NewDynamicScope creates a scope with custom logic that will be used to validate the scopes requested by the client.

NewPolicy creates a policy that will be selected based on setUpFunc and that authenticates users with authnFunc.

NewScope creates a scope where the validation logic is simple string comparison.

RefreshTokenLength has an unusual value so to avoid refresh tokens and opaque access token to be confused.

SubIdentifierPublic makes the server provide the same subject identifier to all clients.

AuthnPolicy holds information on how to set up an authentication session and authenticate users.

AuthnSession is a short lived session that holds information about authorization requests.

Client contains all information about an OAuth client.

GrantInfo contains the information assigned during token issuance.

GrantSession represents the granted access an entity (a user or the client itself) gave to a client.

TokenOptions defines a template for generating access tokens.

AuthnSessionManager contains all the logic needed to manage authentication sessions.

ClientManager gathers all the logic needed to manage clients.

GrantSessionManager contains all the logic needed to manage grant sessions.

ACR defines a type for authentication context references.

AMR defines a type for authentication method references.

AuthnFunc executes the user authentication logic.

AuthorizationDetail represents an authorization details as a map.

CheckJTIFunc defines a function to verify when a JTI is safe to use.

CompareAuthDetailsFunc defines a function used in authorization_code and refresh_token grant types to validate that the requested authorization details are consistent with the granted ones.

HandleDynamicClientFunc defines a function that will be executed during DCR and DCM.

HTTPClientFunc defines a function that generates an HTTP client for performing requests.

InitBackAuthFunc allows modifying the authn session when initializing the CIBA process.

MatchScopeFunc defines a function executed to verify whether a requested scope is a match or not.

RenderErrorFunc defines a function that will be called when errors during the authorization request cannot be handled.

SetUpAuthnFunc is responsible for initiating the authentication session.

SubIdentifierType defines how the auth server provides subject identifiers to its clients.

TokenOptionsFunc defines a function that returns token configuration and is executed when issuing access tokens.

ValidateBackAuthFunc validates a CIBA session during a client's polling request to the token endpoint.