tokens".

Return values

Service —

$this object.

setTokenEndpoint()

Set the URI of the authorization endpoint.


    public
                setTokenEndpoint(string $endpoint) : Service

This corresponds to the token_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$endpoint : string: The URI of the token endpoint.

Return values

Service —

$this object.

setTosUri()

Set the URI that this OpenID provider provides to the person registering the client to read about the OP's terms of service.


    public
                setTosUri(string $uri) : Service

This corresponds to the op_tos_uri metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$uri : string: The URI of the Terms Of Service page.

Return values

Service —

$this object.

setTraditionalRequestObjectProcessingApplied()

Set the flag which indicates whether a request object is processed based on rules defined in OpenID Connect Core 1.0 or JAR (JWT Secured Authorization Request).


    public
                setTraditionalRequestObjectProcessingApplied(bool $applied) : Service

See the description of isTraditionalRequestObjectProcessingApplied() method for details.

Parameters

$applied : bool: true to apply rules defined in OpenID Connect Core 1.0 on processing a request object. false to apply rules defined in JAR instead.

Return values

Service —

$this object.

setTrustedRootCertificates()

Set trusted root certificates.


    public
                setTrustedRootCertificates([array<string|int, string> $certificates = null ]) : Service

If isMutualTlsValidatePkiCertChain() returns true, pre-registered trusted root certificates are used to validate client certificates.

Parameters

$certificates : array<string|int, string> = null: Trusted root certificates.

Return values

Service —

$this object.

setUserCodeCharset()

Set the character set for end-user verification codes (`user_code`) for the device flow.


    public
                setUserCodeCharset([UserCodeCharset $charset = null ]) : Service

Parameters

$charset : UserCodeCharset = null: The character set for end-user verification codes.

Return values

Service —

$this object.

setUserCodeLength()

Set the length of end-user verification codes (`user_code`) for the device flow.


    public
                setUserCodeLength(int $length) : Service

Parameters

$length : int: The length of end-user verification codes. The value must not be negative and must not be greater than 255.

Return values

Service —

$this object.

setUserInfoEndpoint()

Set the URI of the UserInfo endpoint.


    public
                setUserInfoEndpoint(string $endpoint) : Service

This corresponds to the userinfo_endpoint metadata defined in 3. OpenID Provider Metadata of OpenID Connect Discovery 1.0.

Parameters

$endpoint : string: The URI of the UserInfo endpoint.

Return values

Service —

$this object.

setUserInfoSignatureKeyId()

Set the key ID to identify a JWK used for user info signature using an asymmetric key.


    public
                setUserInfoSignatureKeyId(string $keyId) : Service

See the description of getUserInfoSignatureKeyId() for details.

Parameters

$keyId : string: A key ID of a JWK. This may be null.

Return values

Service —

$this object.

toArray()

Convert this object into an array.


    public
                toArray() : array<string|int, mixed>

Return values

array<string|int, mixed> —

An array.

toJson()

Convert this object into a JSON string.


    public
                toJson(int $options) : string

Parameters

$options : int: Options passed to json_encode(). This parameter is optional and its default value is 0.

Return values

string —

A JSON string.

Service implements ArrayCopyable, Arrayable, Jsonable Uses ArrayTrait, JsonTrait

Interfaces, Classes and Traits

Table of Contents

Methods

copyFromArray()

Parameters

Return values

copyToArray()

Parameters

Return values

fromArray()

Parameters

Return values

fromJson()

Parameters

Return values

getAccessTokenDuration()

Tags

Return values

getAccessTokenSignAlg()

Tags

Return values

getAccessTokenSignatureKeyId()

Tags

Return values

getAccessTokenType()

Tags

Return values

getAllowableClockSkew()

Tags

Return values

getApiKey()

Return values

getApiSecret()

Return values

getAuthenticationCallbackApiKey()

Return values

getAuthenticationCallbackApiSecret()

Return values

getAuthenticationCallbackEndpoint()

Return values

getAuthorizationEndpoint()

Tags

Return values

getAuthorizationResponseDuration()

Tags

Return values

getAuthorizationSignatureKeyId()

Tags

Return values

getBackchannelAuthenticationEndpoint()

Tags

Return values

getBackchannelAuthReqIdDuration()

Tags

Return values

getBackchannelPollingInterval()

Tags

Return values

getClientsPerDeveloper()

Return values

getCreatedAt()

Return values

getDescription()

Return values

getDeveloperAuthenticationCallbackApiKey()

Return values

getDeveloperAuthenticationCallbackApiSecret()

Return values

getDeveloperAuthenticationCallbackEndpoint()

Return values

getDeveloperSnsCredentials()

Return values

getDeviceAuthorizationEndpoint()

Tags

Return values

getDeviceFlowCodeDuration()

Tags

Return values

getDeviceFlowPollingInterval()