Spec Sheet

仕様書

Features Description
Supported Endpoints Authorization Endpoint, Token Endpoint, Revocation Endpoint, Introspection Endpoint, JWK Set Endpoint, User Info Endpoint, Backchannel Authentication Endpoint #1, Device Authorization Endpoint #1
Supported Grant Types authorization_code, implicit, password, client_credentials, refresh_token, urn:openid:params:grant-type:ciba (CIBA) #1, urn:ietf:params:oauth:grant-type:device_code (Device Flow) #1
Supported Response Types none, code, token, id_token, code token, code id_token, id_token token, code id_token token
Supported Response Modes query, fragment, form_post, jwt #1, query.jwt #1, fragment.jwt #1, form_post.jwt #1
Supported Client Authentication Methods none, client_secret_basic, client_secret_post, client_secret_jwt #1, private_key_jwt #1, tls_client_auth #1, self_signed_tls_client_auth #1
Access Token Expiry configurable per service, configurable per scope #1
Refresh Token Expiry configurable per service, configurable per scope #1
ID Token Expiry configurable per service
Supported Signature Algorithm HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512
Supported Encryption Algorithm RSA1_5, RSA_OAEP, RSA_OAEP_256, A128KW, A192KW, A256KW, DIR, ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW, A128GCMKW, A192GCMKW, A256GCMKW, PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW
Supported Encryption Encoding Algorithm A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM, A256GCM
Supported Specifications RFC 6749: The OAuth 2.0 Authorization Framework
RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 7009: OAuth 2.0 Token Revocation
RFC 7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol
RFC 7592: OAuth 2.0 Dynamic Client Registration Management Protocol
RFC 7636: Proof Key for Code Exchange by OAuth Public Clients
RFC 7662: OAuth 2.0 Token Introspection #1
RFC 8628: OAuth 2.0 Device Authorization Grant #1
OAuth 2.0 Multiple Response Type Encoding Practices
OAuth 2.0 Form Post Response Mode
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens #1
OpenID Connect Core 1.0
OpenID Connect Discovery 1.0
OpenID Connect Dynamic Client Registration 1.0
OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0 #1
Financial-grade API - Part 1: Read-Only API Security Profile #1
Financial-grade API - Part 2: Read and Write API Security Profile #1
Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) #1
Financial-grade API: Client Initiated Backchannel Authentication Profile #1
UK Open Banking Security Profile #1
Unique Authlete Functionalities ClientID Alias
Extra Properties
Scope Attribute
Refresh Token Kept
Single Access Token Per Subjectken
error_description Omission
error_uri Omission
Granted Scopes Management
PKI Certificate Chain Validation for Mutual TLS Authentication
S256 for Code Challenge Method
JWT-based Access Token
Allowable Clock Skew
Binding Message in FAPI Context

#1: Enterprise Plan Only