Table of Contents
This is a minor update of Authlete 2.2. It includes the following new or enhanced features since the version 2.2.15.
When “Variable” is selected, Authlete checks if a host component of a redirection URI specified in an authorization request denotes loopback (
::1), and if so, Authlete ignores a port number component of the URI on comparing it with pre-registered URIs.
This behavior is described in 7.3. Loopback Interface Redirection of BCP 212 (OAuth 2.0 for Native Apps).
Note that the port number component of loopback redirection URIs cannot be variable in the context of FAPI even if Variable is selected, as per FAPI 1.0 Part 1 Section 7.5.
If “Enabled” is selected, you can use
scope parameter to Authlete’s
/client/registration API and
/client/registration/update API to limit the range of scopes that the client application can request. If “Disabled” is selected, these APIs ignore the
/auth/token/create API now creates a JWT-based access token when the “Access Token Signature Algorithm” is set.