| JwtSubjectTokenResolver | ISubjectTokenResolver for JWT-formatted subject tokens. Validates the JWT via IAuthServiceJwtValidator (signature, lifetime, registered claims) and projects the payload's sub, scope, and authorization_details claims into a SubjectTokenContext. |
| RefreshTokenSubjectTokenResolver | ISubjectTokenResolver for the urn:ietf:params:oauth:token-type:refresh_token subject type. Refresh tokens issued by this AS are JWT-formatted with typ=rt+jwt; the resolver validates the JWT, enforces the typ header, and recovers the original AuthorizedGrant via AuthorizeByRefreshTokenAsync(JsonWebToken). The grant's subject, scope, and authorization_details become the exchanged token's starting point. |
| SubjectTokenContext | The portable state extracted by an ISubjectTokenResolver from a wire-level subject_token. Independent of the token's on-wire format -- JWT-based resolvers parse the payload, opaque-token resolvers recover the equivalent fields from a previously stored grant. The TokenExchangeGrantHandler consumes this record to synthesise the new AuthorizationContext and AuthSession. |