# Authlete Documentation ## Docs - [Fail Authorization Request](https://developers.authlete.com/api-reference/authorization-endpoint/fail-authorization-request.md): This API generates a content of an error authorization response that the authorization server implementation returns to the client application. - [Get Ticket Information](https://developers.authlete.com/api-reference/authorization-endpoint/get-ticket-information.md) - [Issue Authorization Response](https://developers.authlete.com/api-reference/authorization-endpoint/issue-authorization-response.md): This API parses request parameters of an authorization request and returns necessary data for the authorization server implementation to process the authorization request further. - [Process Authorization Request](https://developers.authlete.com/api-reference/authorization-endpoint/process-authorization-request.md): This API parses request parameters of an authorization request and returns necessary data for the authorization server implementation to process the authorization request further. - [Update Ticket Information](https://developers.authlete.com/api-reference/authorization-endpoint/update-ticket-information.md) - [Complete Backchannel Authentication](https://developers.authlete.com/api-reference/ciba/complete-backchannel-authentication.md): This API returns information about what action the authorization server should take after it receives the result of end-user's decision about whether the end-user has approved or rejected a client application's request on the authentication device. - [Fail Backchannel Authentication Request](https://developers.authlete.com/api-reference/ciba/fail-backchannel-authentication-request.md): The API prepares JSON that contains an error. The JSON should be used as the response body of the response which is returned to the client from the [backchannel authentication endpoint](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#auth_backchannel_endpoin… - [Issue Backchannel Authentication Response](https://developers.authlete.com/api-reference/ciba/issue-backchannel-authentication-response.md): This API prepares JSON that contains an `auth_req_id`. The JSON should be used as the response body of the response which is returned to the client from the [backchannel authentication endpoint](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#auth_backchanne… - [Process Backchannel Authentication Request](https://developers.authlete.com/api-reference/ciba/process-backchannel-authentication-request.md): This API parses request parameters of a [backchannel authentication request](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#auth_request) and returns necessary data for the authorization server implementation to process the backchannel authentication reques… - [Create Client](https://developers.authlete.com/api-reference/client-management/create-client.md): Create a new client. - [Delete Client Tokens](https://developers.authlete.com/api-reference/client-management/delete-client-tokens.md): Delete all existing access tokens issued to a client application by an end-user. - [Delete Client Tokens](https://developers.authlete.com/api-reference/client-management/delete-client-tokens-1.md): Delete all existing access tokens issued to a client application by an end-user. - [Delete Client Tokens (by Subject)](https://developers.authlete.com/api-reference/client-management/delete-client-tokens-by-subject.md): Delete all existing access tokens issued to a client application by an end-user. In this variant, the subject is provided in the path. - [Delete Client ⚡](https://developers.authlete.com/api-reference/client-management/delete-client-⚡.md): Delete a client. - [Delete Granted Scopes](https://developers.authlete.com/api-reference/client-management/delete-granted-scopes.md): Delete the set of scopes that an end-user has granted to a client application. - [Delete Granted Scopes (by Subject)](https://developers.authlete.com/api-reference/client-management/delete-granted-scopes-by-subject.md): Delete the set of scopes that an end-user has granted to a client application. In this variant, the subject is provided in the path. - [Delete Requestable Scopes](https://developers.authlete.com/api-reference/client-management/delete-requestable-scopes.md): Delete requestable scopes of a client - [Get Authorized Applications](https://developers.authlete.com/api-reference/client-management/get-authorized-applications.md): Get a list of client applications that an end-user has authorized. - [Get Authorized Applications](https://developers.authlete.com/api-reference/client-management/get-authorized-applications-1.md): Get a list of client applications that an end-user has authorized. - [Get Authorized Applications (by Subject)](https://developers.authlete.com/api-reference/client-management/get-authorized-applications-by-subject.md): Get a list of client applications that an end-user has authorized. In this variant, the subject is provided in the path. - [Get Client](https://developers.authlete.com/api-reference/client-management/get-client.md): Get a client. - [Get Granted Scopes](https://developers.authlete.com/api-reference/client-management/get-granted-scopes.md): Get the set of scopes that a user has granted to a client application. - [Get Granted Scopes](https://developers.authlete.com/api-reference/client-management/get-granted-scopes-1.md): Get the set of scopes that a user has granted to a client application. - [Get Granted Scopes (by Subject)](https://developers.authlete.com/api-reference/client-management/get-granted-scopes-by-subject.md): Get the set of scopes that a user has granted to a client application. In this variant, the subject is provided in the path. - [Get Requestable Scopes](https://developers.authlete.com/api-reference/client-management/get-requestable-scopes.md): Get the requestable scopes per client - [List Clients](https://developers.authlete.com/api-reference/client-management/list-clients.md): Get a list of clients on a service. - [Rotate Client Secret](https://developers.authlete.com/api-reference/client-management/rotate-client-secret.md): Refresh the client secret of a client. A new value of the client secret will be generated by the Authlete server. - [Update Client](https://developers.authlete.com/api-reference/client-management/update-client.md): Update a client. - [Update Client Lock](https://developers.authlete.com/api-reference/client-management/update-client-lock.md): Lock and unlock a client - [Update Client Secret](https://developers.authlete.com/api-reference/client-management/update-client-secret.md): Update the client secret of a client. - [Update Client Tokens](https://developers.authlete.com/api-reference/client-management/update-client-tokens.md): Update attributes of all existing access tokens given to a client application. - [Update Requestable Scopes](https://developers.authlete.com/api-reference/client-management/update-requestable-scopes.md): Update requestable scopes of a client - [Update Requestable Scopes](https://developers.authlete.com/api-reference/client-management/update-requestable-scopes-1.md): Update requestable scopes of a client - [Complete Device Authorization](https://developers.authlete.com/api-reference/device-flow/complete-device-authorization.md): This API returns information about what action the authorization server should take after it receives the result of end-user's decision about whether the end-user has approved or rejected a client application's request. - [Process