- トークン全般
- アクセストークン
- リフレッシュトークン
- ID トークン
- 所持証明 (PoP) トークン
- 認可タイプ
-
スコープ
- スコープ属性
- エンドユーザーに認可するスコープを選択させる方法
- 「パラメーター化されたスコープ」の利用
- カスタムスコープの言語別説明文の登録
- Scopes attributes and authorization process
- PKCE (RFC 7636)
- クライアント管理
- 認可リクエスト
- ユーザー認証
- エラー処理
- クライアント認証
- イントロスペクション
- Userinfo エンドポイント
- JARM
- デバイスフロー (RFC 8628)
Scopes attributes and authorization process
Authlete allow administrators to define ad hoc attributes and assign them to individual scopes on the Service Owner console.
When the AS gets a response from /api/auth/authorization the response structure will resemble the structure below:
When the AS gets a response from /api/auth/authorization the response structure will resemble the structure below:
{ "type": "authorizationResponse", "resultCode": "...", "resultMessage": "...", "acrEssential": false, "action": "...", "client": {...}, "clientIdAliasUsed": false, "maxAge": 0, "responseContent": "...", "scopes": [ { "defaultEntry": false, "description": "A permission to request an OpenID Provider to issue an ID Token. See OpenID Connect Core 1.0, 3.1.2.1. for details.", "name": "openid" }, { "defaultEntry": false, "name": "payment" } ], "service": { ... "supportedScopes": [ { "defaultEntry": false, "description": "A permission to request an OpenID Provider to issue an ID Token. See OpenID Connect Core 1.0, 3.1.2.1. for details.", "name": "openid" }, { "attributes": [ { "key": "meta", "value": "this profile requires a second factor authentication" }, { "key": "fapi", "value": "rw" } ], "defaultEntry": false, "name": "payment" }, ... ], ... } }
Note that attributes of the scopes are returned in the service configuration part not assigned directly under the requested scopes.
How did we do with this article?