The IETF RFCs for Tokens not only include a couple extra properties that were not previously addressed, but it states that the responses may be extended with custom information. Authorization servers, such as Keycloak, includes metadata in the token response indicating refresh token expiration, or other data.
Since Token responses can be extended, it stands to reason that these objects should conform to HasClaims just like other models, to allow for them to be adapted to different authentication scenarios.
This update further extends the support for Claims to resolve edge-cases in how convertible values were handled, unifying support around mapping claims to scalar values, arrays, or dictionaries, and cleaning up how JSON objects are mapped.
Finally, since the result of refresh operations often doesn't include data provided in the initial token exchange request (such as device_secret), the process for merging tokens during refresh operations has been moved to a protocol. This is not yet public, but this may be exposed in the future.
This PR:
Alters Token to conform to HasClaims so its raw JSON token response data is stored and persisted
Defines properties defined by the OAuth2 specs, including required values (such as Token Type, Access Token, etc)
Includes version migration support to handle loading and parsing of tokens stored with previous versions of the SDK
Refines and makes the HasClaims value functions work consistently (since there were gaps before)
Cleans up JSON handling, as well as documentation updates
The IETF RFCs for Tokens not only include a couple extra properties that were not previously addressed, but it states that the responses may be extended with custom information. Authorization servers, such as Keycloak, includes metadata in the token response indicating refresh token expiration, or other data.
Since Token responses can be extended, it stands to reason that these objects should conform to
HasClaimsjust like other models, to allow for them to be adapted to different authentication scenarios.This update further extends the support for Claims to resolve edge-cases in how convertible values were handled, unifying support around mapping claims to scalar values, arrays, or dictionaries, and cleaning up how JSON objects are mapped.
Finally, since the result of refresh operations often doesn't include data provided in the initial token exchange request (such as
device_secret), the process for merging tokens during refresh operations has been moved to a protocol. This is not yet public, but this may be exposed in the future.This PR: