Spec Sheet

Specification

Features Version Description
Standards 1.1~
2.0~
2.1~
2.2~
2.3~
Client Authentication Methods 1.1 ~
2.0 ~
Endpoints 1.1 ~
2.1 ~
2.2 ~
  • Pushed Authorization Request Endpoint (RFC 9126)
2.3 ~
  • Grant Management Endpoint
Grant Types 1.1 ~
2.1 ~
  • urn:openid:params:grant-type:ciba (CIBA Core)
  • urn:ietf:params:oauth:grant-type:device_code (RFC 8628)
2.3 ~
  • urn:ietf:params:oauth:grant-type:token-exchange (RFC 8693)
Response Types 1.1 ~
Response Modes 1.1 ~
2.1 ~
Signature Algorithms 1.1 ~
  • HS256
  • HS384
  • HS512
  • RS256
  • RS384
  • RS512
  • ES256
  • ES384
  • ES512
  • PS256
  • PS384
  • PS512
  • none
Encryption Algorithms 1.1 ~
  • RSA1_5
  • RSA-OAEP
  • RSA-OAEP-256
  • A128KW
  • A192KW
  • A256KW
  • dir
  • ECDH-ES
  • ECDH-ES+A128KW
  • ECDH-ES+A192KW
  • ECDH-ES+A256KW
  • A128GCMKW
  • A192GCMKW
  • A1256GCMKW
  • PBES2-HS256+A128KW
  • PBES2-HS384+A192KW
  • PBES2-HS512+A256KW
Encryption Methods 1.1 ~
  • A128CBC-HS256
  • A192CBC-HS384
  • A256CBC-HS512
  • A128GCM
  • A192GCM
  • A256GCM
Authlete Specific 1.1 ~
2.0 ~
2.1 ~
2.2 ~
2.3 ~
  • Database table isolation
  • Idempotent refresh token
  • Additional arbitrary claims in JWT access tokens
  • Auto-generation of access tokens for external attachments (OIDC4IDA)
  • Single access token per subject (configuration per client)
  • Restrictions on the use of token exchange (RFC 8693)
Token Duration Configuration 1.1 ~
  • Access token duration per service
  • Refresh token duration per service
  • ID token duration per service
2.0 ~
  • Access token duration per scope
  • Refresh token duration per scope
2.1 ~
  • Access token duration per client
  • Refresh token duration per client
  • Backchannel authentication request ID duration per service (CIBA Core)
  • Authorization response JWT duration per service (JARM)
  • Verification code duration per service (RFC 8628)
2.2 ~
  • Request URI duration per service (RFC 9126)

*1 : Only available in Enterprise plan

OpenID Certification

OpenID Certification Version Categories
OpenID Provider 1.1 ~
  • Basic OP
  • Implicit OP
  • Hybrid OP
  • Config OP
2.1 ~
  • Dynamic OP
  • Form Post OP
FAPI OpenID Provider 2.1 ~
  • Financial-grade API (FAPI) 1.0 Second Implementer’s Draft
    • FAPI R/W OP w/ MTLS
    • FAPI R/W OP w/ Private Key
2.2 ~
  • Financial-grade API (FAPI) 1.0 Final
    • FAPI Adv. OP w/ MTLS
    • FAPI Adv. OP w/ MTLS, PAR
    • FAPI Adv. OP w/ Private Key
    • FAPI Adv. OP w/ Private Key, PAR
    • FAPI Adv. OP w/ MTLS, JARM
    • FAPI Adv. OP w/ Private Key, JARM
    • FAPI Adv. OP w/ MTLS, PAR, JARM
    • FAPI Adv. OP w/ Private Key, PAR, JARM
  • UK Open Banking (Based on FAPI 1 Advanced Final)
    • UK-OB Adv. OP w/ MTLS
    • UK-OB Adv. OP w/ Private Key
  • Australia CDR (Based on FAPI 1 Advanced Final)
    • AU-CDR Adv. OP w/ Private Key
    • AU-CDR Adv. OP w/ Private Key, PAR
  • Brazil Open Banking (Based on FAPI 1 Advanced Final)
    • BR-OB Adv. OP w/ MTLS
    • BR-OB Adv. OP w/ Private Key
    • BR-OB Adv. OP w/ MTLS, PAR
    • BR-OB Adv. OP w/ Private Key, PAR
    • BR-OB Adv. OP w/ MTLS, JARM
    • BR-OB Adv. OP w/ Private Key, JARM
    • BR-OB Adv. OP w/ MTLS, PAR, JARM
    • BR-OB Adv. OP w/ Private Key, PAR, JARM
    • BR-OB Adv. OP DCR
  • Financial-grade API (FAPI) 1.0 Second Implementer’s Draft
    • FAPI R/W OP w/ MTLS
    • FAPI R/W OP w/ MTLS, PAR
    • FAPI R/W OP w/ Private Key
    • FAPI R/W OP w/ Private Key, PAR
    • UK-OB R/W OP w/ MTLS
    • UK-OB R/W OP w/ Private Key
    • AU-CDR R/W OP w/ Private Key
    • AU-CDR R/W OP w/ Private Key, PAR
FAPI-CIBA Profile OpenID Provider 2.1 ~
  • FAPI-CIBA OP Poll w/ MTLS
  • FAPI-CIBA OP Poll w/ Private Key
  • FAPI-CIBA OP Ping w/ MTLS
  • FAPI-CIBA OP Ping w/ Private Key