Device Authorization Request](https://developers.authlete.com/api-reference/device-flow/process-device-authorization-request.md): This API parses request parameters of a [device authorization request](https://datatracker.ietf.org/doc/html/rfc8628#section-3.1) and returns necessary data for the authorization server implementation to process the device authorization request further. - [Process Device Verification Request](https://developers.authlete.com/api-reference/device-flow/process-device-verification-request.md): The API returns information associated with a user code. - [Delete Client](https://developers.authlete.com/api-reference/dynamic-client-registration/delete-client.md): Delete a dynamically registered client. This API is supposed to be used to implement a client registration management endpoint that complies with [RFC 7592](https://datatracker.ietf.org/doc/html/rfc7592) (OAuth 2.0 Dynamic Registration Management). - [Get Client](https://developers.authlete.com/api-reference/dynamic-client-registration/get-client.md): Get a dynamically registered client. This API is supposed to be used to implement a client registration management endpoint that complies with [RFC 7592](https://datatracker.ietf.org/doc/html/rfc7592) (OAuth 2.0 Dynamic Registration Management). - [Register Client](https://developers.authlete.com/api-reference/dynamic-client-registration/register-client.md): Register a client. This API is supposed to be used to implement a client registration endpoint that complies with [RFC 7591](https://datatracker.ietf.org/doc/html/rfc7591) (OAuth 2.0 Dynamic Client Registration Protocol). - [Update Client](https://developers.authlete.com/api-reference/dynamic-client-registration/update-client.md): Update a dynamically registered client. This API is supposed to be used to implement a client registration management endpoint that complies with [RFC 7592](https://datatracker.ietf.org/doc/html/rfc7592) (OAuth 2.0 Dynamic Registration Management). - [Process Entity Configuration Request](https://developers.authlete.com/api-reference/federation-endpoint/process-entity-configuration-request.md): This API gathers the federation configuration about a service. The authorization server implementation should retrieve the value of the `action` response parameter from the API response and take the following steps according to the value. - [Process Federation Registration Request](https://developers.authlete.com/api-reference/federation-endpoint/process-federation-registration-request.md): The Authlete API is for implementations of the **federation registration endpoint** that accepts "explicit client registration". Its details are defined in [OpenID Connect Federation 1.0](https://openid.net/specs/openid-connect-federation-1_0.html). The endpoint accepts `POST` requests whose `Conten… - [Process Grant Management Request](https://developers.authlete.com/api-reference/grant-management-endpoint/process-grant-management-request.md): The API is for the implementation of the grant management endpoint which is defined in "[Grant Management for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html)". - [Create Security Key](https://developers.authlete.com/api-reference/hardware-security-key/create-security-key.md) - [Delete Security Key](https://developers.authlete.com/api-reference/hardware-security-key/delete-security-key.md) - [Get Security Key](https://developers.authlete.com/api-reference/hardware-security-key/get-security-key.md) - [List Security Keys](https://developers.authlete.com/api-reference/hardware-security-key/list-security-keys.md) - [Process Introspection Request](https://developers.authlete.com/api-reference/introspection-endpoint/process-introspection-request.md): This API gathers information about an access token. - [Process OAuth 2.0 Introspection Request](https://developers.authlete.com/api-reference/introspection-endpoint/process-oauth-20-introspection-request.md): This API exists to help your authorization server provide its own introspection API which complies with [RFC 7662](https://tools.ietf.org/html/rfc7662) (OAuth 2.0 Token Introspection). - [Verify JOSE](https://developers.authlete.com/api-reference/jose-object/verify-jose.md): This API verifies a JOSE object. - [Get JWK Set](https://developers.authlete.com/api-reference/jwk-set-endpoint/get-jwk-set.md): This API gathers JWK Set information for a service so that its client applications can verify signatures by the service and encrypt their requests to the service. - [Health Check](https://developers.authlete.com/api-reference/lifecycle/health-check.md): Perform a health check of the server. - [Native SSO Logout Processing](https://developers.authlete.com/api-reference/native-sso/native-sso-logout-processing.md): The `/nativesso/logout` API is supposed to be used to support the concept of "logout from all applications" in the context of [OpenID Connect Native SSO for Mobile Apps 1.0](https://openid.net/specs/openid-connect-native-sso-1_0.html) (Native SSO). This is accomplished by deleting access/refresh tok… - [Native SSO Processing](https://developers.authlete.com/api-reference/native-sso/native-sso-processing.md): This API should be called by the implementation of a token endpoint to generate the ID token and token response that comply with [OpenID Connect Native SSO for Mobile Apps 1.0](https://openid.net/specs/openid-connect-native-sso-1_0.html) (Native SSO) when Authlete’s `/auth/token` response indicates… - [Process Pushed Authorization Request](https://developers.authlete.com/api-reference/pushed-authorization-endpoint/process-pushed-authorization-request.md): This API creates a pushed request authorization. It authenticates the client and creates a authorization_uri to be returned by the authorization server. - [Process Revocation Request](https://developers.authlete.com/api-reference/revocation-endpoint/process-revocation-request.md): This API revokes access tokens and refresh tokens. - [Delete Service ⚡](https://developers.authlete.com/api-reference/service-management/delete-service-⚡.md): Delete a service. - [Get Service](https://developers.authlete.com/api-reference/service-management/get-service.md): Get a service. - [Get Service Configuration](https://developers.authlete.com/api-reference/service-management/get-service-configuration.md): This API gathers configuration information about a service. - [List Services](https://developers.authlete.com/api-reference/service-management/list-services.md): Get a list of services. - [Update Service](https://developers.authlete.com/api-reference/service-management/update-service.md): Update a service. - [Fail Token Request](https://developers.authlete.com/api-reference/token-endpoint/fail-token-request.md): This API generates a content of an error token response that the authorization server implementation returns to the client application. - [Issue Token Response](https://developers.authlete.com/api-reference/token-endpoint/issue-token-response.md): This API generates a content of a successful token response that the authorization server implementation returns to the client application. - [Process Token Request](https://developers.authlete.com/api-reference/token-endpoint/process-token-request.md): This API parses request parameters of an authorization request and returns necessary data for the authorization server implementation to process the authorization request further. - [Reissue ID Token](https://developers.authlete.com/api-reference/token-endpoint/reissue-id-token.md): The API is expected