OptionalacrAuthentication Context Class Reference (ACR) values requesting specific authentication assurance levels or methods.
OptionalauthenticatorHint to the authorization server indicating which authenticator or connection should be used.
OptionalcodePKCE code challenge derived from the code verifier. Used to secure authorization code exchanges.
OptionalcodeMethod used to generate the PKCE code challenge.
OptionaldisplayPreferred display mode for the authentication UI.
OptionalloginHint identifying the user (for example, email or username). Used to prefill or optimize the sign-in experience.
OptionalmaxMaximum acceptable time (in seconds) since the user last authenticated. If exceeded, the user may be required to sign in again.
OptionalnonceA cryptographically random value included in the ID token to prevent replay attacks.
OptionalpromptControls authentication interaction behavior. For example, forcing login or consent.
OptionalredirectThe redirect URI where the authorization server sends the user after authentication completes.
OptionalrequestA signed JWT containing authorization request parameters.
OptionalresourceSpace-separated list of resource indicators that scope the issued access token.
OptionalresponseSpecifies how the authorization response is returned to the client.
OptionalresponseDetermines which artifacts are returned from the authorization endpoint.
OptionalscopesSpace-separated list of scopes requested during authentication.
OptionalstateA cryptographically random value used to maintain request state and protect against CSRF attacks.
OptionaluiPreferred UI language.
Parameters used when creating a Pushed Authorization Request (PAR).
This type mirrors AuthorizationParams but excludes
requestUri, since therequest_urivalue is generated by the authorization server after a successful PAR request and must not be supplied by the client.