Specification

features	description
Supported Endpoints	Authorization Endpoint, Token Endpoint, Revocation Endpoint, Introspection Endpoint, JWK Set Endpoint, User Info Endpoint, Backchannel Authentication Endpoint #1
Supported Grant Type	authorization_code, implicit, password, client_credentials, refresh_token, CIBA #1
Supported Response Type	none, code, token, id_token, code_token, code_id_token, id_token_token, code_id_token_token
Supported Response Mode	form_post, query, fragment, jwt #1, form_post.jwt #1, query.jwt #1, fragment.jwt #1
Supported Client Authentication Methods	none, client_secret_basic, client_secret_post, client_secret_jwt #1, private_key_jwt #1, tls_client_auth #1, self_signed_tls_client_auth #1
Supported Access Token Types	bearer, certificate bound #1 #2
Access Token Expiry	1~251,888,350,304 seconds
Refresh Token Expiry	1~251,888,350,304 seconds
ID Token Expiry	1~251,888,350,304 seconds
Supported Signature Algorithm	HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512
Supported Encryption Algorithm	RSA1_5, RSA_OAEP, RSA_OAEP_256, A128KW, A192KW, A256KW, DIR, ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW, A128GCMKW, A192GCMKW, A256GCMKW, PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW
Supported Encryption Encoding Algorithm	A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM, A256GCM
Other OAuth/OIDC-related Functionalities	PKCE, Request Objects, FAPI/Open Banking mode #1 #2
Unique Authlete Functionality	ClientIDAlias: Each client can have a client id alias Extra properties: Extra properties can be associated with tokens Scope Attributes: Extra attributes can be associated with scopes Refresh Token Kept: You can choose to keep or reissue refresh tokens when refreshing access tokens

#1: Not available for Free and Business Plan

#2: Optional

Service Level

Under construction

Support Level

Under construction

Last Updated at February 13, 2019 by Authlete Inc.