Industry Standards ​

The following (industry) standards are supported.

OAuth 2.0 ​

Including the modern CORS enabled authorization code grant for single-page applications, and advanced functionalities like Proof Key for Code Exchange (PKCE) for mobile app logins.

OpenID Connect ​

Including the possibility to request authentication controls using the lesser known but powerful acr_values attribute. Not only login but also logout has been implemented.

SCIM 2.0 ​

The standard for identity management. We not only support creating and updating users, but also groups. This allows organizing users and assigning access rights.

SAML 2.0 ​

A farily old specification for single-sign on, but still widely used in enterprise applications. The most common features are supported. SAML single logout has also been implemented.