Table of Contents
This is a minor update of Authlete 2.2. It includes the following new or enhanced features since the version 2.2.30.
Authlete 2.2 supports “OAuth 2.0 Pushed Authorization Requests (PAR).”
This release includes updates to align with draft-ietf-oauth-rar-19.
If “Remove unless offline_access” is selected, the
openid scope is dropped from a new access token issued by the refresh token flow unless the presented refresh token contains the
offline_access scope. On the other hand, if “No action” is selected, nothing special is performed.
If “Required” is selected, The client is forced to use DPoP. Any access token request or usage that does not use DPoP will be rejected.
grantType in token introspection response.
patch request parameter to
/api/service/configuration API for patching the response content.