Version Number : 2.2.22
Overview of This Release
This is a minor update of Authlete 2.2. It includes the following new or enhanced features since the version 2.2.15.Newly Supported Standard Specifications
N/ANew Configuration Items
Variability of loopback redirection URIs
When “Variable” is selected, Authlete checks if a host component of a redirection URI specified in an authorization request denotes loopback (localhost, 127.0.0.1 or ::1), and if so, Authlete ignores a port number component of the URI on comparing it with pre-registered URIs.
This behavior is described in 7.3. Loopback Interface Redirection of BCP 212 (OAuth 2.0 for Native Apps).
Note that the port number component of loopback redirection URIs cannot be variable in the context of FAPI even if Variable is selected, as per FAPI 1.0 Part 1 Section 7.5.
Dynamic Client Registration’s scope Parameter
If “Enabled” is selected, you can usescope parameter to Authlete’s /client/registration API and /client/registration/update API to limit the range of scopes that the client application can request. If “Disabled” is selected, these APIs ignore the scope parameter.
Added or Updated APIs
Issuing a JWT-based access token (updated)
The/auth/token/create API now creates a JWT-based access token when the “Access Token Signature Algorithm” is set.