Supported Specifications

Duende IdentityServer implements the following specifications:

OpenID Connect

  • OpenID Connect Core 1.0 (spec)
  • OpenID Connect Discovery 1.0 (spec)
  • OpenID Connect RP-Initiated Logout 1.0 (spec)
  • OpenID Connect Session Management 1.0 (spec)
  • OpenID Connect Front-Channel Logout 1.0 (spec)
  • OpenID Connect Back-Channel Logout 1.0 (spec)
  • Multiple Response Types (spec)
  • Form Post Response Mode (spec)
  • Enterprise Edition: OpenID Connect Client-Initiated Backchannel Authentication (CIBA) (spec).

OAuth 2.x

  • OAuth 2.0 (RFC 6749)
  • OAuth 2.0 Bearer Token Usage (RFC 6750)
  • JSON Web Token (RFC 7519)
  • OAuth 2.0 Token Revocation (RFC 7009)
  • OAuth 2.0 Token Introspection (RFC 7662)
  • Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)
  • OAuth 2.0 JSON Web Tokens for Client Authentication (RFC 7523)
  • OAuth 2.0 Device Authorization Grant (RFC 8628)
  • Proof-of-Possession Key Semantics for JSON Web Tokens (RFC 7800)
  • OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705)
  • OAuth 2.0 Token Exchange (RFC 8693)
  • JWT Secured Authorization Request / JAR (RFC 9101)
  • JWT Profile for OAuth 2.0 Access Tokens (RFC 9068)
  • OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response (RFC 9207)
  • OAuth 2.0 Step-up Authentication Challenge Protocol (RFC pending)
  • Business Edition: OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591)
  • Enterprise Edition: Resource Indicators for OAuth 2.0 (RFC 8707)
  • Enterprise Edition: OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer / DPoP (RFC 9449)