Supported Specifications
Duende IdentityServer implements the following specifications:
OpenID Connect
- OpenID Connect Core 1.0 (spec)
- OpenID Connect Discovery 1.0 (spec)
- OpenID Connect RP-Initiated Logout 1.0 - draft 01 (spec)
- OpenID Connect Session Management 1.0 - draft 30 (spec)
- OpenID Connect Front-Channel Logout 1.0 - draft 04 (spec)
- OpenID Connect Back-Channel Logout 1.0 - draft 06 (spec)
- Multiple Response Types (spec)
- Form Post Response Mode (spec)
OAuth 2.x
- OAuth 2.0 (RFC 6749)
- OAuth 2.0 Bearer Token Usage (RFC 6750)
- JSON Web Token (RFC 7519)
- OAuth 2.0 Token Revocation (RFC 7009)
- OAuth 2.0 Token Introspection (RFC 7662)
- Proof Key for Code Exchange (RFC 7636)
- JSON Web Tokens for Client Authentication (RFC 7523)
- OAuth 2.0 Device Authorization Grant (RFC 8628)
- Proof-of-Possession Key Semantics for JSON Web Tokens (RFC 7800)
- OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705)
- OAuth 2.0 Token Exchange (RFC 8693)
- Resource Indicators for OAuth 2.0 (RFC 8707)
- JWT Secured Authorization Request (draft)
- JWT Profile for OAuth 2.0 Access Tokens (draft)
- OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response (draft)