OAuth 2.0 Client Authentication

1. Client Authentication Methods

1.1. Token Endpoint

1.2. Client Type

1.3. client_secret_post

1.4. client_secret_basic

1.5. client_secret_jwt

1.6. private_key_jwt

1.7. tls_client_auth

1.8. self_signed_tls_client_auth

2. Metadata

2.1. Server Metadata

JWS signature algorithms listed in RFC 7518
cf. CIBA Flow in Ping Mode
cf. Device Flow with Authlete APIs

2.2. Client Metadata

3. Financial-grade API Requirements

3.1. Client Authentication Method

  • client_secret_jwt
  • private_key_jwt
  • tls_client_auth
  • self_signed_tls_client_auth
  • private_key_jwt
  • tls_client_auth
  • self_signed_tls_client_auth

3.2. Client Assertion Signature Algorithm

3.3. Key Size

3.4. Other FAPI Requirements

4. Authlete

  • supports all the client authentication methods explained in this article,
  • supports all the client assertion signature algorithms,
  • and is the only implementation in the world (as of July 18, 2019) that is (not just a sandbox but) ready for commercial deployment and has been certified by FAPI certification in both the two categories which are respectively for certificate-based client authentication (MTLS) and assertion-based client authentication (Private Key).

Finally

--

--

--

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to SAML federate your Azure account with G Suite

AMSI as a Service — Automating AV Evasion

E2 Shop System ERP Details

Creating a Spotify Dashboard with React and Node.js

Continuous Testing: improve the quality of your CI/CD pipeline

InvArch Ambassador program

Breaking the Monolith using Docker, .net Core, Nginx, Amazon ECS and AWS Fargate

Breaking Down REST APIs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takahiko Kawasaki

Takahiko Kawasaki

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

More from Medium

[Elasticsearch & Kibana] Getting Started!

Real-time Apps with WebSockets

Secure API with Oauth 2.0 Kong Plugin

How to implement logging in your REST service by using Elasticsearch

drawing