OAuth2.0 session management with SSO/SLO scenario Identify OAuth 2.0 has full support for the session management specification. Discovery endpoint You can check the discovery endpoint of your Identify instance to see if the check_session_iframe and the end_session_endpoint feature have been […]
OAuth 2.0 – Resource Owner Password Credentials grant Overview
NOTE: Resource Owner Password Credentials Grant will be deprecated in OAuth 2.1. Please think twice before using this.
The Resource Owner Password Credentials Grant (defined in RFC 6749, section 4.3) can be used directly as an authorization grant to obtain an access token, and optionally a refresh token. […]
Client authentication support: private_key_jwt Identify OAuth 2.0 service provider allows its users to authenticate their clients with a private_key_jwt method. When an authorization server authenticates its clients with the private_key_jwt method, the clients must send a request that contains an […]
Pairwise Pseudonymous Identifier (PPID) Per the OpenID Connect core specification:
Pairwise Pseudonymous Identifier (PPID)
Identifier that identifies the Entity to a Relying Party that
cannot be correlated with the Entity's PPID at another Relying
Personally Identifiable Information (PII)
Information that (a) can be used to identify the natural person to
whom such information relates, or (b) is or might be directly or
indirectly linked to a natural person to whom such information
Relying Party (RP)
OAuth 2.0 Client application requiring End-User Authentication and
Claims from an OpenID Provider.
Host component of a URL used by the Relying Party's organization
that is an input to the computation of pairwise Subject
Identifiers for that Relying Party.
Identify supports both public and pairwise subject types as follows: public: Each client receives the same subject (sub) value. pairwise: Each client receives a different subject (sub) value to […]
OAuth 2.0 – Device flow Overview The device flow is designed for devices that either do not have access to a browser or have limited input capabilities. This flow allows users to share specific data with an application while keeping […]
Client credentials flow for OpenId Connect and OAuth 2.0 Overview With Client Credentials Flow (defined in RFC 6749, section 4.4) a Non Interactive Client (a CLI, a daemon, or a Service running on your backend), can directly ask Identify for […]