TokenResponseField uses ConstantsTrait
Field names of the JSON body returned by the OAuth 2.0 token endpoint after a successful `client_credentials` exchange.
RFC 6749 §5.1 (Successful Response). Only the fields used by the M2M client are surfaced here.
Tags
Table of Contents
Constants
- ACCESS_TOKEN : string = 'access_token'
- `access_token` — the JWT to send back to the resource API as `Authorization: Bearer <access_token>`.
- EXPIRES_AT : string = 'expires_at'
- `expires_at` — absolute expiration timestamp (epoch seconds) of the access_token.
- EXPIRES_IN : string = 'expires_in'
- `expires_in` — number of seconds the access_token remains valid, counted from the response time. Used to seed the local cache TTL (refreshed proactively `REFRESH_SAFETY_MARGIN` seconds before that hard expiration to absorb clock drift).
- ID_TOKEN : string = 'id_token'
- `id_token` — a JWT containing identity claims about the client or subject, returned in OpenID Connect flows.
- REFRESH_TOKEN : string = 'refresh_token'
- `refresh_token` — a long-lived token that can be used to obtain a new access_token without re-authenticating the client.
- SCOPE : string = 'scope'
- `scope` — the actual scopes granted (may differ from the requested scope set if the IdP narrows them down).
- TOKEN_TYPE : string = 'token_type'
- `token_type` — typically `Bearer`. Surfaced for completeness ; the M2M client always uses `Bearer` regardless of this value.
Constants
ACCESS_TOKEN
`access_token` — the JWT to send back to the resource API as `Authorization: Bearer <access_token>`.
public
string
ACCESS_TOKEN
= 'access_token'
EXPIRES_AT
`expires_at` — absolute expiration timestamp (epoch seconds) of the access_token.
public
string
EXPIRES_AT
= 'expires_at'
Non-standard but sometimes provided by certain providers as an
alternative to expires_in.
EXPIRES_IN
`expires_in` — number of seconds the access_token remains valid, counted from the response time. Used to seed the local cache TTL (refreshed proactively `REFRESH_SAFETY_MARGIN` seconds before that hard expiration to absorb clock drift).
public
string
EXPIRES_IN
= 'expires_in'
ID_TOKEN
`id_token` — a JWT containing identity claims about the client or subject, returned in OpenID Connect flows.
public
string
ID_TOKEN
= 'id_token'
Not part of pure OAuth2, but commonly included when OIDC is enabled on the token endpoint.
REFRESH_TOKEN
`refresh_token` — a long-lived token that can be used to obtain a new access_token without re-authenticating the client.
public
string
REFRESH_TOKEN
= 'refresh_token'
Rare in pure client_credentials flows, but may appear depending on the authorization server configuration.
SCOPE
`scope` — the actual scopes granted (may differ from the requested scope set if the IdP narrows them down).
public
string
SCOPE
= 'scope'
TOKEN_TYPE
`token_type` — typically `Bearer`. Surfaced for completeness ; the M2M client always uses `Bearer` regardless of this value.
public
string
TOKEN_TYPE
= 'token_type'