Standards |
1.1~ |
|
2.0~ |
|
2.1~ |
|
2.2~ |
|
2.3~ |
|
Client Authentication Methods |
1.1 ~ |
none
client_secret_basic (RFC 6749)
client_secret_post (RFC 6749)
|
2.0 ~ |
client_secret_jwt (RFC 7523)
private_key_jwt (RFC 7523)
tls_client_auth (MTLS)
self_signed_tls_client_auth (MTLS)
|
Endpoints |
1.1 ~ |
- Authorization Endpoint (RFC 6749)
- Discovery Endpoint (OIDC Discovery 1.0)
- Introspection Endpoint (RFC 7662)
- JWK Set Endpoint (RFC 7517)
- Revocation Endpoint (RFC 7009)
- Token Endpoint (RFC 6749)
- UserInfo Endpoint (OIDC Core 1.0)
|
2.1 ~ |
- Backchannel Authentication Endpoint (CIBA Core 1.0)
- Device Authorization Endpoint (RFC 8628)
|
2.2 ~ |
- Pushed Authorization Request Endpoint (RFC9126)
|
2.3 ~ |
- Grant Management Endpoint
|
Grant Types |
1.1 ~ |
authorization_code (RFC 6749)
implicit (RFC 6749)
password (RFC 6749)
client_credentials (RFC 6749)
refresh (RFC 6749)
|
2.1 ~ |
urn:openid:params:grant-type:ciba (CIBA)
urn:ietf:params:oauth:grant-type:device_code (RFC 8628)
|
Response Types |
1.1 ~ |
code (RFC 6749)
token (RFC 6749)
id_token (Multiple Response Type)
code token (Multiple Response Type)
code id_token (Multiple Response Type)
id_token token (Multiple Response Type)
code id_token token (Multiple Response Type)
none (Multiple Response Type)
|
Response Modes |
1.1 ~ |
query (Multiple Response Type)
fragment (Multiple Response Type)
form_post (Form Post Response Mode)
|
2.1 ~ |
jwt (JARM)
query.jwt (JARM)
fragment.jwt (JARM)
form_post.jwt (JARM)
|
Signature Algorithms |
1.1 ~ |
HS256
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
PS256
PS384
PS512
none
|
Encryption Algorithms |
1.1 ~ |
RSA1_5
RSA-OAEP
RSA-OAEP-256
A128KW
A192KW
A256KW
dir
ECDH-ES
ECDH-ES+A128KW
ECDH-ES+A192KW
ECDH-ES+A256KW
A128GCMKW
A192GCMKW
A1256GCMKW
PBES2-HS256+A128KW
PBES2-HS384+A192KW
PBES2-HS512+A256KW
|
Encryption Methods |
1.1 ~ |
A128CBC-HS256
A192CBC-HS384
A256CBC-HS512
A128GCM
A192GCM
A256GCM
|
Authlete Specific |
1.1 ~ |
- Client ID alias
- Extra properties
- Renewal policy on refresh tokens
- Single access token per subject
- Error description omission
- Error URI omission
- Granted scopes management *1
- PKCE enforcement
|
2.0 ~ |
- Scope attributes
- PKI certificate chain validation for mutual TLS authentication (MTLS)
|
2.1 ~ |
- Mandating S256 for code_challenge_method (PKCE)
- JWT-based access token
- Allowable clock skew
- Mandating binding message in FAPI context (FAPI-CIBA)
- Advanced renewal policy on refresh tokens
|
2.2 ~ |
- Additional claims in a header part of ID tokens
|
Token Duration Configuration |
1.1 ~ |
- Access token duration per service
- Refresh token duration per service
- ID token duration per service
|
2.0 ~ |
- Access token duration per scope
- Refresh token duration per scope
|
2.1 ~ |
- Access token duration per client
- Refresh token duration per client
- Backchannel authentication request ID duration per service (CIBA)
- Authorization response JWT duration per service (JARM)
- Verification code duration per service (RFC 8628)
|
2.2 ~ |
- Request URI duration per service (PAR)
|