- Tokens
- Access Tokens
- Refresh Tokens
- ID Tokens
- Proof-of-Possession (PoP) Tokens
-
Grant Type
- Scopes
- PKCE (RFC 7636)
- Client Management
-
Authorization Requests
- Ticket Parameter in Authorization Endpoint
- When seeing the error of "There is no entity having the ticket specified..."
- Using Request Objects
- User Authentication
- Error Handling
- Client Authentication
- Introspection
- Userinfo Endpoint
- JARM
- Device Flow (RFC 8628)
Ticket Parameter in Authorization Endpoint
Authlete's Authorization Endpoint APIs are backend APIs to implement an authorization endpoint. The APIs are comprised of two types of APIs:
- API that understands authorization requests and provides information that will be required in the next step, such as end-user authentication, and
- API that issues tokens or codes, or returns errors
These two APIs are linked using "ticket."
First, Authlete /auth/authorization API returns ticket in its response to authorization requests. Then, auth/authorization/issue or auth/authorization/fail API receives the ticket and process the authorization requests to issue tokens or codes or return errors.
- A ticket will be expired in 24 hours. Expired tickets will be deleted from Authlete's database.
- A ticket can only be used once. It will be removed from the database right after /auth/authorization/issue or /auth/authorization/fail API successfully processed a request including the ticket.
- When you use a ticket that has already been used or expired, you will get an error code like below:
[A041202] There is no entity having the ticket specified in the /api/auth/authorization/issue request (ticket = {Ticket}).
- Please note that tickets are designed to be used only between an authorization server and Authlete server; It must thus not be used between an authorization server and user agent, such as web browser, to manage sessions, for example.
How did we do with this article?