| Address | Represents a physical address, providing various components typically used in postal addresses. |
| AuthorizationRequest | The set of parameters carried by an OAuth 2.0 / OpenID Connect authorization request to the authorization_endpoint as defined in RFC 6749 §4.1.1 and OpenID Connect Core 1.0 §3.1.2.1. Parameters are bound from query string, form body, or a Request Object passed via Request / RequestUri (OIDC Core §6). |
| AuthorizationRequest.Parameters | Wire-level parameter names accepted at the authorization endpoint per RFC 6749 §4.1.1, OpenID Connect Core 1.0 §3.1.2.1, RFC 7636 (PKCE), RFC 8707 (resource indicators), and RFC 9449 §10 (DPoP). |
| AuthorizationResponse | The authorization response delivered to the client's redirect URI (via query, fragment or form_post), carrying either the success parameters (code/tokens) or the error, or — under JARM — the single packed response JWT. This is the framework-neutral wire projection both transport adapters serialize. It is distinct from the domain result AuthorizationResponse (the abstract pipeline outcome): the formatter flattens that domain result onto this wire shape. |
| BackChannelAuthenticationForbidden | Represents a forbidden response for a backchannel authentication request. This response typically indicates that the client is authenticated but does not have permission to perform the requested operation. |
| BackChannelAuthenticationRequest | Parameters of a Client-Initiated Backchannel Authentication (CIBA) request as defined in OpenID Connect Client-Initiated Backchannel Authentication Flow Core 1.0 §7. The client posts these to the backchannel_authentication_endpoint to ask the OP to authenticate the end-user asynchronously (out of band, on a separate device); the OP returns a auth_req_id the client then redeems at the token endpoint via the urn:openid:params:grant-type:ciba grant. |
| BackChannelAuthenticationRequest.Parameters | Wire-level parameter names accepted at the CIBA backchannel authentication endpoint (OpenID Connect CIBA Core 1.0 §7). |
| BackChannelAuthenticationSuccess | Represents a successful backchannel authentication response (CIBA Core §7.3). This record indicates that the backchannel authentication request has been accepted and end-user authentication is now pending; the issued auth_req_id identifies the pending request. |
| BackChannelAuthenticationSuccess.Parameters | Contains constants representing the parameter names used in the backchannel authentication response. These are included in the JSON response to the client to ensure the correct values are returned. |
| BackChannelAuthenticationUnauthorized | Represents an unauthorized response for a backchannel authentication request. This response typically indicates that the request failed due to invalid client credentials or other authorization-related issues. |
| BackChannelPingNotificationRequest | Represents the notification payload sent to the client in ping mode. |
| BackChannelPingNotificationRequest.Parameters | Wire-level parameter names for the CIBA ping-mode notification payload (OpenID Connect CIBA Core 1.0 §10.2). |
| BackChannelPushNotificationRequest | Represents the token delivery payload sent to the client in push mode. |
| BackChannelPushNotificationRequest.Parameters | Wire-level parameter names for the CIBA push-mode token delivery payload (OpenID Connect CIBA Core 1.0 §10.3.1). |
| BackChannelTokenPushRequest | Represents the token payload sent to the client in CIBA push mode. Per CIBA specification, this payload is delivered to the client's registered notification endpoint. |
| BackChannelTokenPushRequest.Parameters | Wire-level parameter names for the CIBA push-mode token delivery payload (OpenID Connect CIBA Core 1.0 §10.3.1). |
| ClientRegistrationRequest | Represents metadata for an OAuth2 client based on the OpenID Connect discovery specification. |
| ClientRegistrationRequest.Parameters | Wire-level parameter names for the dynamic client registration request (RFC 7591 and OpenID Connect Dynamic Client Registration 1.0). Each constant is the JSON member name expected on the registration payload sent to the registration endpoint. |
| ClientRegistrationResponse | The response returned from the client registration endpoint per RFC 7591 §3.2.1 and OIDC Dynamic Client Registration §3.2, echoing the registered metadata together with server-issued credentials and the URL of the client configuration endpoint (RFC 7592) for subsequent management operations. Unregistered metadata is omitted from the JSON per RFC 7591 §3.2.1, not emitted as an explicit null. |
| ClientRequest | Carries the OAuth 2.0 client authentication material common to back-channel endpoints (token, introspection, revocation): credentials passed in the request body per RFC 6749 §2.3.1, JWT-based client assertions per RFC 7521/7523, and the mTLS client certificate per RFC 8705. Concrete request DTOs typically expose these values alongside their endpoint-specific parameters. |
| ClientRequest.Parameters | Wire-level parameter names for OAuth 2.0 client authentication material common to back-channel endpoints (RFC 6749 §2.3.1, RFC 7521/7523 client assertions, OIDC Core §9). |
| ConfigurationResponse | The OpenID Provider discovery document returned by the /.well-known/openid-configuration endpoint, as defined by OpenID Connect Discovery 1.0 §3 and OAuth 2.0 Authorization Server Metadata (RFC 8414). Its content lists the provider's endpoints, supported algorithms, response types, scopes, and feature flags so that relying parties can configure themselves dynamically. |
