Optionaloptions: MonoCloudClientOptionsThe authorization code received from the callback
The redirect URI that was used in the authorization request
A space-separated list of scopes originally requested via the /authorize endpoint.
This is stored in the session to ensure the correct access token can be identified and refreshed during refreshSession().
Optionalresource: stringA space-separated list of resource indicators originally requested via the /authorize endpoint.
Used alongside scopes to uniquely identify and refresh the specific access token associated with these resources.
Optionaloptions: AuthenticateOptionsOptions for authenticating a user with authorization code
The user's session containing authentication tokens and user information.
MonoCloudValidationError - When the token scope does not contain the openid scope, or if 'expires_in' or 'scope' is missing from the token response.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudTokenError - If ID Token validation fails
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Generates an authorization URL with specified parameters.
If no values are provided for responseType, or codeChallengeMethod, they default to code, and S256, respectively.
Authorization URL parameters
Tenant's authorization url.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Generates OpenID end session url for signing out.
Note - The state is added only when postLogoutRedirectUri is present.
Parameters to build end session url
Tenant's end session url
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Exchanges an authorization code for tokens.
The authorization code received from the authorization server.
The redirect URI used in the initial authorization request.
OptionalcodeVerifier: stringCode verifier for PKCE.
Optionalresource: stringSpace-separated list of resources the access token should be scoped to
Tokens obtained by exchanging an authorization code at the token endpoint.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Fetches the JSON Web Keys used to sign the id token. The JWKS is cached for 1 minute.
OptionalforceRefresh: booleanIf true, bypasses the cache and fetches fresh set of JWKS from the server.
The JSON Web Key Set containing the public keys for token verification.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Fetches the authorization server metadata from the .well-known endpoint. The metadata is cached for 1 minute.
OptionalforceRefresh: booleanIf true, bypasses the cache and fetches fresh metadata from the server.
The issuer metadata for the tenant, retrieved from the OpenID Connect discovery endpoint.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Performs a pushed authorization request.
Authorization Parameters
Response from Pushed Authorization Request (PAR) endpoint
MonoCloudOPError - When the request is invalid.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Refetches user information for an existing session using the userinfo endpoint. Updates the session's user object with the latest user information while preserving existing properties.
Access token used to fetch the userinfo
The current MonoCloudSession
Optionaloptions: RefetchUserInfoOptionsUserinfo refetch options
Updated session with the latest userinfo
MonoCloudValidationError - When the token scope does not contain openid scope
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudTokenError - If ID Token validation fails
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Exchanges a refresh token for new tokens.
The refresh token used to request new tokens.
Optionaloptions: RefreshGrantOptionsRefresh grant options.
Tokens obtained by exchanging a refresh token at the token endpoint.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Refreshes an existing session using the refresh token. This function requests new tokens using the refresh token and optionally updates user information.
The current MonoCloudSession containing the refresh token
Optionaloptions: RefreshSessionOptionsSession refresh options
User's session containing refreshed authentication tokens and user information.
MonoCloudValidationError - If the refresh token is not present in the session, or if 'expires_in' or 'scope' (including the openid scope) is missing from the token response.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudTokenError - If ID Token validation fails
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Revokes an access token or refresh token, rendering it invalid for future use.
The token string to be revoked
OptionaltokenType: stringHint about the token type ('access_token' or 'refresh_token')
If token revocation succeeded
MonoCloudValidationError - If token is invalid or unsupported token type
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
Fetches userinfo associated with the provided access token.
A valid access token used to retrieve userinfo.
The authenticated user's claims.
MonoCloudOPError - When the OpenID Provider returns a standardized OAuth 2.0 error (e.g., 'invalid_token') in the 'WWW-Authenticate' header following a 401 Unauthorized response.
MonoCloudHttpError - Thrown if there is a network error during the request or unexpected status code during the request or a serialization error while processing the response.
MonoCloudValidationError - When the access token is invalid.
Validates an ID Token.
The ID Token JWT string to validate
Array of JSON Web Keys (JWK) used to verify the token's signature
Number of seconds to adjust the current time to account for clock differences
Additional time tolerance in seconds for time-based claim validation
OptionalmaxAge: numbermaximum authentication age in seconds
Optionalnonce: stringnonce value to validate against the token's nonce claim
Validated ID Token claims
MonoCloudTokenError - If ID Token validation fails
StaticdecodeDecodes the payload of a JSON Web Token (JWT) and returns it as an object. THIS METHOD DOES NOT VERIFY JWT TOKENS.
JWT to decode
Decoded payload
MonoCloudTokenError - If decoding fails
Generates a session with user and tokens by exchanging authorization code from callback params.