diff --git a/src/OpenIddict.Client/OpenIddictClientModels.cs b/src/OpenIddict.Client/OpenIddictClientModels.cs
index 24740a1d4..617a0edb6 100644
--- a/src/OpenIddict.Client/OpenIddictClientModels.cs
+++ b/src/OpenIddict.Client/OpenIddictClientModels.cs
@@ -66,6 +66,11 @@ public sealed record class InteractiveAuthenticationResult
///
public required string? BackchannelAccessToken { get; init; }
+ ///
+ /// Gets or sets the expiration date of the backchannel access token, if available.
+ ///
+ public required DateTimeOffset? BackchannelAccessTokenExpirationDate { get; init; }
+
///
/// Gets or sets the backchannel identity token, if available.
///
@@ -82,6 +87,11 @@ public sealed record class InteractiveAuthenticationResult
///
public required string? FrontchannelAccessToken { get; init; }
+ ///
+ /// Gets or sets the expiration date of the frontchannel access token, if available.
+ ///
+ public required DateTimeOffset? FrontchannelAccessTokenExpirationDate { get; init; }
+
///
/// Gets or sets the frontchannel identity token, if available.
///
@@ -253,6 +263,11 @@ public sealed record class ClientCredentialsAuthenticationResult
///
public required string AccessToken { get; init; }
+ ///
+ /// Gets or sets the expiration date of the access token, if available.
+ ///
+ public required DateTimeOffset? AccessTokenExpirationDate { get; init; }
+
///
/// Gets or sets the identity token, if available.
///
@@ -394,6 +409,11 @@ public sealed record class DeviceAuthenticationResult
///
public required string AccessToken { get; init; }
+ ///
+ /// Gets or sets the expiration date of the access token, if available.
+ ///
+ public required DateTimeOffset? AccessTokenExpirationDate { get; init; }
+
///
/// Gets or sets the identity token, if available.
///
@@ -605,6 +625,11 @@ public sealed record class PasswordAuthenticationResult
///
public required string AccessToken { get; init; }
+ ///
+ /// Gets or sets the expiration date of the access token, if available.
+ ///
+ public required DateTimeOffset? AccessTokenExpirationDate { get; init; }
+
///
/// Gets or sets the identity token, if available.
///
@@ -714,6 +739,11 @@ public sealed record class RefreshTokenAuthenticationResult
///
public required string AccessToken { get; init; }
+ ///
+ /// Gets or sets the expiration date of the access token, if available.
+ ///
+ public required DateTimeOffset? AccessTokenExpirationDate { get; init; }
+
///
/// Gets or sets the identity token, if available.
///
diff --git a/src/OpenIddict.Client/OpenIddictClientService.cs b/src/OpenIddict.Client/OpenIddictClientService.cs
index 84bcc88ee..4fdb6e0c0 100644
--- a/src/OpenIddict.Client/OpenIddictClientService.cs
+++ b/src/OpenIddict.Client/OpenIddictClientService.cs
@@ -265,9 +265,11 @@ public async ValueTask AuthenticateInteractivel
AuthorizationCode = context.AuthorizationCode,
AuthorizationResponse = context.Request is not null ? new(context.Request.GetParameters()) : new(),
BackchannelAccessToken = context.BackchannelAccessToken,
+ BackchannelAccessTokenExpirationDate = context.BackchannelAccessTokenExpirationDate,
BackchannelIdentityToken = context.BackchannelIdentityToken,
BackchannelIdentityTokenPrincipal = context.BackchannelIdentityTokenPrincipal,
FrontchannelAccessToken = context.FrontchannelAccessToken,
+ FrontchannelAccessTokenExpirationDate = context.FrontchannelAccessTokenExpirationDate,
FrontchannelIdentityToken = context.FrontchannelIdentityToken,
FrontchannelIdentityTokenPrincipal = context.FrontchannelIdentityTokenPrincipal,
Principal = context.MergedPrincipal,
@@ -448,6 +450,7 @@ public async ValueTask AuthenticateWithCl
return new()
{
AccessToken = context.BackchannelAccessToken!,
+ AccessTokenExpirationDate = context.BackchannelAccessTokenExpirationDate,
IdentityToken = context.BackchannelIdentityToken,
IdentityTokenPrincipal = context.BackchannelIdentityTokenPrincipal,
Principal = context.MergedPrincipal,
@@ -551,6 +554,7 @@ public async ValueTask AuthenticateWithDeviceAsync(D
return new()
{
AccessToken = context.BackchannelAccessToken!,
+ AccessTokenExpirationDate = context.BackchannelAccessTokenExpirationDate,
IdentityToken = context.BackchannelIdentityToken,
IdentityTokenPrincipal = context.BackchannelIdentityTokenPrincipal,
Principal = context.MergedPrincipal,
@@ -753,6 +757,7 @@ public async ValueTask AuthenticateWithPasswordAsy
return new()
{
AccessToken = context.BackchannelAccessToken!,
+ AccessTokenExpirationDate = context.BackchannelAccessTokenExpirationDate,
IdentityToken = context.BackchannelIdentityToken,
IdentityTokenPrincipal = context.BackchannelIdentityTokenPrincipal,
Principal = context.MergedPrincipal,
@@ -846,6 +851,7 @@ public async ValueTask AuthenticateWithRefresh
return new()
{
AccessToken = context.BackchannelAccessToken!,
+ AccessTokenExpirationDate = context.BackchannelAccessTokenExpirationDate,
IdentityToken = context.BackchannelIdentityToken,
IdentityTokenPrincipal = context.BackchannelIdentityTokenPrincipal,
Principal = context.MergedPrincipal,