- Tokens
- Access Tokens
- Refresh Tokens
- ID Tokens
- Proof-of-Possession (PoP) Tokens
-
Grant Type
-
Scopes
- Scope attributes
- Letting resource owners choose scopes to be authorized
- Using “parameterized scopes”
- Registering localized descriptions for custom scopes
- Scopes attributes and authorization process
- PKCE (RFC 7636)
- Client Management
- Authorization Requests
- User Authentication
- Error Handling
- Client Authentication
- Introspection
- Userinfo Endpoint
- JARM
- Device Flow (RFC 8628)
Scopes attributes and authorization process
Authlete allow administrators to define ad hoc attributes and assign them to individual scopes on the Service Owner console.
When the AS gets a response from /api/auth/authorization the response structure will resemble the structure below:
When the AS gets a response from /api/auth/authorization the response structure will resemble the structure below:
{
"type": "authorizationResponse",
"resultCode": "...",
"resultMessage": "...",
"acrEssential": false,
"action": "...",
"client": {...},
"clientIdAliasUsed": false,
"maxAge": 0,
"responseContent": "...",
"scopes": [
{
"defaultEntry": false,
"description": "A permission to request an OpenID Provider to issue an ID Token. See OpenID Connect Core 1.0, 3.1.2.1. for details.",
"name": "openid"
},
{
"defaultEntry": false,
"name": "payment"
}
],
"service": {
...
"supportedScopes": [
{
"defaultEntry": false,
"description": "A permission to request an OpenID Provider to issue an ID Token. See OpenID Connect Core 1.0, 3.1.2.1. for details.",
"name": "openid"
},
{
"attributes": [
{
"key": "meta",
"value": "this profile requires a second factor authentication"
},
{
"key": "fapi",
"value": "rw"
}
],
"defaultEntry": false,
"name": "payment"
},
...
],
...
}
}Note that attributes of the scopes are returned in the service configuration part not assigned directly under the requested scopes.
How did we do with this article?