Spec Sheet

Specification

features description
Supported Endpoints Authorization Endpoint, Token Endpoint, Revocation Endpoint, Introspection Endpoint, JWK Set Endpoint, User Info Endpoint, Backchannel Authentication Endpoint #1
Supported Grant Type authorization_code, implicit, password, client_credentials, refresh_token, CIBA #1
Supported Response Type none, code, token, id_token, code_token, code_id_token, id_token_token, code_id_token_token
Supported Response Mode form_post, query, fragment, jwt #1, form_post.jwt #1, query.jwt #1, fragment.jwt #1
Supported Client Authentication Methods none, client_secret_basic, client_secret_post, client_secret_jwt #1, private_key_jwt #1, tls_client_auth #1, self_signed_tls_client_auth #1
Supported Access Token Types bearer, certificate bound #1 #2
Access Token Expiry 1~251,888,350,304 seconds
Refresh Token Expiry 1~251,888,350,304 seconds
ID Token Expiry 1~251,888,350,304 seconds
Supported Signature Algorithm HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512
Supported Encryption Algorithm RSA1_5, RSA_OAEP, RSA_OAEP_256, A128KW, A192KW, A256KW, DIR, ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW, A128GCMKW, A192GCMKW, A256GCMKW, PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW
Supported Encryption Encoding Algorithm A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM, A256GCM
Other OAuth/OIDC-related Functionalities PKCE, Request Objects, FAPI/Open Banking mode #1 #2
Unique Authlete Functionality
  • ClientIDAlias: Each client can have a client id alias
  • Extra properties: Extra properties can be associated with tokens
  • Scope Attributes: Extra attributes can be associated with scopes
  • Refresh Token Kept: You can choose to keep or reissue refresh tokens when refreshing access tokens

#1: Not available for Free and Business Plan

#2: Optional