Advanced topics

OAuth2.0 session management with SSO/SLO scenario Identify OAuth 2.0 has full support for the session management specification. Discovery endpoint You can check the discovery endpoint of your Identify instance to see if the check_session_iframe and the end_session_endpoint feature have been […]

OAuth 2.0 – Resource Owner Password Credentials grant Overview

The Resource Owner Password Credentials Grant (defined in RFC 6749, section 4.3) can be used directly as an authorization grant to obtain an access token, and optionally a refresh token. […]

Client authentication support: private_key_jwt Identify OAuth 2.0 service provider allows its users to authenticate their clients with a private_key_jwt method. When an authorization server authenticates its clients with the private_key_jwt method, the clients must send a request that contains an […]

Pairwise Pseudonymous Identifier (PPID) Per the OpenID Connect core specification:

Identify supports both public and pairwise subject types as follows: public: Each client receives the same subject (sub) value. pairwise: Each client receives a different subject (sub) value to […]

OAuth 2.0 – Device flow Overview The device flow is designed for devices that either do not have access to a browser or have limited input capabilities. This flow allows users to share specific data with an application while keeping […]

Client credentials flow for OpenId Connect and OAuth 2.0 Overview With Client Credentials Flow (defined in RFC 6749, section 4.4) a Non Interactive Client (a CLI, a daemon, or a Service running on your backend), can directly ask Identify for […]