to be called only when the value of the `action` parameter in a response from the `/auth/token` API is [ID_TOKEN_REISSUABLE](https://authlete.github.io/authlete-java-common/com/authlete/common/dto/TokenResponse.Action.html#ID_TOKEN_REISSUABLE). The purpose of the `/idtoken/reissu… - [Create Access Token](https://developers.authlete.com/api-reference/token-operations/create-access-token.md): Create an access token. - [Delete Access Token](https://developers.authlete.com/api-reference/token-operations/delete-access-token.md): Delete an access token. - [List Issued Tokens](https://developers.authlete.com/api-reference/token-operations/list-issued-tokens.md): Get the list of access tokens that are associated with the service. - [Revoke Access Token](https://developers.authlete.com/api-reference/token-operations/revoke-access-token.md): Revoke an access token. - [Update Access Token](https://developers.authlete.com/api-reference/token-operations/update-access-token.md): Update an access token. - [Issue UserInfo Response](https://developers.authlete.com/api-reference/userinfo-endpoint/issue-userinfo-response.md): This API generates an ID token. - [Process UserInfo Request](https://developers.authlete.com/api-reference/userinfo-endpoint/process-userinfo-request.md): This API gathers information about a user. - [Create Credential Offer](https://developers.authlete.com/api-reference/verifiable-credential-issuer/create-credential-offer.md): Create a verifiable credential offer - [Get Credential Offer Information](https://developers.authlete.com/api-reference/verifiable-credential-issuer/get-credential-offer-information.md): Get information about a verifiable credential offer - [Get JSON Web Key Set](https://developers.authlete.com/api-reference/verifiable-credential-issuer/get-json-web-key-set.md): Get JSON Web Key Set for VCI - [Get JWT Issuer Information](https://developers.authlete.com/api-reference/verifiable-credential-issuer/get-jwt-issuer-information.md): Get JWT issuer information for VCI - [Get Verifiable Credential Issuer Metadata](https://developers.authlete.com/api-reference/verifiable-credential-issuer/get-verifiable-credential-issuer-metadata.md): Get verifiable credential issuer metadata - [Issue Batch Credentials](https://developers.authlete.com/api-reference/verifiable-credential-issuer/issue-batch-credentials.md): Issue multiple verifiable credentials in batch - [Issue Deferred Credential](https://developers.authlete.com/api-reference/verifiable-credential-issuer/issue-deferred-credential.md): Issue a deferred verifiable credential - [Issue Single Credential](https://developers.authlete.com/api-reference/verifiable-credential-issuer/issue-single-credential.md): Issue a single verifiable credential - [Parse Batch Credentials](https://developers.authlete.com/api-reference/verifiable-credential-issuer/parse-batch-credentials.md): Parse multiple verifiable credentials in batch - [Parse Deferred Credential](https://developers.authlete.com/api-reference/verifiable-credential-issuer/parse-deferred-credential.md): Parse a deferred verifiable credential - [Parse Single Credential](https://developers.authlete.com/api-reference/verifiable-credential-issuer/parse-single-credential.md): Parse a single verifiable credential - [Architecture](https://developers.authlete.com/architecture.md): Authlete acts as the backend engine for OAuth 2.0 and OpenID Connect processing. It is not directly accessed by the end user or the client application. Instead, it is called by the service provider’s own systems, mainly the Authorization Server and API Server. - [CBOR Zone](https://developers.authlete.com/cbor.md) - [Resource Indicators](https://developers.authlete.com/core-concepts/authorization-requests/resource-indicators.md): Technical information about the Resource Identifier specification in OAuth 2 framework and its support by Authlete. - [Ticket Parameter in Authorization Endpoint](https://developers.authlete.com/core-concepts/authorization-requests/ticket-parameter-in-authorization-endpoint.md): Backend APIs for implementing an authorization endpoint with a ticket parameter that links two types of APIs and expires within 24 hours. - [Using Request Object](https://developers.authlete.com/core-concepts/authorization-requests/using-request-objects.md): Instructions on configuring Authlete to support authorization requests with request objects for enhanced security. - [There Is No Entity Having the Ticket Error](https://developers.authlete.com/core-concepts/authorization-requests/when-seeing-the-error-of-there-is-no-entity-having-the-ticket-specified.md): The article covers the conditions under which the error There is no entity having the ticket specified may occur in the Authlete API server. - [Client authentication using client_secret_jwt method](https://developers.authlete.com/core-concepts/client-authentication/client-authentication-using-client-secret-jwt-method.md): Technical information about client authentication using the client_secret_jwt method in OAuth 2.0 and OpenID Connect. - [Client authentication using private_key_jwt method](https://developers.authlete.com/core-concepts/client-authentication/client-authentication-using-private-key-jwt-method.md): Technical information on client authentication using the private_key_jwt method in OAuth 2.0 with an overview of the method setup instructions with Authlete and requirements for both the client and the authorization server side. - [Client authentication using tls_client_auth method](https://developers.authlete.com/core-concepts/client-authentication/client-authentication-using-tls-client-auth-method.md): Overview and instructions on enabling client authentication using TLS client authentication method in Authlete. - [Strict checking on client authentication parameters](https://developers.authlete.com/core-concepts/client-authentication/strict-checking-on-client-authentication-parameters.md): Strict checking on client authentication parameters in Authlete version 2.0 requires specific configurations and values in token requests with differences from the previous version to note during migration. - [Client Authorized by User](https://developers.authlete.com/core-concepts/client-management/authletes-policy-on-managing-clients-which-have-been-authorized-by-user.md): Technical information on Authlete's policy for managing authorized clients based on valid or expired access and refresh tokens. - [Client Attributes](https://developers.authlete.com/core-concepts/client-management/client-attributes.md): Configuring and utilizing client attributes in OAuth 2.0 for defining client affiliations roles and access controls. - [Token Revocation upon Client Deletion](https://developers.authlete.com/core-concepts/client-management/token-management-policy-when-deleting-clients.md): When deleting a client, Authlete automatically revokes access tokens and refresh tokens issued to the client. - [Using Client ID Alias](https://developers.authlete.com/core-concepts/client-management/using-client-id-alias.md): Technical Information about using Client ID Alias feature in Authlete for seamless migration of clients and resource servers to Authlete-based authorization server. - [Service Flags](https://developers.authlete.com/core-concepts/error-handling-and-debugging/flags-supported-in-authlete.md): Configure various flags in Authlete to enforce stricter requirements to meet OAuth/OIDC specifications. - [Generating Error Response Using Fail