Table of Contents
This is a minor update of Authlete 2.2. It includes the following new or enhanced features since the version 2.2.30.
Authlete 2.2 supports “OAuth 2.0 Pushed Authorization Requests (PAR).”
This release includes updates to align with draft-ietf-oauth-rar-19.
If “Remove unless offline_access” is selected, the openid
scope is dropped from a new access token issued by the refresh token flow unless the presented refresh token contains the offline_access
scope. On the other hand, if “No action” is selected, nothing special is performed.
If “Required” is selected, The client is forced to use DPoP. Any access token request or usage that does not use DPoP will be rejected.
Return grantType
in token introspection response.
Add patch
request parameter to /api/service/configuration
API for patching the response content.
See JavaDoc of ServiceConfigurationRequest class in our authlete-java-common library for details.