Skip to content
jricher edited this page Apr 26, 2013 · 8 revisions

This page details our compliance level with the OpenID Connect specifications.

Currently supported

The following features are fully supported in our current implementation.

Server

  • Authorization code flow
  • Implicit flow
  • UserInfo endpoint
  • Manual client management through an administrator console
  • Client authentication through form parameters, HTTP Basic, and public key JWT assertion
  • Webfinger discovery endpoint
  • OpenID Configuration discovery endpoint
  • JWK Set public key endpoint
  • Standard scopes: openid, phone, address, email, profile, and offline_access
  • Additional arbitrary scopes
  • Refresh tokens
  • ID Tokens
  • Signed JWT access tokens
  • RSA Signing (used for all tokens)
  • RSA Encryption
  • HMAC Signing
  • Dynamic registration endpoint
  • Request Objects (signed)
  • Introspection Endpoint
  • Revocation Endpoint
  • Token chaining

Client

  • Authorization code flow
  • UserInfo fetching service (for user details)
  • Form-based authentication
  • Webfinger discovery
  • OpenID Configuration server discovery
  • Request Objects (signed)
  • JWK public key endpoint (for signed request objects)
  • Standard scopes: openid, phone, address, email, profile, offline_access
  • Additional arbitrary scopes
  • Signed JWT access tokens
  • RSA Signing
  • Dynamic registration
  • Account chooser / third party login
  • Introspection Endpoint (through speical token service)

Currently unsupported / pending implementation / incomplete

The following features are not supported yet, but will be at some point.

  • Session management
  • Request File (Signed / Encrypted)
  • ID-token-only request
  • Token chaining client utility library