API](https://developers.authlete.com/core-concepts/error-handling-and-debugging/generating-error-response-using-fail-api.md): Generating OAuth 2.0 compliant error responses using Authlete's fail APIs to support authorization server in responding to clients with standard error messages. - [Interpreting Authlete's Result Codes](https://developers.authlete.com/core-concepts/error-handling-and-debugging/interpreting-authletes-result-codes.md): Interpreting the meaning behind Authlete's API result codes starting with A. - [Suppressing Error Details in responseContent](https://developers.authlete.com/core-concepts/error-handling-and-debugging/suppressing-error-details-in-responsecontent.md): Suppressing error details in responseContent by utilizing the responseContent parameter in Authlete APIs for authorization servers. - [Access Token Verification in Userinfo API](https://developers.authlete.com/core-concepts/identity-endpoints/access-token-verification-in-userinfo-api.md): Technical information on how Authlete's Userinfo API internally verifies access tokens eliminating the need for the authorization server to make a separate request to Authlete's introspection API. - [Adding Custom Claims to Userinfo API Responses](https://developers.authlete.com/core-concepts/identity-endpoints/adding-custom-claims-to-userinfo-api-responses.md): How to determine and add claims to the Userinfo API payload - [Letting Resource Owners Choose Scopes to Be Authorized](https://developers.authlete.com/core-concepts/scopes-and-consent/letting-resource-owners-choose-scopes-to-be-authorized.md): How to utilize Authlete APIs to enable resource owners to select scopes for authorization on an authorization page. - [Registering Localized Descriptions for Custom Scopes](https://developers.authlete.com/core-concepts/scopes-and-consent/registering-localized-descriptions-for-custom-scopes.md): Registering localized descriptions for custom scopes in Authlete's API. - [Scope Attributes](https://developers.authlete.com/core-concepts/scopes-and-consent/scope-attributes.md): This article provides information on scope attributes and how to create them available since Authlete 2.0. - [Using “Parameterized Scopes”](https://developers.authlete.com/core-concepts/scopes-and-consent/using-parameterized-scopes.md): Configuring and utilizing parameterized scopes feature in Authlete to use dynamic values in scope strings. - [Checking if an access token has particular scopes](https://developers.authlete.com/core-concepts/token-introspection-and-validation/checking-if-an-access-token-has-particular-scopes.md): Information on utilizing Authlete's API feature to determine if an access token has specific scopes for validation in a resource server. - [Introspection Response for Expired Access Token](https://developers.authlete.com/core-concepts/token-introspection-and-validation/introspection-response-for-expired-access-token.md): Details on how Authlete handles requests with expired access tokens in its Introspection API and the resulting UNAUTHORIZED response. - [JWT Response for OAuth Token Introspection](https://developers.authlete.com/core-concepts/token-introspection-and-validation/jwt-response-for-oauth-token-introspection.md): Technical information on configuring services and resource servers to enable the JWT Response for OAuth Token Introspection feature. - [Use cases for two introspection APIs](https://developers.authlete.com/core-concepts/token-introspection-and-validation/use-cases-for-two-introspection-apis.md): Various use cases for Authlete's two introspection APIs including the /auth/introspection and /auth/introspection/standard APIs are discussed in this article. - [Enabling Single Access Token](https://developers.authlete.com/core-concepts/token-issuance-and-formats/access-tokens/enabling-single-access-token-per-subject.md): Technical information on enabling a single access token per subject in Authlete to ensure that only the newest access token is valid for each user. - [Getting a List of Issued Access Tokens](https://developers.authlete.com/core-concepts/token-issuance-and-formats/access-tokens/getting-a-list-of-issued-access-tokens.md): Getting a list of access tokens issued by Authlete's API. - [Adding Extra Properties to Access Token](https://developers.authlete.com/core-concepts/token-issuance-and-formats/access-tokens/how-to-add-extra-properties-to-an-access-token.md): Adding additional properties to access tokens for enhanced control and security in API requests. - [Issuing Two Access Tokens Through Hybrid Flow](https://developers.authlete.com/core-concepts/token-issuance-and-formats/access-tokens/issuing-two-access-tokens-through-hybrid-flow.md): Issuing two access tokens with restricted scopes and shortened duration using OpenID Connect's Hybrid flows. - [Using JWT-Based Access Tokens](https://developers.authlete.com/core-concepts/token-issuance-and-formats/access-tokens/using-jwt-based-access-tokens.md): Guide on enabling the feature in Authlete to issue JWT-formatted access tokens and specifying additional claims available in Authlete 2.1 and later. - [Adding Claims to ID Token](https://developers.authlete.com/core-concepts/token-issuance-and-formats/id-tokens/adding-claims-to-an-id-token.md): Adds arbitrary claims to an ID token using Authlete's API with specific claim values such as name and email. - [Changing Signing Key for ID Tokens](https://developers.authlete.com/core-concepts/token-issuance-and-formats/id-tokens/changing-signing-key-for-id-tokens.md): Guide on changing a signing key for ID tokens by configuring both a service of Authlete and a client registered to the service. - [Custom Header Claims in ID Tokens](https://developers.authlete.com/core-concepts/token-issuance-and-formats/id-tokens/custom-header-claims-in-id-tokens.md): Adding custom claims to ID tokens by configuring Authlete to include them in the JWS header available in version 2.2 and later. - [Generating Encrypted ID Tokens](https://developers.authlete.com/core-concepts/token-issuance-and-formats/id-tokens/generating-encrypted-id-tokens.md): Generating encrypted ID tokens for a particular client using Authlete and registering a JWK set for encryption. - [Identifying Claims Expected to Be Included in ID Token](https://developers.authlete.com/core-concepts/token-issuance-and-formats/id-tokens/identifying-claims-expected-to-be-included-into-an-id-token.md): How Authlete helps identity providers identify and fulfill requested claims by relying parties in OpenID Connect authentication requests. - [Required Scope When response_type Contains id_token](https://developers.authlete.com/core-concepts/token-issuance-and-formats/id-tokens/when-a-response-type-parameter-contains-id-token.md): Technical information about the necessity of including openid in the value of the scope parameter when the response_type parameter contains id_token in an authorization request. - [Authlete's Policy on Sweeping Unused Tokens](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/authletes-policy-on-sweeping-unused-tokens.md): Authlete removes unused access tokens and refresh tokens after a certain period regardless of their expiration time set by the service owner console. - [Changing Token Duration](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/changing-token-duration.md): Explanation on how changing token duration settings in Authlete affects access tokens and refresh tokens. - [How Authlete Determines Token Duration](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/how-authlete-determines-token-duration.md): Technical information