Class: OpenIDConnectAuthenticationRequestClass
An Authentication Request compliant with OpenID Connect 2.0 section 3.1.2.1 with any extensions supported by GOV.UK One Login.
__
JSON schema: OpenIDConnectAuthenticationRequest.json
__
URI: di_vocab:class/OpenIDConnectAuthenticationRequestClass
classDiagram
class OpenIDConnectAuthenticationRequestClass
click OpenIDConnectAuthenticationRequestClass href "../../classes/OpenIDConnectAuthenticationRequestClass/"
AuthorizationRequestClass <|-- OpenIDConnectAuthenticationRequestClass
click AuthorizationRequestClass href "../../classes/AuthorizationRequestClass/"
OpenIDConnectAuthenticationRequestClass : aud
OpenIDConnectAuthenticationRequestClass : claims
OpenIDConnectAuthenticationRequestClass : client_id
OpenIDConnectAuthenticationRequestClass : exp
OpenIDConnectAuthenticationRequestClass : iat
OpenIDConnectAuthenticationRequestClass : iss
OpenIDConnectAuthenticationRequestClass : jti
OpenIDConnectAuthenticationRequestClass : nbf
OpenIDConnectAuthenticationRequestClass : nonce
OpenIDConnectAuthenticationRequestClass : prompt
OpenIDConnectAuthenticationRequestClass : redirect_uri
OpenIDConnectAuthenticationRequestClass : response_type
OpenIDConnectAuthenticationRequestClass : scope
OpenIDConnectAuthenticationRequestClass : state
OpenIDConnectAuthenticationRequestClass : sub
OpenIDConnectAuthenticationRequestClass : vtr
Inheritance
- JWTClass
- AuthorizationRequestClass
- OpenIDConnectAuthenticationRequestClass
- AuthorizationRequestClass
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| vtr | * String |
The Vector of Trust request | direct |
| prompt | 0..1 String |
Use the value login to force a user to authenticate again even if they have... |
direct |
| claims | 0..1 String |
The claims | direct |
| scope | 1 String |
The scope | direct |
| response_type | 1 String |
The response type | AuthorizationRequestClass |
| client_id | 1 StringOrURI |
The client id | AuthorizationRequestClass |
| state | 1 String |
The state | AuthorizationRequestClass |
| redirect_uri | 1 Uri |
The redirect uri | AuthorizationRequestClass |
| nonce | 1 String |
The nonce | AuthorizationRequestClass |
| iss | 0..1 Uri |
The iss (issuer) claim identifies the principal that issued the JWT |
JWTClass |
| sub | 0..1 Uri |
The sub (subject) claim identifies the principal that is the subject of the... |
JWTClass |
| nbf | 0..1 Integer |
The nbf (not before) claim identifies the time the JWT is valid from |
JWTClass |
| exp | 0..1 Integer |
The exp (expiration time) claim identifies the time the JWT expires |
JWTClass |
| aud | 0..1 Uri |
The aud (audience) claim identifies the recipients that the JWT is intended... |
JWTClass |
| iat | 0..1 Integer |
The iat (issued at) claim identifies the time at which the JWT was issued |
JWTClass |
| jti | 0..1 Uri |
The jti (JWT ID) claim identifies the unique identifier of the JWT |
JWTClass |
See Also
Identifier and Mapping Information
Schema Source
- from schema: https://vocab.account.gov.uk/linkml/credentials-schema
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | di_vocab:OpenIDConnectAuthenticationRequestClass |
| native | di_vocab:OpenIDConnectAuthenticationRequestClass |
LinkML Source
Direct
name: OpenIDConnectAuthenticationRequestClass
description: 'An [Authentication Request compliant with OpenID Connect 2.0 section
3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) with
any extensions supported by GOV.UK One Login.
