oauth4webapi API Reference
August 29, 2025 ยท View on GitHub
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
Accessing Protected Resources
Authorization Code Grant
- authorizationCodeGrantRequest
- calculatePKCECodeChallenge
- generateRandomCodeVerifier
- issueRequestObject
- processAuthorizationCodeResponse
- validateAuthResponse
- validateJwtAuthResponse
Authorization Code Grant w/ OpenID Connect (OIDC)
- authorizationCodeGrantRequest
- calculatePKCECodeChallenge
- generateRandomCodeVerifier
- getValidatedIdTokenClaims
- issueRequestObject
- processAuthorizationCodeResponse
- processUserInfoResponse
- userInfoRequest
- validateApplicationLevelSignature
- validateAuthResponse
- validateCodeIdTokenResponse
- validateJwtAuthResponse
Authorization Server Metadata
Client Authentication
Client Credentials Grant
Client-Initiated Backchannel Authentication (CIBA)
- backchannelAuthenticationGrantRequest
- backchannelAuthenticationRequest
- getValidatedIdTokenClaims
- processBackchannelAuthenticationGrantResponse
- processBackchannelAuthenticationResponse
DPoP
Device Authorization Grant
- deviceAuthorizationRequest
- deviceCodeGrantRequest
- getValidatedIdTokenClaims
- processDeviceAuthorizationResponse
- processDeviceCodeResponse
Dynamic Client Registration (DCR)
Error Codes
- AUTHORIZATION_RESPONSE_ERROR
- HTTP_REQUEST_FORBIDDEN
- INVALID_REQUEST
- INVALID_RESPONSE
- INVALID_SERVER_METADATA
- JSON_ATTRIBUTE_COMPARISON
- JWT_CLAIM_COMPARISON
- JWT_TIMESTAMP_CHECK
- JWT_USERINFO_EXPECTED
- KEY_SELECTION
- MISSING_SERVER_METADATA
- PARSE_ERROR
- REQUEST_PROTOCOL_FORBIDDEN
- RESPONSE_BODY_ERROR
- RESPONSE_IS_NOT_CONFORM
- RESPONSE_IS_NOT_JSON
- UNSUPPORTED_OPERATION
- WWW_AUTHENTICATE_CHALLENGE
Errors
- AuthorizationResponseError
- OperationProcessingError
- ResponseBodyError
- UnsupportedOperationError
- WWWAuthenticateChallengeError
FAPI 1.0 Advanced
FAPI 2.0 Message Signing
JWT Access Tokens
JWT Bearer Token Grant Type
JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
JWT-Secured Authorization Request (JAR)
OpenID Connect (OIDC) Discovery
OpenID Connect (OIDC) UserInfo
Proof Key for Code Exchange (PKCE)
Pushed Authorization Requests (PAR)
Refreshing an Access Token
Resource Server Metadata
SAML 2.0 Bearer Assertion Grant Type
Token Exchange Grant Type
Token Introspection
Token Revocation
Utilities
Interfaces
- AuthorizationDetails
- BackchannelAuthenticationRequestOptions
- BackchannelAuthenticationResponse
- Client
- ClientCredentialsGrantRequestOptions
- ConfirmationClaims
- CryptoKeyPair
- CustomFetchOptions
- DeviceAuthorizationRequestOptions
- DeviceAuthorizationResponse
- DiscoveryRequestOptions
- DPoPHandle
- DPoPRequestOptions
- DynamicClientRegistrationRequestOptions
- ExportedJWKSCache
- GenerateKeyPairOptions
- HttpRequestOptions
- IDToken
- IntrospectionRequestOptions
- IntrospectionResponse
- JWEDecryptOptions
- JWK
- JWKS
- JWKSCacheOptions
- JWTAccessTokenClaims
- ModifyAssertionFunction
- ModifyAssertionOptions
- MTLSEndpointAliases
- OAuth2Error
- PrivateKey
- ProcessAuthorizationCodeResponseOptions
- ProcessTokenResponseOptions
- ProtectedResourceRequestOptions
- PushedAuthorizationRequestOptions
- PushedAuthorizationResponse
- RevocationRequestOptions
- TokenEndpointRequestOptions
- TokenEndpointResponse
- UserInfoAddress
- UserInfoRequestOptions
- UserInfoResponse
- ValidateJWTAccessTokenOptions
- ValidateSignatureOptions
- WWWAuthenticateChallenge
- WWWAuthenticateChallengeParameters
Type Aliases
- ClientAuth
- JsonArray
- JsonObject
- JsonPrimitive
- JsonValue
- JweDecryptFunction
- JWKSCacheInput
- JWSAlgorithm
- OmitSymbolProperties
- ProtectedResourceRequestBody
- RecognizedTokenTypes