Authorization Server Implementation in Java

Overview

This is an authorization server implementation in Java which supports [OAuth 2.0][1] and [OpenID Connect][2].

[RFC 6749][1] - The OAuth 2.0 Authorization Framework
[RFC 6750][19] - The OAuth 2.0 Authorization Framework: Bearer Token Usage
[RFC 6819][20] - OAuth 2.0 Threat Model and Security Considerations
[RFC 7009][21] - OAuth 2.0 Token Revocation
[RFC 7033][22] - WebFinger
[RFC 7515][23] - JSON Web Signature (JWS)
[RFC 7516][24] - JSON Web Encryption (JWE)
[RFC 7517][25] - JSON Web Key (JWK)
[RFC 7518][26] - JSON Web Algorithms (JWA)
[RFC 7519][27] - JSON Web Token (JWT)
[RFC 7521][28] - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
[RFC 7522][29] - Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
[RFC 7523][30] - JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
[RFC 7636][31] - Proof Key for Code Exchange by OAuth Public Clients
[RFC 7662][32] - OAuth 2.0 Token Introspection
[OAuth 2.0 Multiple Response Type Encoding Practices][33]
[OAuth 2.0 Form Post Response Mode][34]
[OpenID Connect Core 1.0][13]
[OpenID Connect Discovery 1.0][35]
[OpenID Connect Dynamic Client Registration 1.0][36]
[OpenID Connect Session Management 1.0][37]

This project is an implementation for OAuth 2.0 Specification. Especially, the protocol of the server area is covered by this project.

GNU General Public License v3.0

Language:HTML 100.0%