Optionaloptions: MonoCloudClientOptionsThe authorization code received from the callback.
The redirect URI that was used in the authorization request.
A space-separated list of scopes originally requested via the /authorize endpoint.
This is stored in the session to ensure the correct access token can be identified and refreshed during refreshSession().
Optionalresource: stringA space-separated list of resource indicators originally requested via the /authorize endpoint.
Used alongside scopes to uniquely identify and refresh the specific access token associated with these resources.
Optionaloptions: AuthenticateOptionsOptions for authenticating a user with authorization code.
The user's session containing authentication tokens and user information.
MonoCloudValidationError - When the token scope does not contain the openid scope, or if 'expires_in' or 'scope' is missing from the token response.
MonoCloudOPError - When the OpenID Provider returns a standardized. OAuth 2.0 error response.
MonoCloudTokenError - If ID Token validation fails.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Generates an authorization URL with specified parameters.
If no values are provided for responseType, or codeChallengeMethod, they default to code, and S256, respectively.
Authorization URL parameters.
Tenant's authorization URL.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
StaticdecodeDecodes the payload of a JSON Web Token (JWT) and returns it as an object.
Note: THIS METHOD DOES NOT VERIFY JWT TOKENS.
JWT to decode.
Decoded payload.
MonoCloudTokenError - If decoding fails
Generates OpenID end session URL for signing out.
Note - The state is added only when postLogoutRedirectUri is present.
Parameters to build end session URL.
Tenant's end session URL.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Exchanges an authorization code for tokens.
The authorization code received from the authorization server.
The redirect URI used in the initial authorization request.
OptionalcodeVerifier: stringCode verifier for PKCE.
Optionalresource: stringSpace-separated list of resources the access token should be scoped to.
Tokens obtained by exchanging an authorization code at the token endpoint.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Fetches the JSON Web Keys used to sign the ID token. The JWKS is cached for 1 minute.
If true, bypasses the cache and fetches fresh set of JWKS from the server.
The JSON Web Key Set containing the public keys for token verification.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Fetches the authorization server metadata from the .well-known endpoint. The metadata is cached for 1 minute.
If true, bypasses the cache and fetches fresh metadata from the server.
The issuer metadata for the tenant, retrieved from the OpenID Connect discovery endpoint.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Performs a pushed authorization request.
Authorization Parameters.
Response from Pushed Authorization Request (PAR) endpoint.
MonoCloudOPError - When the request is invalid.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Refetches user information for an existing session using the userinfo endpoint. Updates the session's user object with the latest user information while preserving existing properties.
Access token used to fetch the userinfo.
The current MonoCloudSession.
Optionaloptions: RefetchUserInfoOptionsUserinfo refetch options.
Updated session with the latest userinfo.
MonoCloudValidationError - When the token scope does not contain openid scope
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudTokenError - If ID Token validation fails
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Exchanges a refresh token for new tokens.
The refresh token used to request new tokens.
Optionaloptions: RefreshGrantOptionsRefresh grant options.
Tokens obtained by exchanging a refresh token at the token endpoint.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Refreshes an existing session using the refresh token. This function requests new tokens using the refresh token and optionally updates user information.
The current MonoCloudSession containing the refresh token.
Optionaloptions: RefreshSessionOptionsSession refresh options.
User's session containing refreshed authentication tokens and user information.
MonoCloudValidationError - If the refresh token is not present in the session, or if 'expires_in' or 'scope' (including the openid scope) is missing from the token response.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudTokenError - If ID Token validation fails
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Revokes an access token or refresh token, rendering it invalid for future use.
The token string to be revoked.
OptionaltokenType: stringHint about the token type ('access_token' or 'refresh_token').
If token revocation succeeded.
MonoCloudValidationError - If token is invalid or unsupported token type
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Fetches userinfo associated with the provided access token.
A valid access token used to retrieve userinfo.
The authenticated user's claims.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error (e.g., 'invalid_token') in the 'WWW-Authenticate' header following a 401 Unauthorized response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
MonoCloudValidationError - When the access token is invalid.
Validates an ID Token.
The ID Token JWT string to validate.
Array of JSON Web Keys (JWK) used to verify the token's signature.
Number of seconds to adjust the current time to account for clock differences.
Additional time tolerance in seconds for time-based claim validation.
OptionalmaxAge: numberMaximum authentication age in seconds.
Optionalnonce: stringNonce value to validate against the token's nonce claim.
Validated ID Token claims.
MonoCloudTokenError - If ID Token validation fails
Generates a session with user and tokens by exchanging authorization code from callback params.