|
@@ -16,34 +16,68 @@ It is built on top of https://spring.io/projects/spring-security[Spring Security
|
|
|
|
|
|
|
|
Spring Authorization Server supports the following features:
|
|
Spring Authorization Server supports the following features:
|
|
|
|
|
|
|
|
-* The OAuth 2.1 Authorization Framework (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05[Draft])
|
|
|
|
|
-** Authorization Grant
|
|
|
|
|
-*** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-4.1[Authorization Code]
|
|
|
|
|
-*** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-4.2[Client Credentials]
|
|
|
|
|
-*** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-4.3[Refresh Token]
|
|
|
|
|
-** Access Token Format
|
|
|
|
|
-*** Self-contained (JWT)
|
|
|
|
|
-*** Reference (Opaque)
|
|
|
|
|
-** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-2.4[Client Authentication]
|
|
|
|
|
-*** HTTP Basic
|
|
|
|
|
-*** HTTP POST
|
|
|
|
|
-*** JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication (https://tools.ietf.org/html/rfc7523[RFC 7523])
|
|
|
|
|
-**** `private_key_jwt`
|
|
|
|
|
-**** `client_secret_jwt`
|
|
|
|
|
-** User Consent
|
|
|
|
|
-*** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-4.1[Authorization Code Grant]
|
|
|
|
|
|
|
+[cols="2a,4a,6a"]
|
|
|
|
|
+|===
|
|
|
|
|
+|Category |Feature |Related specifications
|
|
|
|
|
+
|
|
|
|
|
+|xref:protocol-endpoints.adoc#oauth2-token-endpoint[Authorization Grant]
|
|
|
|
|
+|
|
|
|
|
|
+* Authorization Code
|
|
|
|
|
+** xref:protocol-endpoints.adoc#oauth2-authorization-endpoint[User Consent]
|
|
|
|
|
+* Client Credentials
|
|
|
|
|
+* Refresh Token
|
|
|
|
|
+|
|
|
|
|
|
+* The OAuth 2.1 Authorization Framework (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05[draft])
|
|
|
|
|
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-4.1[Authorization Code Grant]
|
|
|
|
|
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-4.2[Client Credentials Grant]
|
|
|
|
|
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-4.3[Refresh Token Grant]
|
|
|
|
|
+* OpenID Connect Core 1.0 (https://openid.net/specs/openid-connect-core-1_0.html[spec])
|
|
|
|
|
+** https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth[Authorization Code Flow]
|
|
|
|
|
+
|
|
|
|
|
+|xref:core-model-components.adoc#oauth2-token-generator[Token Formats]
|
|
|
|
|
+|
|
|
|
|
|
+* Self-contained (JWT)
|
|
|
|
|
+* Reference (Opaque)
|
|
|
|
|
+|
|
|
|
|
|
+* JSON Web Token (JWT) (https://tools.ietf.org/html/rfc7519[RFC 7519])
|
|
|
|
|
+* JSON Web Signature (JWS) (https://tools.ietf.org/html/rfc7515[RFC 7515])
|
|
|
|
|
+
|
|
|
|
|
+|xref:configuration-model.adoc#configuring-client-authentication[Client Authentication]
|
|
|
|
|
+|
|
|
|
|
|
+* `client_secret_basic`
|
|
|
|
|
+* `client_secret_post`
|
|
|
|
|
+* `client_secret_jwt`
|
|
|
|
|
+* `private_key_jwt`
|
|
|
|
|
+* `none` (public clients)
|
|
|
|
|
+|
|
|
|
|
|
+* The OAuth 2.1 Authorization Framework (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-2.4[Client Authentication])
|
|
|
|
|
+* JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication (https://tools.ietf.org/html/rfc7523[RFC 7523])
|
|
|
* Proof Key for Code Exchange by OAuth Public Clients (PKCE) (https://tools.ietf.org/html/rfc7636[RFC 7636])
|
|
* Proof Key for Code Exchange by OAuth Public Clients (PKCE) (https://tools.ietf.org/html/rfc7636[RFC 7636])
|
|
|
-* OAuth 2.0 Token Revocation (https://tools.ietf.org/html/rfc7009[RFC 7009])
|
|
|
|
|
|
|
+
|
|
|
|
|
+|xref:protocol-endpoints.adoc[Protocol Endpoints]
|
|
|
|
|
+|
