Skip to main content

TokenRequest Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Model

TokenRequest Class

Represents a request to get various types of tokens (e.g., access token, refresh token) from the authorization server. This is part of the OAuth 2.0 and OpenID Connect token exchange flow, where clients can request tokens based on different grant types like 'authorization_code', 'refresh_token' and others.

public record TokenRequest : System.IEquatable<Abblix.Oidc.Server.Model.TokenRequest>

Inheritance System.Object → TokenRequest

Implements System.IEquatable<TokenRequest>

Properties

TokenRequest.ActorToken Property

RFC 8693 §2.1 actor_token -- security token representing the acting party in delegation flows. Optional. When present, ActorTokenType MUST also be present.

public string? ActorToken { get; set; }

Property Value

System.String

TokenRequest.ActorTokenType Property

RFC 8693 §2.1 actor_token_type -- identifier for the format of ActorToken, one of TokenExchangeTokenTypes. Required when ActorToken is present.

public string? ActorTokenType { get; set; }

Property Value

System.String

TokenRequest.Assertion Property

The JWT assertion used in the JWT Bearer grant type per RFC 7523. This contains a signed JWT with claims about the resource owner and is used to request an access token.

public string? Assertion { get; set; }

Property Value

System.String

TokenRequest.Audiences Property

RFC 8693 §2.1 audience -- logical name(s) of the relying party for which the requested token is intended. Distinct from Resources (RFC 8707 absolute URIs); audience is a free-form identifier.

public string[]? Audiences { get; set; }

Property Value

System.String[]

TokenRequest.AuthenticationRequestId Property

The authentication request ID, used in CIBA (Client-Initiated Backchannel Authentication) flow. This identifier references a backchannel authentication request initiated by the client.

public string? AuthenticationRequestId { get; set; }

Property Value

System.String

TokenRequest.Code Property

The authorization code received from the authorization server. This is used in the authorization code grant type to exchange for an access token.

public string? Code { get; set; }

Property Value

System.String

TokenRequest.CodeVerifier Property

The code verifier used in the PKCE (Proof Key for Code Exchange) process. Required for public clients using the authorization code grant type to enhance security.

public string? CodeVerifier { get; set; }

Property Value

System.String

TokenRequest.DeviceCode Property

The device code used in the Device Authorization Grant (RFC 8628) flow. This code is obtained from the device authorization endpoint and used to poll for tokens.

public string? DeviceCode { get; set; }

Property Value

System.String

TokenRequest.GrantType Property

The grant type of the token request, indicating the method being used to get the token. Common values include 'authorization_code', 'refresh_token', 'password', etc.

public string GrantType { get; set; }

Property Value

System.String

Remarks

Deliberately not constrained by a declarative value list: grant handlers are an extensible, host-configured set, and the composite grant handler rejects an unregistered grant with the protocol-level unsupported grant type error.

TokenRequest.Password Property

The password of the resource owner, required when using the resource owner password credentials grant type.

public string? Password { get; set; }

Property Value

System.String

TokenRequest.RedirectUri Property

The redirect URI where the response will be sent. This must match the redirect URI registered with the authorization server during the initial request.

public System.Uri? RedirectUri { get; set; }

Property Value

System.Uri

TokenRequest.RefreshToken Property

The refresh token used to get a new access token. Required when using the refresh token grant type.

public string? RefreshToken { get; set; }

Property Value

System.String

TokenRequest.RequestedTokenType Property

RFC 8693 §2.1 requested_token_type -- identifier of the token type the client would like the AS to issue, one of TokenExchangeTokenTypes. Optional; defaults to AccessToken.

public string? RequestedTokenType { get; set; }

Property Value

System.String

TokenRequest.Resources Property

The resource URI(s) for which the access token is being requested. This parameter is optional and used in scenarios such as OAuth 2.0 for APIs to specify the resource(s) being accessed.

public System.Uri[]? Resources { get; set; }

Property Value

System.Uri[]

Remarks

Defined in RFC 8707 as a way to express the resource(s) the client is requesting access to.

TokenRequest.Scope Property

The scope of the access request, expressed as a space-separated list of case-sensitive strings. This defines the permissions or resources the client is requesting access to.

public string[] Scope { get; set; }

Property Value

System.String[]

TokenRequest.SubjectToken Property

RFC 8693 §2.1 subject_token -- the security token being exchanged. Required for TokenExchange.

public string? SubjectToken { get; set; }

Property Value

System.String

TokenRequest.SubjectTokenType Property

RFC 8693 §2.1 subject_token_type -- identifier for the format of SubjectToken, one of TokenExchangeTokenTypes. Required for TokenExchange.

public string? SubjectTokenType { get; set; }

Property Value

System.String

TokenRequest.UserName Property

The username of the resource owner, required when using the resource owner password credentials grant type.

public string? UserName { get; set; }

Property Value

System.String