Table of Contents
This is a minor update of Authlete 2.2. It includes the following new or enhanced features since the version 2.2.30.
Authlete 2.2 supports “OAuth 2.0 Pushed Authorization Requests (PAR).”
This release includes updates to align with draft-ietf-oauth-rar-19.
If “Remove unless offline_access” is selected, the openid scope is dropped from a new access token issued by the refresh token flow unless the presented refresh token contains the offline_access scope. On the other hand, if “No action” is selected, nothing special is performed.
If “Required” is selected, The client is forced to use DPoP. Any access token request or usage that does not use DPoP will be rejected.
Return grantType in token introspection response.
Add patch request parameter to /api/service/configuration API for patching the response content.
See JavaDoc of ServiceConfigurationRequest class in our authlete-java-common library for details.