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oauth2-authorization-endpoint[OAuth2 Authorization Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oauth2-token-endpoint[OAuth2 Token Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oauth2-token-introspection-endpoint[OAuth2 Token Introspection Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oauth2-token-revocation-endpoint[OAuth2 Token Revocation Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oauth2-authorization-server-metadata-endpoint[OAuth2 Authorization Server Metadata Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#jwk-set-endpoint[JWK Set Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oidc-provider-configuration-endpoint[OpenID Connect 1.0 Provider Configuration Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oidc-user-info-endpoint[OpenID Connect 1.0 UserInfo Endpoint]
|
|
|
|
|
+* xref:protocol-endpoints.adoc#oidc-client-registration-endpoint[OpenID Connect 1.0 Client Registration Endpoint]
|
|
|
|
|
+|
|
|
|
|
|
+* The OAuth 2.1 Authorization Framework (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05[draft])
|
|
|
|
|
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-3.1[Authorization Endpoint]
|
|
|
|
|
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-3.2[Token Endpoint]
|
|
|
* OAuth 2.0 Token Introspection (https://tools.ietf.org/html/rfc7662[RFC 7662])
|
|
* OAuth 2.0 Token Introspection (https://tools.ietf.org/html/rfc7662[RFC 7662])
|
|
|
|
|
+* OAuth 2.0 Token Revocation (https://tools.ietf.org/html/rfc7009[RFC 7009])
|
|
|
* OAuth 2.0 Authorization Server Metadata (https://tools.ietf.org/html/rfc8414[RFC 8414])
|
|
* OAuth 2.0 Authorization Server Metadata (https://tools.ietf.org/html/rfc8414[RFC 8414])
|
|
|
-* JSON Web Token (JWT) (https://tools.ietf.org/html/rfc7519[RFC 7519])
|
|
|
|
|
-* JSON Web Signature (JWS) (https://tools.ietf.org/html/rfc7515[RFC 7515])
|
|
|
|
|
* JSON Web Key (JWK) (https://tools.ietf.org/html/rfc7517[RFC 7517])
|
|
* JSON Web Key (JWK) (https://tools.ietf.org/html/rfc7517[RFC 7517])
|
|
|
-* OpenID Connect Core 1.0 (https://openid.net/specs/openid-connect-core-1_0.html[spec])
|
|
|
|
|
-** https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth[Authorization Code Flow]
|
|
|
|
|
-** https://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint]
|
|
|
|
|
* OpenID Connect Discovery 1.0 (https://openid.net/specs/openid-connect-discovery-1_0.html[spec])
|
|
* OpenID Connect Discovery 1.0 (https://openid.net/specs/openid-connect-discovery-1_0.html[spec])
|
|
|
** https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig[Provider Configuration Endpoint]
|
|
** https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig[Provider Configuration Endpoint]
|
|
|
|
|
+* OpenID Connect Core 1.0 (https://openid.net/specs/openid-connect-core-1_0.html[spec])
|
|
|
|
|
+** https://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint]
|
|
|
* OpenID Connect Dynamic Client Registration 1.0 (https://openid.net/specs/openid-connect-registration-1_0.html[spec])
|
|
* OpenID Connect Dynamic Client Registration 1.0 (https://openid.net/specs/openid-connect-registration-1_0.html[spec])
|
|
|
** https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration[Client Registration Endpoint]
|
|
** https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration[Client Registration Endpoint]
|
|
|
** https://openid.net/specs/openid-connect-registration-1_0.html#ClientConfigurationEndpoint[Client Configuration Endpoint]
|
|
** https://openid.net/specs/openid-connect-registration-1_0.html#ClientConfigurationEndpoint[Client Configuration Endpoint]
|
|
|
|
|
+|===
|
Joe Grandja