TokenRequestValue uses ConstantsTrait
Constant values for the OAuth 2.0 token request fields.
Pairs with TokenRequestField : the field carries the param name, this class carries the (often lengthy URI-shaped) value.
Tags
Table of Contents
Constants
- DEFAULT_SCOPE : string = 'openid'
- Default OIDC scope requested at the token endpoint. Most IdPs accept `openid` alone for `client_credentials` ; some setups require a project-aware audience scope to obtain a JWT carrying the right `aud` claim.
- GRANT_CLIENT_CREDENTIALS : string = 'client_credentials'
- RFC 6749 §4.4 grant_type for the M2M client_credentials flow.
- GRANT_JWT_BEARER : string = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
- RFC 7523 grant_type for the JWT-bearer authorization grant.
- JWT_BEARER_ASSERTION_TYPE : string = 'urn:ietf:params:oauth:client-assertion-type:jw...
- RFC 7521 client_assertion_type identifying a JWT bearer assertion as the client authentication mechanism.
Constants
DEFAULT_SCOPE
Default OIDC scope requested at the token endpoint. Most IdPs accept `openid` alone for `client_credentials` ; some setups require a project-aware audience scope to obtain a JWT carrying the right `aud` claim.
public
string
DEFAULT_SCOPE
= 'openid'
GRANT_CLIENT_CREDENTIALS
RFC 6749 §4.4 grant_type for the M2M client_credentials flow.
public
string
GRANT_CLIENT_CREDENTIALS
= 'client_credentials'
GRANT_JWT_BEARER
RFC 7523 grant_type for the JWT-bearer authorization grant.
public
string
GRANT_JWT_BEARER
= 'urn:ietf:params:oauth:grant-type:jwt-bearer'
Distinct from the client_credentials grant + client_assertion
pair, which authenticates an OAuth-registered client. The
jwt-bearer grant treats the JWT itself as the identity proof —
the canonical pattern for Service Users authenticating with a
private key on Zitadel.
Tags
JWT_BEARER_ASSERTION_TYPE
RFC 7521 client_assertion_type identifying a JWT bearer assertion as the client authentication mechanism.
public
string
JWT_BEARER_ASSERTION_TYPE
= 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'