Supported standards
- All tokens are JSON Web Token (JWT)
- OpenID Connect 1.0 supported in both application registrations and authentication methods
- OpenID Connect Core 1.0
- Client Authentication methods: client_secret_basic, client_secret_post, private_key_jwt and none with PKCE
- OpenID Connect Discovery 1.0
- OpenID Connect Session Management 1.0
- OpenID Connect Front-Channel Logout 1.0
- OpenID Connect RP-Initiated Logout 1.0
- OpenID Connect Core 1.0
- Proof Key for Code Exchange (PKCE) supported in OpenID Connect application registrations and authentication methods
- OAuth 2.0 limited to application registration Client Credential Grant
- RFC 6749
- Client Authentication methods: client_secret_basic, client_secret_post and private_key_jwt
- RFC 6749
- OAuth 2.0 Client Authentication with Assertion
- SAML 2.0 supported in both application registrations and authentication methods
- SAML 2.0 Core
- SAML 2.0 bindings limited to POST and redirect binding
- SAML 2.0 metadata
- Two-factor authentication (2FA) with One-Time Password (OPT)
- Token exchange
- RFC 8693
- Exchange JWT access token to JWT access token
- Exchange SAML 2.0 token to JWT access token
- Client Authentication methods: client_secret_basic, client_secret_post and private_key_jwt
- RFC 8693