on how Authlete determines token duration based on Authlete 3.0. - [Managing Authorizations (Issued Tokens) Granted for Client by User](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/managing-authorizations-issued-tokens-granted-for-a-client-by-a-user.md): Technical information about Authlete APIs for managing authorizations (issued tokens) granted for a client by a user. - [Token Duration Per Client](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/token-duration-per-client.md): Configuring access/refresh/ID token duration per client in Authlete 3.0. - [Token Duration Per Scope](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/token-duration-per-scope.md): Setting token duration individually per scope in Authlete 3.0 for more granular control and customization. - [Token Revocation Policy](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/token-revocation-policy.md): Technical Information about how Authlete handles token revocation requests and the corresponding invalidation of access tokens and refresh tokens. - [Updating Issued Token(s)](https://developers.authlete.com/core-concepts/token-lifecycle-and-policies/updating-issued-token-s.md): Technical information on different methods provided by Authlete for updating issued token(s) including scopes expiration time and other properties. - [Amazon API Gateway](https://developers.authlete.com/deployment-and-operations/integration-with-api-gateways/amazon-api-gateway.md): Integration information on using Authlete with Amazon API Gateway and its Lambda Authorizers to handle access tokens issued by Authlete. - [API Gateway Products that have been Integrated with Authlete](https://developers.authlete.com/deployment-and-operations/integration-with-api-gateways/api-gateway-products-that-have-been-integrated-with-authlete.md): Technical information about API gateway products integrated with Authlete such as Amazon API Gateway Microsoft Azure API Management Google Apigee and others. - [Migrating Access Tokens Issued by other System to Authlete](https://developers.authlete.com/deployment-and-operations/migration-from-existing-system/migrating-access-tokens-issued-by-other-system-to-authlete.md): Migrating access tokens from another system to Authlete with a detailed explanation of the process using the Authlete token management APIs. - [Migrating Settings from an Older version of Authlete](https://developers.authlete.com/deployment-and-operations/migration-from-existing-system/migrating-settings-from-an-older-version-of-authlete.md): Migrating service settings from a 2.x version to Authlete 3.0 - [Preserving Existing Client ID Values](https://developers.authlete.com/deployment-and-operations/migration-from-existing-system/preserving-existing-client-id-values.md): Preserving existing client ID values by utilizing Authlete's Client ID Alias feature. - [Accessing Authlete API Server through a Proxy Server](https://developers.authlete.com/deployment-and-operations/networking/accessing-authlete-api-server-through-a-proxy-server.md): Technical guide on accessing the Authlete API server through a proxy server using Java properties. - [Caching Introspection Responses](https://developers.authlete.com/deployment-and-operations/performance/caching-introspection-responses.md): Optimizing response performance at resource server APIs by caching responses from Authlete's introspection endpoint. - [Audit Logs](https://developers.authlete.com/deployment-and-operations/security/audit-logs.md): Audit logs in Authlete provide a detailed record of security-related events and system activities performed by users and system actors. - [How to Provide User Attributes](https://developers.authlete.com/deployment-and-operations/security/how-to-provide-user-attributes.md): Technical Information about providing user attributes in Authlete in accordance with OpenID Connect. - [JWK Set Settings for Authlete Service](https://developers.authlete.com/deployment-and-operations/security/jwk-set-settings-for-an-authlete-service.md): Setting up a JWK set for an Authlete service. - [JWK Set Settings for OAuth / OIDC client](https://developers.authlete.com/deployment-and-operations/security/jwk-set-settings-for-an-oauth-oidc-client.md): Technical information for registering a JWK set to settings of an OAuth / OIDC client in Authlete for signature verification and message encryption. - [AWS ECS Installation Guide](https://developers.authlete.com/deployment-and-operations/self-managed-deployment/aws-ecs-installation-guide.md): Follow our Container Runtime Installation Guide to deploy Authlete using AWS ECS with Ansible Playbook - [HTTPS settings for Authlete API servers](https://developers.authlete.com/deployment-and-operations/self-managed-deployment/https-settings-for-authlete-api-servers.md): Technical information on configuring HTTPS settings for Authlete API servers in on-premises deployments. - [Kubernetes Installation Guide](https://developers.authlete.com/deployment-and-operations/self-managed-deployment/kubernetes-installation-guide.md): Follow our Kubernetes Installation Guide to deploy Authlete using Helm in a Kubernetes environment. - [Self-Managed Authlete Deployment Overview](https://developers.authlete.com/deployment-and-operations/self-managed-deployment/self-managed-authlete-deployment-overview.md): Learn about different options for deploying Authlete in your own infrastructure, from Kubernetes to bare metal installations. - [Bootstrapping the Terraform with Authlete config](https://developers.authlete.com/deployment-and-operations/terraform/bootstrap.md): If you want to start a Terraform project from Authlete configuration, check this guide - [Creating a project from scratch](https://developers.authlete.com/deployment-and-operations/terraform/creating-a-project-from-scratch.md): Creating a Authlete Service using Terraform. - [Handling Certificates](https://developers.authlete.com/deployment-and-operations/terraform/handling-certificates.md): How to handle certificates from Terraform. - [Handling Crypto Material](https://developers.authlete.com/deployment-and-operations/terraform/handling-crypto-material.md): Generating and handling RSA and EC keys from Terraform. - [Terraform provider for Authlete](https://developers.authlete.com/deployment-and-operations/terraform/introduction.md): What the provider supports and starting point. - [Managing OIDC clients](https://developers.authlete.com/deployment-and-operations/terraform/managing-oidc-clients.md): Creating and Managing OIDC clients on Authlete using Terraform. - [Managing Services and Client](https://developers.authlete.com/deployment-and-operations/terraform/managing-services-and-clients.md): Managing the stack of objects and workflow suggestion. - [Sample projects](https://developers.authlete.com/deployment-and-operations/terraform/samples.md): Sample Terraform projects for starting your projects and suggested workflows - [GitHub](https://developers.authlete.com/developer-resources/github.md) - [Java SDK](https://developers.authlete.com/developer-resources/java-sdk.md) - [OpenAPI](https://developers.authlete.com/developer-resources/openapi.md) - [Ruby SDK](https://developers.authlete.com/developer-resources/ruby-sdk.md) - [Typescript SDK](https://developers.authlete.com/developer-resources/typesc.md) - [OAuth 2.0 Basics](https://developers.authlete.com/get-started/oauth-2-0-basics.md): A tutorial to understand how OAuth 2.0 authorization server leverages Authlete APIs. - [OIDC Basics](https://developers.authlete.com/get-started/oidc-basics.md): A