| AccountSelectionRequired | Outcome signalling that more than one active end-user session matches the request and the host UI must let the user pick one before authorization can continue. Maps to OpenID Connect Core 1.0 §3.1.2.6 account_selection_required when prompt=none; otherwise the host renders an account picker over the supplied Users set. |
| AuthorizationEndpointMetadata | Holds metadata for the authorization endpoint, detailing the capabilities and supported standards. |
| AuthorizationError | Represents an error response for an authorization request, detailing the nature of the error. |
| AuthorizationRequestValidationError | Represents a specific type of validation result for an authorization request that has been deemed invalid. This record details the nature of the validation failure through an error code and description, providing insights into why the request did not pass validation checks. It also includes the redirect URI to guide the client on where to direct the user for further actions if necessary. |
| AuthorizationResponse | Represents the response to an authorization request. This abstract record serves as a base for specific authorization response implementations. It should be inherited by classes that define the detailed structure and behavior of different types of authorization responses. |
| AuthorizationResponse.Parameters | Wire-level parameter names returned to the client by the authorization endpoint (via query, fragment, form_post, or — under JARM — as claims inside the single response JWT). Shared by the core response encoder and the MVC serialization DTO so the two never drift. |
| ClientDeliveredResponse | Base for the authorization responses that are delivered to the client's redirect_uri (SuccessfullyAuthenticated and AuthorizationError), as opposed to the interaction responses (LoginRequired, ConsentRequired, …) that redirect to the authorization server's own UI. These are the responses the IAuthorizationResponseEncoder encodes: it sets the iss (RFC 9207) value, and for a JARM (*.jwt) request packs the parameters into ResponseJwt and resolves ResponseMode to its plaintext delivery counterpart. |
| ConsentRequired | Outcome signalling that the user is authenticated but has not yet granted every scope or resource the client is asking for, so the host must show its consent UI for the deltas in RequiredUserConsents. Maps to OpenID Connect Core 1.0 §3.1.2.6 consent_required when prompt=none. |
| InteractionRequired | Outcome signalling that an end-user is signed in but additional UI interaction (a step-up, missing claim, MFA challenge or similar) must complete before the authorization request can be fulfilled. Maps to OpenID Connect Core 1.0 §3.1.2.6 interaction_required when prompt=none. |
| LoginRequired | Outcome signalling that the host must surface its login UI: either no eligible session exists, or the client requested forced reauthentication via prompt=login / max_age. Maps to OpenID Connect Core 1.0 §3.1.2.6 login_required when prompt=none. |
| RegistrationRequired | Outcome signalling that the host must surface its account-creation UI: the client requested user registration via prompt=create (Initiating User Registration via OpenID Connect 1.0). Per that specification the registration experience is shown regardless of whether the user currently has an authenticated session. |
| SuccessfullyAuthenticated | Represents a successful authentication response, encapsulating details about the outcome of an authentication request, including any tokens issued as a result. |
| ValidAuthorizationRequest | Output of IAuthorizationRequestValidator handed to IAuthorizationRequestProcessor. Snapshot of the data resolved during validation: the wire-level request, the authenticated client, the negotiated response mode (per OAuth 2.0 Multiple Response Types / Form Post), and the materialized scope and resource definitions ready for consent and token issuance. |