Important notice to our Business Plan customers: Upcoming upgrade to Authlete 2.2 release
Dear valuable customers,
We plan to roll out the new version of Authlete (2.2) to the service (
https://api.authlete.com) for our Business Plan customers. This announcement describes its temporary shutdown during the upgrade process, and changes in some of its APIs.
Note: This upgrade process doesn’t affect our Enterprise Plan customers.
The service will be temporarily unavailable during the following maintainance window, due to this upgrade.
14:00 - 15:00 on July 29, 2021 UTC
Important: API specification changes
Authlete APIs will be upgraded from version 2.1 to 2.2 after this maintenance.
No APIs will be deprecated, but some of them (related to request objects) will change. The changes are as follows:
1. Making “nbf” claim of request objects mandatory in FAPI (Financial-grade API)
- The FAPI Final requires
nbf claim in a request object for an authorization request, and validity period (difference between
nbf) of the object must be within 60 minutes.
- Authlete 2.2 and its later versions comply with these provisions by default.
- If you have been using FAPI and request objects, specify the new configuration value of “nbf claim” to “Optional” for backward compatibility, as needed.
2. Changes in verification rules for parameters in request objects
- There are some conflicts between OpenID Connect Core 1.0 and JWT Authorization Request (JAR), in terms of request objects. JAR is a specification newly supported in Authlete 2.2.
- Authlete 2.2 and its later versions check the parameters in accordance with the JAR specification.
- If you have been using request objects that are compliant to the OpenID Connect Core 1.0 specification, specify the new configuration parameter of “Request Object Processing” to “Backward compatible” for backward compatibility, as needed.
New APIs and features
The following features will be available by upgrading Authlete from version 2.1 to 2.2.
- Finanicial-grade API (FAPI) Final support (additional contract required)
- JWT Secured Authorization Request (JAR) support
- OAuth 2.0 Pushed Authorization Requests (PAR) support
- OAuth 2.0 Rich Authorization Requests (RAR) support
- OAuth 2.0 Demonstration of Proof-of-Posession at the Application Layer (DPoP) support
- OpenID Connect for Identity Assurance 1.0 (IDA) support
- RFC 8707 Resource Indicators for OAuth 2.0 support
- OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response support
- Parameterized Scope support
- Additional configuration items
- New and updated APIs
See Authlete’s release notes for details.
We will be providing testing environment (not for production purposes) to check the Authlete 2.2 APIs in advance, for our Business Plan customers. If you would like to use the environment, Please tell us know your login ID or email by July 9, 2021.
Schedule for the testing environment: July 12, 2021 - July 29, 2021 14:00 UTC
Please reach out to us via contact form, or ask our sales representative.