Name

Description

tokenType

ISSUEDTOKEN_3

issuedTokenType

http://opcfoundation.org/UA/UserToken#JWT

issuerEndpointUrl

For JWTs this is a JSON object with fields defined in Table 39.

Name

Type

Description

IssuerEndpointUrl

JSON object

Specifies the parameters for a JWT UserIdentityToken.

ua:resourceId

String

The URI identifying the Server to the Authorization Service.

If not specified, the Server’s ApplicationUri is used.

ua:authorityUrl

String

The base URL for the Authorization Service.

This URL may be used to discover additional information about the authority.

This field is equivalent to the “issuer” defined in OpenID-Discovery.

ua:authorityProfileUri

String

The profile that defines the interactions with the authority.

If not specified, the URI is “http://opcfoundation.org/UA/Authorization#OAuth2”.

ua:tokenEndpoint

String

A path relative to the base URL used to request Access Tokens.

This field is equivalent to the “token_endpoint” defined in OpenID-Discovery.

ua:authorizationEndpoint

String

A path relative to the base URL used to validate user credentials.

This field is equivalent to the “authorization_endpoint” defined in OpenID-Discovery.

ua:requestTypes

JSON array

String

The list of request types supported by the authority.

The possible values depend on the authorityProfileUri.

OPC 10000-7 specifies the default for each authority profile defined.

ua:scopes

JSON array

String

A list of Scopes that are understood by the Server.

If not specified, the Client may be able to access any Scope supported by the Authorization Service.

This field is equivalent to the “scopes_supported” defined in OpenID-Discovery.