JSON schema: [OpenIDConnectAuthenticationRequest.json](../json-schemas/OpenIDConnectAuthenticationRequest.json)
'
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
see_also:
- ../json-schemas/OpenIDConnectAuthenticationRequest.json
is_a: AuthorizationRequestClass
slots:
- vtr
- prompt
- claims
- scope
Induced
name: OpenIDConnectAuthenticationRequestClass
description: 'An [Authentication Request compliant with OpenID Connect 2.0 section
3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) with
any extensions supported by GOV.UK One Login.
JSON schema: [OpenIDConnectAuthenticationRequest.json](../json-schemas/OpenIDConnectAuthenticationRequest.json)
'
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
see_also:
- ../json-schemas/OpenIDConnectAuthenticationRequest.json
is_a: AuthorizationRequestClass
attributes:
vtr:
name: vtr
description: The Vector of Trust request. If not specified the default value `Cl.Cm`
is used. Further information can be found in [Vectors of Trust RFC](https://datatracker.ietf.org/doc/rfc8485/)
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: vtr
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- OpenIDConnectAuthenticationRequestClass
range: string
multivalued: true
inlined: true
inlined_as_list: true
prompt:
name: prompt
description: Use the value `login` to force a user to authenticate again even
if they have an existing session. If this is not set a user will authenticate
silently if they have an existing session.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: prompt
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- OpenIDConnectAuthenticationRequestClass
range: string
claims:
name: claims
description: The claims. This value will detail what additional claims, if any,
are required from the /userinfo endpoint after a successful authentication request. This
value should be URL-encoded JSON.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: claims
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- OpenIDConnectAuthenticationRequestClass
range: string
scope:
name: scope
description: The scope. A space-separated list of scopes which must include the
`openid` value. Other options are `email`, `phone` and `offline_access` (returns
a refresh token). Other custom scopes are available for internal requests.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: scope
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- AuthorizationRequestClass
- OpenIDConnectAuthenticationRequestClass
range: string
required: true
response_type:
name: response_type
description: The response type. This value currently needs to be set to the value
`code`.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: response_type
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- AuthorizationRequestClass
range: string
required: true
client_id:
name: client_id
description: The client id. This value is the client id the Relying Party service
was provided with for identification upon registration. Internal system requests
will use an internal client id.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: client_id
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- AuthorizationRequestClass
range: StringOrURI
required: true
state:
name: state
description: The state. This value is used to validate the response sent to the
redirect URI. This value will be returned to the client in the authentication
response.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: state
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- AuthorizationRequestClass
range: string
required: true
redirect_uri:
name: redirect_uri
description: The redirect uri. This value must exactly match one of the redirect
uris registered by the Relying Party service and must be URL-encoded.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: redirect_uri
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- AuthorizationRequestClass
range: uri
required: true
nonce:
name: nonce
description: The nonce. A random value provided from the ID token to verify the
integrity of the ID token.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: nonce
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- AuthorizationRequestClass
range: string
required: true
iss:
name: iss
description: The `iss` (issuer) claim identifies the principal that issued the
JWT.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: iss
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- JWTClass
range: uri
sub:
name: sub
description: The `sub` (subject) claim identifies the principal that is the subject
of the JWT.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: sub
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- JWTClass
range: uri
nbf:
name: nbf
description: The `nbf` (not before) claim identifies the time the JWT is valid
from.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: nbf
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- JWTClass
range: integer
exp:
name: exp
description: The `exp` (expiration time) claim identifies the time the JWT expires.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: exp
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- JWTClass
range: integer
aud:
name: aud
description: The `aud` (audience) claim identifies the recipients that the JWT
is intended for.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: aud
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- JWTClass
range: uri
iat:
name: iat
description: The `iat` (issued at) claim identifies the time at which the JWT
was issued.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: iat
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- JWTClass
range: integer
jti:
name: jti
description: The `jti` (JWT ID) claim identifies the unique identifier of the
JWT.
from_schema: https://vocab.account.gov.uk/linkml/credentials-schema
rank: 1000
alias: jti
owner: OpenIDConnectAuthenticationRequestClass
domain_of:
- JWTClass
range: uri