OAuth 2.0 Client Authentication

1. Client Authentication Methods

1.1. Token Endpoint

1.2. Client Type

1.3. client_secret_post

1.4. client_secret_basic

1.5. client_secret_jwt

1.6. private_key_jwt

1.7. tls_client_auth

1.8. self_signed_tls_client_auth

2. Metadata

2.1. Server Metadata

JWS signature algorithms listed in RFC 7518
cf. CIBA Flow in Ping Mode
cf. Device Flow with Authlete APIs

2.2. Client Metadata

3. Financial-grade API Requirements

3.1. Client Authentication Method

  • client_secret_jwt
  • private_key_jwt
  • tls_client_auth
  • self_signed_tls_client_auth
  • private_key_jwt
  • tls_client_auth
  • self_signed_tls_client_auth

3.2. Client Assertion Signature Algorithm

3.3. Key Size

3.4. Other FAPI Requirements

4. Authlete

  • supports all the client authentication methods explained in this article,
  • supports all the client assertion signature algorithms,
  • and is the only implementation in the world (as of July 18, 2019) that is (not just a sandbox but) ready for commercial deployment and has been certified by FAPI certification in both the two categories which are respectively for certificate-based client authentication (MTLS) and assertion-based client authentication (Private Key).

Finally

--

--

--

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Setting up Rsyslog Server for Log Collection using Vagrant Boxes

Real time face mask recognition in Android with TensorFlow Lite

Scrum dysfunction

How to Enable and Disable Debug Mode in Laravel

Data Modelling with AWS DynamoDB

Mocking the Kubernetes client in Go for Unit Testing

What Are The Top Apps That Built With Flutter App Development

AWS Certified Solutions Architect Associate | Exam Tips 2019

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takahiko Kawasaki

Takahiko Kawasaki

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

More from Medium

TWIL: Deploying Node.js to Azure App Service with GitHub Actions

Keycloak Admin REST API

Docker Compose

OAuth and OIDC Part 1