TsgcHTTP_OAuth2_Server › Events
Events you can handle, grouped by purpose, followed by the full alphabetical list.
| Name | Description |
|---|---|
| OnOAuth2BeforeRequest | Fires before any OAuth2 endpoint processes an incoming HTTP request; lets the application inspect, rewrite or cancel the request. |
| OnOAuth2BeforeDispatchPage | Fires before an OAuth2 HTML page (sign-in, consent, device verification) is rendered so the application can customize the HTML. |
| OnOAuth2Authentication | Validates user credentials submitted on the sign-in page during the authorize flow. |
| OnOAuth2Unauthorized | Fires when a protected endpoint rejects a request because the bearer token is missing, invalid or expired. |
| OnOAuth2ResponseError | Fires when the server is about to return an OAuth2 error response (invalid_grant, invalid_client, access_denied, etc.) so the application can override status, body or headers. |
| Name | Description |
|---|---|
| OnOAuth2AfterAccessToken | Fires after the /token endpoint successfully issues an access token. |
| OnOAuth2AfterRefreshToken | Fires after the /token endpoint successfully renews an access token using the refresh_token grant. |
| OnOAuth2AfterValidateAccessToken | Fires after the server has validated an access token on a resource request and lets the application accept or override the result. |
| OnOAuth2AfterRevokeToken | Fires after the /revoke endpoint processes a token revocation request (RFC 7009). |
| OnOAuth2AfterIntrospectToken | Fires after the /introspect endpoint processes a token introspection request (RFC 7662). |
| Name | Description |
|---|---|
| OnOAuth2DeviceAuthorization | Fires after the /device_authorization endpoint issues a device_code and user_code pair (RFC 8628). |
| OnOAuth2DeviceCodeVerification | Fires when the user submits a user_code on the device verification page (RFC 8628) so the application can authorize or deny the device. |
| Name | Description |
|---|---|
| OnOAuth2ValidateDPoP | Fires when a resource request carries a DPoP proof header so the application can verify the proof-of-possession (RFC 9449). |
| Name | Description |
|---|---|
| OnOAuth2AfterAccessToken | Fires after the /token endpoint successfully issues an access token. |
| OnOAuth2AfterIntrospectToken | Fires after the /introspect endpoint processes a token introspection request (RFC 7662). |
| OnOAuth2AfterRefreshToken | Fires after the /token endpoint successfully renews an access token using the refresh_token grant. |
| OnOAuth2AfterRevokeToken | Fires after the /revoke endpoint processes a token revocation request (RFC 7009). |
| OnOAuth2AfterValidateAccessToken | Fires after the server has validated an access token on a resource request and lets the application accept or override the result. |
| OnOAuth2Authentication | Validates user credentials submitted on the sign-in page during the authorize flow. |
| OnOAuth2BeforeDispatchPage | Fires before an OAuth2 HTML page (sign-in, consent, device verification) is rendered so the application can customize the HTML. |
| OnOAuth2BeforeRequest | Fires before any OAuth2 endpoint processes an incoming HTTP request; lets the application inspect, rewrite or cancel the request. |
| OnOAuth2DeviceAuthorization | Fires after the /device_authorization endpoint issues a device_code and user_code pair (RFC 8628). |
| OnOAuth2DeviceCodeVerification | Fires when the user submits a user_code on the device verification page (RFC 8628) so the application can authorize or deny the device. |
| OnOAuth2ResponseError | Fires when the server is about to return an OAuth2 error response (invalid_grant, invalid_client, access_denied, etc.) so the application can override status, body or headers. |
| OnOAuth2Unauthorized | Fires when a protected endpoint rejects a request because the bearer token is missing, invalid or expired. |
| OnOAuth2ValidateDPoP | Fires when a resource request carries a DPoP proof header so the application can verify the proof-of-possession (RFC 9449). |