Supported Standards
IG implements the following RFCs, Internet-Drafts, and standards:
- OAuth 2.0
RFC 6749: The OAuth 2.0 Authorization Framework
RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 7515: JSON Web Signature (JWS)
RFC 7516: JSON Web Encryption (JWE)
RFC 7518: JSON Web Algorithms (JWA)
RFC 7519: JSON Web Token (JWT)
RFC 7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication
RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol
RFC 7662: OAuth 2.0 Token Introspection
RFC 7800: Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) with Internet-Draft: OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens
- OpenID Connect 1.0
IG can be configured to play the role of OpenID Connect relying party. The OpenID Connect specifications depend on OAuth 2.0, JSON Web Token, Simple Web Discovery and related specifications. The following specifications make up OpenID Connect 1.0.
OpenID Connect Core 1.0 defines core OpenID Connect 1.0 features.
Note
In section 5.6 of the specification, IG supports Normal Claims. The optional Aggregated Claims and Distributed Claims representations are not supported by IG.
OpenID Connect Discovery 1.0 defines how clients can dynamically discover information about OpenID Connect providers.
OpenID Connect Dynamic Client Registration 1.0 defines how clients can dynamically register with OpenID Connect providers.
OAuth 2.0 Multiple Response Type Encoding Practices defines additional OAuth 2.0 response types used in OpenID Connect.
- User-Managed Access (UMA) 2.0
User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization
- Representational State Transfer (REST)
Style of software architecture for web-based, distributed systems. IG's APIs are RESTful APIs.
- Security Assertion Markup Language (SAML)
Standard, XML-based framework for implementing a SAML service provider. IG supports multiple versions of SAML including 2.0, 1.1, and 1.0.
Specifications are available from the OASIS standards page.
- Other Standards
RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1.
RFC 2617: HTTP Authentication: Basic and Digest Access Authentication, supported as an authentication module.
RFC 4510: Lightweight Directory Access Protocol (LDAP), for authentication modules and when accessing data stores.
RFC 5280: Internet X.509 Public Key Infrastructure Certificate, supported for certificate-based authentication.
RFC 5785: Defining Well-Known Uniform Resource Identifiers (URIs).
RFC 6265: HTTP State Management Mechanism regarding HTTP Cookies and
Set-Cookieheader fields.