tutorial to understand how OpenID Connect identity provider leverages Authlete APIs. - [Using Demo Authorization Server](https://developers.authlete.com/get-started/using-demo-authorization-server.md): Quickly set up an authorization server that works as a frontend for Authlete to test OAuth2 and OpenID Connect flows. - [First API Call 🏁](https://developers.authlete.com/getting-started.md): Set up your Authlete account, create services and clients, and configure your first authorization server - [JWT Secured Authorization Requests (JAR)](https://developers.authlete.com/guides/flows-and-protocols/authorization-enhancements/jwt-secured-authorization-requests-jar.md): Technical information about using JWT Secured Authorization Requests (JAR) in OAuth 2 deployments for increased security and validation of authorization requests. - [OAuth Client ID Metadata Document (CIMD)](https://developers.authlete.com/guides/flows-and-protocols/authorization-enhancements/oauth-client-id-metadata-document-cimd.md): Explanation about "OAuth Client ID Metadata Document (CIMD)" and Authlete's implementation. - [Proof Key for Code Exchange (RFC 7636)](https://developers.authlete.com/guides/flows-and-protocols/authorization-enhancements/proof-key-for-code-exchange-pkce.md): This document describes PKCE, a countermeasure agains the authorization code interception attack, defined in RFC 7636. - [Pushed Authorization Requests (PAR)](https://developers.authlete.com/guides/flows-and-protocols/authorization-enhancements/pushed-authorization-requests-par.md): Overview of the technical support for Pushed Authorization Requests (PAR) in OAuth 2.0 framework with a focus on implementing PAR EP in an authorization server and configuring PAR settings in Authlete. - [Rich Authorization Requests (RAR)](https://developers.authlete.com/guides/flows-and-protocols/authorization-enhancements/rich-authorization-requests-rar.md): Usage of OAuth 2.0 Rich Authorization Requests (RAR) in Authlete - [Rich Authorization Requests (RAR)](https://developers.authlete.com/guides/flows-and-protocols/authorization-enhancements/rich-authorization-requests-rar-spec.md): Overview of OAuth 2.0 Rich Authorization Requests (RAR) for fine-grained permission representation - [Authorization Code Flow in FAPI 2.0 Security Profile](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/authorization-code-flow-in-fapi-2-0-security-profile.md): Overview of the Authorization Code Flow in FAPI 2.0 Security Profile with instructions on configuration for compliance. - [FAPI 2.0](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/fapi-2-0.md): Explanation about FAPI 2.0 and how Authlete supports the specification. - [FAPI 2.0 Message Signing Profile. Signing Authorization Requests](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/fapi-2-0-message-signing-profile-signing-authorization-requests.md): Technical guidance on fulfilling the requirements for Signing Authorization Requests in the FAPI 2.0 Message Signing profile. - [Financial-grade API (FAPI) Basics](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/fapi-basics.md): A tutorial to configure Authlete to build a Financial-grade API (FAPI) compliant authorization server. - [FAPI Basics Supplement: Integration with Reference Implementations](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/fapi-basics-supplement-integration-with-reference-implementations.md): A tutorial to integrate Authlete's reference implementations with an Authlete service, that has been configured with settings described in another tutorial, Financial-grade API (FAPI) Basics. - [Financial-grade Amazon API Gateway](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/financial-grade-amazon-api-gateway.md): A tutorial to explain how to protect APIs built on Amazon API Gateway more securely than ever before by utilizing certificate-bound access tokens (RFC 8705). - [Financial-grade API (FAPI)](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/financial-grade-api-fapi-overview.md): Technical information about Financial-grade API (FAPI) and Authlete's implementation. - [How to use FAPI feature](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/how-to-use-fapi-feature.md): Technical guide on utilizing the Financial-grade API (FAPI) feature in Authlete detailing the necessary configurations and steps for enabling FAPI at runtime. - [Validation in FAPI mode](https://developers.authlete.com/guides/flows-and-protocols/financial-grade-api-fapi/validation-in-fapi-mode.md): This article discusses how Authlete validates requests in FAPI 1.0 Baseline/Advanced mode for Financial-grade API Security Profiles. - [Client Initiated Backchannel Authentication (CIBA)](https://developers.authlete.com/guides/flows-and-protocols/grant-types-and-token-flows/client-initiated-backchannel-authentication-ciba.md): Technical information about Client Initiated Backchannel Authentication. - [Grant Management for OAuth 2.0](https://developers.authlete.com/guides/flows-and-protocols/grant-types-and-token-flows/grant-management-for-oauth-2-0.md): Explanation about the "Grant Management for OAuth 2.0" specification and Authlete's implementation. - [JWT Authorization Grant (RFC 7523 2.1)](https://developers.authlete.com/guides/flows-and-protocols/grant-types-and-token-flows/jwt-authorization-grant-rfc-7523-2-1.md): Explanation about JWT Authorization Grant defined in RFC 7523 Section 2.1 and Authlete's implementation. - [Device Flow (OAuth 2.0 Device Authorization Grant)](https://developers.authlete.com/guides/flows-and-protocols/grant-types-and-token-flows/oauth-2-0-device-authorization-grant-device-flow.md): Technical information about device flow. - [RFC 9470 OAuth 2.0 Step Up Authentication Challenge Protocol](https://developers.authlete.com/guides/flows-and-protocols/grant-types-and-token-flows/oauth-2-0-step-up-authentication-challenge-protocol-rfc-9470.md): Explanation about RFC 9470 OAuth 2.0 Step Up Authentication Challenge Protocol and how Authlete supports the specification. - [RFC 8693 OAuth 2.0 Token Exchange](https://developers.authlete.com/guides/flows-and-protocols/grant-types-and-token-flows/oauth-2-0-token-exchange-rfc-8693.md): Explanation about the "RFC 8693 OAuth 2.0 Token Exchange" specification and Authlete's implementation. - [Comprehensive API Protection with Standard Specifications](https://developers.authlete.com/guides/flows-and-protocols/identity-and-federation/comprehensive-api-protection-with-standard-specifications.md): This article introduces how to fully leverage the standards developed since RFC 6749 to protect APIs. - [OpenID for Verifiable Credential Issuance](https://developers.authlete.com/guides/flows-and-protocols/identity-and-federation/openid-for-verifiable-credential-issuance.md): Explanation about OpenID for Verifiable Credential Issuance and how Authlete supports the specification. - [Configuring Client Authentication](https://developers.authlete.com/guides/getting-started-with-implementation/configuring-client-authentication.md): Basics of client authentication configuration in Authlete and how client authentication works in the context of processing token requests. - [Getting Started in Java](https://developers.authlete.com/guides/getting-started-with-implementation/getting-started-with-the-authlete-apis-in-java.md): Learn how to use the Authlete APIs to enable a Java web application as an OAuth Authorization Server and Resource Server. - [Enabling Refresh Token