Features
This page details our compliance level with the OpenID Connect specifications.
The following features are fully supported in our current implementation.
- Authorization code flow
- Implicit flow (pending an upstream change)
- UserInfo endpoint
- Manual client management through an administrator console
- HTTP Basic Auth for client authentication
- SWD discovery endpoint
- XRD discovery endpoint
- JWK public key endpoint
- Standard scopes: openid, phone, address, email, profile
- Additional arbitrary scopes
- Signed JWT access tokens
- RSA Signing
- HMAC Signing
- RSA Encryption
- Client filter with static single-server configuration
- Client filter with static multi-server configuration (using our Account Chooser)
The following features are not supported yet, but will be at some point. If we have a projected target for a given feature it will be listed here; if there is no projected target, that only means that we haven't set a target yet, not that it won't happen.
- Dynamic Client Registration (Fall FY12)
- Session management (FY13)
- X509 (Currently investigating how to publish our public keys as X509 certs)
- Request Object (Signed - in the works / Encrypted)
- Request File (Signed / Encrypted)
- Introspection endpoint (stubbed out, pending community standardization)
- Revocation endpoint (somewhat functional)
The following features are things that we are not planning on supporting with our implementation, though we welcome pull requests and patches to incorporate these features:
- Dynamic client filter configuration (full server discovery)
