OAuth

The client identifier.

The algorithm that client used for generating code_challenge, only S256 is supported for now.

S256

Relative or full URL to redirect to after successful login.

Describes the grant flow to use.

The scope of access that is being requested.

user_default

offline_access

State parameter to roundtrip to client in final redirect.

The code challenge created by the client.

Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OpenID Provider.

Specifies whether the Authorization Server prompts the End-User for re-authentication and consent.

Redirect to the identity provider or back to the redirect_uri if an error occurs. On error the redirect will follow the OAuth2 RFC section 4.1.2.1 (https://tools.ietf.org/html/rfc6749#section-4.1.2.1) with an additional error_code parameter with the internal error code. When a detail is known for the error it will be included as error_detail.

Invalid client_id or redirect_uri.

Properties of the token that the client wants to revoke.

Properties of the token that the client wants to revoke.

Token was revoked.

Invalid request.

Token set created.

Invalid request parameters.

Invalid login or tokens, indicates that code or token used can be deleted by the client. Also could be invalid client credentials provided in Authorization header.

Forbidden because user is disabled or has reached the maximum number of tokens.

The error code.

Non-standard information about the error.

The error title.

The detailed error message.

The http status code.

List of errors and their properties.

The authorization code created by the server.

The client identifier.

The type of the user device the authorization token is generated for (Tablet, Phone etc.).

The grant type used to exchange an authorization code for an access token.

authorization_code

A user-friendly description to distinguish between multiple tokens.

The original redirect URI provided during authorization. For verification purposes only.

The client secret.

Required when grant_type is "authorization_code". The code verifier to verify original code challenge created by the client. It must be between 43 and 128 characters long and consists of [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"

The scope of access that is being requested.

user_default

The grant type used to obtain an access token outside of the context of a user.

client_credentials

The grant type used to exchange a refresh token for an access token.

refresh_token

The client secret.

The refresh token to use.

The token to revoke.

Type of the provided token.

access_token

refresh_token

The intended use for the requested token.

websocket

webresource

The client identifier.

Specifies the method in which the token will be granted.

urn:ietf:params:oauth:grant-type:token-exchange

The token that represents the identity of the party on behalf of whom the request is being made.

The type of the subject token.

urn:ietf:params:oauth:token-type:access_token

The scope of access that is being granted, delimited by space.

Unix time of when the last authentication occurred.

The date and time in ISO format for when the access token will expire.

The type of the token issued.

bearer

The access token granted.

Refresh token to be used to obtain a new access token without user intervention.

The type of the token issued for a token exchange. See https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1 for more details.

urn:ietf:params:oauth:token-type:access_token