Issuance](https://developers.authlete.com/guides/getting-started-with-implementation/how-to-enable-issuing-of-a-refresh-token.md): Configuring Authlete service and clients to enable issuing a refresh token including adding REFRESH_TOKEN to Supported Grant Types and Grant Types settings in both Service Owner and Developer Consoles. - [Handling Parameters in Authorization Requests and Token Requests](https://developers.authlete.com/guides/getting-started-with-implementation/implementing-an-authorization-server/handling-request-parameters.md): How to manage parameters in authorization and token requests through Authlete APIs. - [Handling Responses from Authlete API](https://developers.authlete.com/guides/getting-started-with-implementation/implementing-an-authorization-server/handling-responses-from-authlete-apis.md): Handling responses from Authlete API and the importance of processing based on the action parameter rather than the resultCode value. - [Reference Implementations](https://developers.authlete.com/guides/getting-started-with-implementation/implementing-an-authorization-server/leveraging-reference-implementations.md): Develop your own authorization servers efficiently with Authlete's publicly available and open-sourced reference implementations downloadable from GitHub also useful for direct interaction with Authlete APIs. - [Service Configurations](https://developers.authlete.com/guides/getting-started-with-implementation/service-management.md): This page documents all the services settings available to configure Authlete service for your Authorization Server. Easily set and manage these configurations through the Authlete Management Console or directly via the Authlete APIs. - [Publishing JWK Set](https://developers.authlete.com/guides/going-live/publishing-a-jwk-set.md): Procedures for publishing public keys used for ID token signature verification and Request Object encryption via jwks_uri - [Publishing OpenID Provider Metadata and OAuth 2.0 Authorization Server Metadata](https://developers.authlete.com/guides/going-live/publishing-metadata.md) - [Implementing an Authorization Endpoint with Authlete](https://developers.authlete.com/guides/in-depth-reference/implementing-an-authorization-endpoint-with-authlete.md): Authlete makes it easy to implement OAuth 2.0 and OpenID Connect in your authorization endpoint. - [OAuth 2.0 Basics](https://developers.authlete.com/guides/in-depth-reference/o-auth-2-0-basics.md) - [OAuth 2.0 and OpenID Connect Authorization Endpoints](https://developers.authlete.com/guides/in-depth-reference/oauth-2-0-and-openid-connect-authorization-endpoints.md): How the OAuth 2.0 and OpenID Connect specifications define an authorization endpoint's behavior. - [OIDC Basics](https://developers.authlete.com/guides/in-depth-reference/oidc-basiscs.md) - [Amazon API Gateway + AWS Lambda + OAuth](https://developers.authlete.com/guides/integration/amazon-api-gateway-lambda-oauth.md): Technical Information about how to protect a Web API implemented using Amazon API Gateway + AWS Lambda with an OAuth 2.0 access token. - [Amazon Cognito and Latest OAuth/OIDC Specifications](https://developers.authlete.com/guides/integration/amazon-cognito-and-latest-oauth-oidc-specifications.md): A tutorial that explains how to use Amazon Cognito just as a user database and delegate OAuth/OIDC-related tasks to Authlete so that your system can continue to use Cognito and at the same time support the latest OAuth/OIDC specifications such as Financial-grade API. - [Integration with External IdPs](https://developers.authlete.com/guides/integration/integration-with-external-idps.md): An article that explains how to integrate Authlete with external IdPs. - [Configuring JARM](https://developers.authlete.com/guides/security-and-hardening/enabling-jarm.md): Technical guide on enabling JARM a response mode for encoding authorization responses to JWTs for secure authorization responses. - [Issuing mutual-TLS certificate-bound access tokens](https://developers.authlete.com/guides/security-and-hardening/issuing-mutual-tls-certificate-bound-access-tokens.md): Instructions for setting up Authlete to issue Mutual-TLS certificate-bound access tokens as defined in RFC 8705. - [Requiring clients to specify S256 when using PKCE for their authorization requests](https://developers.authlete.com/guides/security-and-hardening/requiring-clients-to-specify-s256-when-using-pkce.md): Require OAuth 2.0 clients to specify S256 for code_challenge_method parameter when using PKCE for authorization requests with Authlete's feature. - [Requiring clients to use PKCE for their authorization requests](https://developers.authlete.com/guides/security-and-hardening/requiring-clients-to-use-pkce-for-their-authorization-requests.md): Technical information about how to require OAuth 2.0 clients to use PKCE for their authorization requests with Authlete's feature. - [Using DPoP](https://developers.authlete.com/guides/security-and-hardening/using-dpop.md): Technical guide on implementing DPoP with Authlete APIs for supporting OAuth 2.0 Proof-of-Possession. - [mkjose](https://developers.authlete.com/mkjose.md) - [Overview](https://developers.authlete.com/overview.md): Authlete is a headless solution and provides a set of APIs specialized for OAuth 2.0 and OpenID Connect protocol processing and token lifecycle management. - [Authlete Console Release Notes - April 2025](https://developers.authlete.com/release-notes/console/console-april-2025.md) - [Authlete Console Release Notes - August 2025](https://developers.authlete.com/release-notes/console/console-august-2025.md) - [Authlete Console Release Notes - December 2025](https://developers.authlete.com/release-notes/console/console-december-2025.md) - [Authlete Console Release Notes - February 2025](https://developers.authlete.com/release-notes/console/console-february-2025.md) - [Authlete Console Release Notes - HOTFIX (August 2025)](https://developers.authlete.com/release-notes/console/console-hotfix-august-2025.md) - [Authlete Console Release Notes - January 2026](https://developers.authlete.com/release-notes/console/console-january-2026.md) - [Authlete Console Release Notes - July 2025](https://developers.authlete.com/release-notes/console/console-july-2025.md) - [Authlete Console Release Notes - May 2025](https://developers.authlete.com/release-notes/console/console-may-2025.md) - [Authlete Console Release Notes - October 2025](https://developers.authlete.com/release-notes/console/console-october-2025.md) - [Authlete Console Release Notes - September 2025](https://developers.authlete.com/release-notes/console/console-september-2025.md) - [Authlete IdP Release Notes - April 2025](https://developers.authlete.com/release-notes/idp/idp-april-2025.md) - [Authlete IdP Release Notes - August 2025](https://developers.authlete.com/release-notes/idp/idp-august-2025.md) - [Authlete IdP Release Notes - February 2025](https://developers.authlete.com/release-notes/idp/idp-february-2025.md) - [Authlete IdP Release Notes - HOTFIX (August 2025)](https://developers.authlete.com/release-notes/idp/idp-hotfix-august-2025.md) - [Authlete IdP Release Notes - HOTFIX (July 2025)](https://developers.authlete.com/release-notes/idp/idp-hotfix-july-2025.md) - [Authlete IdP Release Notes - January 2026](https://developers.authlete.com/release-notes/idp/idp-january-2026.md) - [Authlete IdP Release Notes - July 2025](https://developers.authlete.com/release-notes/idp/idp-july-2025.md) - [Authlete IdP Release Notes - June 2025](https://developers.authlete.com/release-notes/idp/idp-june-2025.md) - [Authlete