# `AttestoPhoenix.AuthorizationServer.Token.Request` [🔗](https://github.com/XukuLLC/attesto_phoenix/blob/v0.19.0/lib/attesto_phoenix/authorization_server/token/request.ex#L1) A parsed token request, all plain data lifted at the controller edge. `AttestoPhoenix.Controller.TokenController` authenticates the client (RFC 6749 §2.3), parses the request body and the relevant `Plug.Conn` facts, and builds this struct so that `AttestoPhoenix.AuthorizationServer.Token` can process the grant against data only - never a conn. ## Fields * `:config` - the validated `%AttestoPhoenix.Config{}` carrying host policy. * `:client` - the authenticated client (RFC 6749 §2.3), opaque to the core. * `:client_auth_method` - HOW the client authenticated (`:client_secret_basic` / `:client_secret_post` / `:private_key_jwt`, or `:none` for the public-client path). The core gates confidential-only grants (`client_credentials`, token-exchange) on this, rejecting `:none`. * `:grant_type` - the requested grant type string (RFC 6749 §1.3). * `:params` - the request body parameters. * `:sender_constraint_input` - the conn-free sender-constraint facts (`t:AttestoPhoenix.AuthorizationServer.SenderConstraint.input/0`): the presented DPoP proof (RFC 9449), the presented client certificate DER (RFC 8705), and the canonical request URL/method the proof is bound to. * `:client_ip` - the request client IP for audit-event metadata, or `nil`. * `:request_client_id` - the `client_id` derived from the request body or the Basic credentials, used as the denial-event `client_id` fallback when the host exposes no `:client_id` callback. # `t` ```elixir @type t() :: %AttestoPhoenix.AuthorizationServer.Token.Request{ client: term(), client_auth_method: :client_secret_basic | :client_secret_post | :private_key_jwt | :none, client_ip: String.t() | nil, config: AttestoPhoenix.Config.t(), grant_type: String.t(), params: map(), request_client_id: String.t() | nil, sender_constraint_input: AttestoPhoenix.AuthorizationServer.SenderConstraint.input() } ``` --- *Consult [api-reference.md](api-reference.md) for complete listing*