API Reference > backend-itwin-client > Authentication > AgentAuthorizationClient AgentAuthorizationClient Class Beta Utility to generate OIDC/OAuth tokens for agent or agent applications The application must register a client using the self service registration page. The client type must be "Agent" Use the Client Id/Client Secret/Scopes to create the agent configuration that's passed in. Ensure the application can access the iTwin Project/Asset - in production environments, this is done by using the iTwin project portal to add add the email {Client Id}@apps.imsoidc.bentley.com as an authorized user with the appropriate role that includes the required access permissions. Extends BackendAuthorizationClient Implements AuthorizationClient Methods Name Description constructor(agentConfiguration: BackendAuthorizationClientConfiguration): AgentAuthorizationClient Creates an instance of BackendAuthorizationClient. getAccessToken(requestContext?: ClientRequestContext): Promise<AccessToken> Returns a promise that resolves to the AccessToken of the currently authorized client. getToken(requestContext: ClientRequestContext): Promise<AccessToken> Get the access token Deprecated refreshToken(requestContext: ClientRequestContext, jwt: AccessToken): Promise<AccessToken> Refresh the access token - simply checks if the token is still valid before re-fetching a new access token Deprecated Inherited methods Name Inherited from Description applyUserConfiguredHttpRequestOptions(requestOptions: RequestOptions, userDefinedRequestOptions?: HttpRequestOptions): void Protected BackendAuthorizationClient Configures request options based on user defined values in HttpRequestOptions delete(requestContext: AuthorizedClientRequestContext, relativeUrlPath: string, httpRequestOptions?: HttpRequestOptions): Promise<void> Protected BackendAuthorizationClient used by clients to send delete requests discoverEndpoints(requestContext: ClientRequestContext): Promise<Issuer<Client>> BackendAuthorizationClient Discover the endpoints of the service getClient(requestContext: ClientRequestContext): Promise<Client> Protected BackendAuthorizationClient getUrl(requestContext: ClientRequestContext): Promise<string> BackendAuthorizationClient Gets the URL of the service. getUrlSearchKey(): string Protected BackendAuthorizationClient Gets name/key to query the service URLs from the URL Discovery Service ("Buddi") setupOptionDefaults(options: RequestOptions): Promise<void> Protected BackendAuthorizationClient Augments request options with defaults returned by the DefaultRequestOptionsProvider. Properties Name Type Description hasExpired Accessor ReadOnly boolean Set to true if the user has signed in, but the token has expired and requires a refresh hasSignedIn Accessor ReadOnly boolean Set to true if signed in - the accessToken may be active or may have expired and require a refresh isAuthorized Accessor ReadOnly boolean Set to true if there's a current authorized user or client (in the case of agent applications). Inherited properties Name Type Inherited from Description _configuration Protected BackendAuthorizationClientConfiguration BackendAuthorizationClient _url Protected undefined | string BackendAuthorizationClient baseUrl Protected undefined | string BackendAuthorizationClient Sets the default base URL to use with this client. searchKey StaticReadonly string BackendAuthorizationClient Defined in core/backend-itwin-client/src/oidc/AgentAuthorizationClient.ts Line 51 Last Updated: 29 November, 2022