| ConfigurationResponse.Parameters | Nested class containing string constants for JSON property names used in the configuration response. These names map directly to the fields returned by the OpenID Connect discovery document, ensuring proper serialization and deserialization of configuration data. |
| DeviceAuthorizationRequest | Represents a device authorization request as defined in RFC 8628. This request is initiated by a device with limited input capabilities to obtain a device code and user code for user authentication on a separate device. |
| DeviceAuthorizationRequest.Parameters | Contains constants representing the parameter names used in the device authorization request. |
| DeviceAuthorizationResponse | Represents a successful device authorization response as defined in RFC 8628. This response contains the device code the client uses to poll the token endpoint and the user code the device displays to the user for entry on a separate device. |
| DeviceAuthorizationResponse.Parameters | Contains constants representing the parameter names used in the device authorization response. |
| EndSessionRequest | Parameters of an RP-initiated logout request to the OpenID Provider's end_session_endpoint, as defined in OpenID Connect RP-Initiated Logout 1.0. |
| EndSessionRequest.Parameters | Wire-level parameter names accepted at the OP's end_session_endpoint (OpenID Connect RP-Initiated Logout 1.0). |
| IntrospectionRequest | Parameters of an OAuth 2.0 token introspection request (RFC 7662 §2.1) sent to the introspection_endpoint, used by protected resources to determine the active state and metadata of a token. Client authentication is required and is supplied alongside this payload. |
| IntrospectionRequest.Parameters | Wire-level parameter names accepted at the OAuth 2.0 introspection endpoint (RFC 7662 §2.1). |
| MtlsAliases | Discovery metadata block published as mtls_endpoint_aliases per RFC 8705 §5, advertising alternate endpoint URLs that are served on a host configured for mutual TLS. Clients performing certificate-bound authentication or requesting certificate-bound tokens should target these aliases instead of the default endpoints exposed in ConfigurationResponse. Properties are omitted from the serialized JSON when null. |
| PushedAuthorizationResponse | The wire response to a pushed authorization request (RFC 9126): the request URI the client refers to on the authorization endpoint, and how long it stays valid. This is the framework-neutral wire projection both transport adapters serialize. It is distinct from the domain result PushedAuthorizationResponse, which also carries the stored authorization request; the formatter maps that domain result onto this flat wire shape. |
| ReadClientSuccessfulResponse | Represents the response for a successful client read request, detailing the configuration and metadata of an OAuth or OpenID Connect client. Per RFC 7592 Section 3, this response includes the registration access token and all registered client metadata. Unregistered metadata is omitted from the JSON per RFC 7592 §3, not emitted as an explicit null. |
| RequestedClaimDetails | Represents the details of a requested claim in OAuth2 or OpenID Connect scenarios. This can include whether the claim is essential, and specific values or a range of values for the claim. |
| RequestedClaims | Represents claims requested for inclusion in the UserInfo response and ID Token in OAuth2 or OpenID Connect authentication flows. |
| RequestedClaims.Parameters | Wire-level member names of the OIDC Core 1.0 §5.5 claims request parameter (the top-level userinfo / id_token objects within it). |
| RevocationRequest | Parameters of an OAuth 2.0 token revocation request (RFC 7009 §2.1) sent to the revocation_endpoint. Client authentication is required and is supplied alongside this payload. |
| RevocationRequest.Parameters | Wire-level parameter names accepted at the OAuth 2.0 revocation endpoint (RFC 7009 §2.1). |
| TokenRequest | Represents a request to get various types of tokens (e.g., access token, refresh token) from the authorization server. This is part of the OAuth 2.0 and OpenID Connect token exchange flow, where clients can request tokens based on different grant types like 'authorization_code', 'refresh_token' and others. |
| TokenRequest.Parameters | Wire-level parameter names accepted at the token endpoint per RFC 6749 §4, RFC 7636 (PKCE), RFC 7523 (JWT Bearer), RFC 8628 (Device Authorization Grant), RFC 8707 (Resource Indicators), and OpenID Connect CIBA Core. |
| TokenResponse | The response from an OAuth 2.0 / OpenID Connect token endpoint. This is the framework-neutral wire DTO both transport adapters (MVC, Minimal API) serialize; serialization is identical across frameworks, so a single core type serves both. |
| UserInfoRequest | Parameters of a request to the OIDC userinfo_endpoint (OIDC Core §5.3). The access token is normally presented in the HTTP Authorization header per RFC 6750 §2.1, but RFC 6750 §2.2 also permits the form-encoded access_token body parameter modeled here. |
| UserInfoRequest.Parameters | Wire-level parameter names accepted at the OIDC UserInfo endpoint (OIDC Core §5.3, RFC 6750 §2 token transport). |