Version 5.x has been out of support since December 13, 2022, and this corresponding section of the documentation is no longer maintained. We strongly recommend you upgrade to the latest supported version of 7.x and read the latest version of this documentation.

Supported Specifications

Duende IdentityServer implements the following specifications:

OpenID Connect

  • OpenID Connect Core 1.0 (spec)
  • OpenID Connect Discovery 1.0 (spec)
  • OpenID Connect RP-Initiated Logout 1.0 - draft 01 (spec)
  • OpenID Connect Session Management 1.0 - draft 30 (spec)
  • OpenID Connect Front-Channel Logout 1.0 - draft 04 (spec)
  • OpenID Connect Back-Channel Logout 1.0 - draft 06 (spec)
  • Multiple Response Types (spec)
  • Form Post Response Mode (spec)

OAuth 2.x

  • OAuth 2.0 (RFC 6749)
  • OAuth 2.0 Bearer Token Usage (RFC 6750)
  • JSON Web Token (RFC 7519)
  • OAuth 2.0 Token Revocation (RFC 7009)
  • OAuth 2.0 Token Introspection (RFC 7662)
  • Proof Key for Code Exchange (RFC 7636)
  • JSON Web Tokens for Client Authentication (RFC 7523)
  • OAuth 2.0 Device Authorization Grant (RFC 8628)
  • Proof-of-Possession Key Semantics for JSON Web Tokens (RFC 7800)
  • OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705)
  • OAuth 2.0 Token Exchange (RFC 8693)
  • Resource Indicators for OAuth 2.0 (RFC 8707)
  • JWT Secured Authorization Request (draft)
  • JWT Profile for OAuth 2.0 Access Tokens (draft)
  • OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response (draft)