News

Important notice to our Business Plan customers: Upcoming upgrade to Authlete 2.2 release

  • June 30, 2021
Summary
  1. On July 29, 2021 UTC, the Authlete service for Business Plan customers will be upgraded to the version 2.2
  2. The service will be temporarily unavailable during the upgrade process
  3. Some of Authlete's APIs will change in the new version
  4. Testing environment will be provided upon request from the customers who want to check the change in advance

Dear valuable customers,

We plan to roll out the new version of Authlete (2.2) to the service (https://api.authlete.com) for our Business Plan customers. This announcement describes its temporary shutdown during the upgrade process, and changes in some of its APIs.

Note: This upgrade process doesn’t affect our Enterprise Plan customers.

Maintenance schedule

The service will be temporarily unavailable during the following maintainance window, due to this upgrade.

14:00 - 15:00 on July 29, 2021 UTC

Important: API specification changes

Authlete APIs will be upgraded from version 2.1 to 2.2 after this maintenance.

No APIs will be deprecated, but some of them (related to request objects) will change. The changes are as follows:

1. Making “nbf” claim of request objects mandatory in FAPI (Financial-grade API)

  • The FAPI Final requires nbf claim in a request object for an authorization request, and validity period (difference between exp and nbf) of the object must be within 60 minutes.
  • Authlete 2.2 and its later versions comply with these provisions by default.
  • If you have been using FAPI and request objects, specify the new configuration value of “nbf claim” to “Optional” for backward compatibility, as needed.

2. Changes in verification rules for parameters in request objects

  • There are some conflicts between OpenID Connect Core 1.0 and JWT Authorization Request (JAR), in terms of request objects. JAR is a specification newly supported in Authlete 2.2.
  • Authlete 2.2 and its later versions check the parameters in accordance with the JAR specification.
  • If you have been using request objects that are compliant to the OpenID Connect Core 1.0 specification, specify the new configuration parameter of “Request Object Processing” to “Backward compatible” for backward compatibility, as needed.

New APIs and features

The following features will be available by upgrading Authlete from version 2.1 to 2.2.

  • Finanicial-grade API (FAPI) Final support (additional contract required)
  • JWT Secured Authorization Request (JAR) support
  • OAuth 2.0 Pushed Authorization Requests (PAR) support
  • OAuth 2.0 Rich Authorization Requests (RAR) support
  • OAuth 2.0 Demonstration of Proof-of-Posession at the Application Layer (DPoP) support
  • OpenID Connect for Identity Assurance 1.0 (IDA) support
  • RFC 8707 Resource Indicators for OAuth 2.0 support
  • OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response support
  • Parameterized Scope support
  • Additional configuration items
  • New and updated APIs

See Authlete’s release notes for details.

Testing environment

We will be providing testing environment (not for production purposes) to check the Authlete 2.2 APIs in advance, for our Business Plan customers. If you would like to use the environment, Please tell us know your login ID or email by July 9, 2021.

Schedule for the testing environment: July 12, 2021 - July 29, 2021 14:00 UTC

Contact

Please reach out to us via contact form, or ask our sales representative.

References