IdP Release Notes - May 2025](https://developers.authlete.com/release-notes/idp/idp-may-2025.md) - [Authlete IdP Release Notes - October 2025](https://developers.authlete.com/release-notes/idp/idp-october-2025.md) - [Authlete IdP Release Notes - September 2025](https://developers.authlete.com/release-notes/idp/idp-september-2025.md) - [Authlete 2.2 Release Notes - April 2025](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-april-2025.md) - [Authlete 2.2 Release Notes - August 2023](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-august-2023.md) - [Authlete 2.2 Release Notes - August 2024](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-august-2024.md) - [Authlete 2.2 Release Notes - December 2024](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-december-2024.md) - [Authlete 2.2 Release Notes - December 2025](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-december-2025.md) - [Authlete 2.2 Release Notes - February 2021](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-february-2021.md) - [Authlete 2.2 Release Notes - February 2024](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-february-2024.md) - [Authlete 2.2 Release Notes - HOTFIX (February 2021)](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-hotfix-february-2021.md) - [Authlete 2.2 Release Notes - HOTFIX (October 2022)](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-hotfix-october-2022.md) - [Authlete 2.2 Release Notes - January 2022](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-january-2022.md) - [Authlete 2.2 Release Notes - January 2025](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-january-2025.md) - [Authlete 2.2 Release Notes - July 2023](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-july-2023.md) - [Authlete 2.2 Release Notes - July 2024](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-july-2024.md) - [Authlete 2.2 Release Notes - June 2021](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-june-2021.md) - [Authlete 2.2 Release Notes - March 2021](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-march-2021.md) - [Authlete 2.2 Release Notes - May 2021](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-may-2021.md) - [Authlete 2.2 Release Notes - May 2025](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-may-2025.md) - [Authlete 2.2 Release Notes - October 2022](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-october-2022.md) - [Authlete 2.2 Release Notes - October 2024](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-october-2024.md) - [Authlete 2.2 Release Notes - September 2021](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-september-2021.md) - [Authlete 2.2 Release Notes - September 2024](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-september-2024.md) - [Authlete 2.2 Release Notes - September 2025](https://developers.authlete.com/release-notes/server-v2-2/server-v2-2-september-2025.md) - [Authlete 2.3 Release Notes - April 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-april-2025.md) - [Authlete 2.3 Release Notes - August 2024](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-august-2024.md) - [Authlete 2.3 Release Notes - December 2024](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-december-2024.md) - [Authlete 2.3 Release Notes - December 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-december-2025.md) - [Authlete 2.3 Release Notes - February 2024](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-february-2024.md) - [Authlete 2.3 Release Notes - February 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-february-2025.md) - [Authlete 2.3 Release Notes - January 2023](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-january-2023.md) - [Authlete 2.3 Release Notes - January 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-january-2025.md) - [Authlete 2.3 Release Notes - January 2026](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-january-2026.md) - [Authlete 2.3 Release Notes - July 2024](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-july-2024.md) - [Authlete 2.3 Release Notes - July 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-july-2025.md) - [Authlete 2.3 Release Notes - May 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-may-2025.md) - [Authlete 2.3 Release Notes - October 2024](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-october-2024.md) - [Authlete 2.3 Release Notes - October 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-october-2025.md) - [Authlete 2.3 Release Notes - September 2023](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-september-2023.md) - [Authlete 2.3 Release Notes - September 2024](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-september-2024.md) - [Authlete 2.3 Release Notes - September 2025](https://developers.authlete.com/release-notes/server-v2-3/server-v2-3-september-2025.md) - [Authlete 3.0 Release Notes - April 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-april-2025.md) - [Authlete 3.0 Release Notes - August 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-august-2025.md) - [Authlete 3.0 Release Notes - December 2024](https://developers.authlete.com/release-notes/server-v3/server-v3-december-2024.md) - [Authlete 3.0 Release Notes - December 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-december-2025.md) - [Authlete 3.0 Release Notes - February 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-february-2025.md) - [Authlete 3.0 Release Notes - HOTFIX (August 2025)](https://developers.authlete.com/release-notes/server-v3/server-v3-hotfix-august-2025.md) - [Authlete 3.0 Release Notes - January 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-january-2025.md) - [Authlete 3.0 Release Notes - January 2026](https://developers.authlete.com/release-notes/server-v3/server-v3-january-2026.md) - [Authlete 3.0 Release Notes - July 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-july-2025.md) - [Authlete 3.0 Release Notes - May 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-may-2025.md) - [Authlete 3.0 Release Notes - October 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-october-2025.md) - [Authlete 3.0 Release Notes - September 2025](https://developers.authlete.com/release-notes/server-v3/server-v3-september-2025.md) - [Device Flow (OAuth 2.0 Device Authorization Grant)](https://developers.authlete.com/v2/enabling-device-flow.md): Guide on enabling the device flow for API clients on devices without web browsers using Authlete's authorization server component architecture. ## OpenAPI Specs - [authlete-api-explorer-with-code-samples](https://spec.speakeasy.com/authlete/sdk-workspace/authlete-api-explorer-with-code-samples) - [out](https://developers.authlete.com/out.yaml) - [authlete.openapi.sanitized](https://developers.authlete.com/openapi/authlete.openapi.sanitized.yaml) - [og fixed](https://developers.authlete.com/openapi/shared/3.0.16/og fixed.yaml) - [en3](https://developers.authlete.com/openapi/shared/3.0.16/en3.yaml) - [en2](https://developers.authlete.com/openapi/shared/3.0.16/en2.yaml) - [en](https://developers.authlete.com/openapi/shared/3.0.16/en.yaml) - [se](https://developers.authlete.com/app/specs/shared/3.0.15/se.yaml) - [example](https://developers.authlete.com/app/specs/shared/3.0.15/example.yaml) - [speakeasy](https://developers.authlete.com/app/specs/shared/3.0.15/speakeasy.yaml) - [en_test](https://developers.authlete.com/app/specs/shared/3.0.16/en_test.yaml) - [openapi](https://developers.authlete.com/api-reference/openapi.yaml)