Specifications

This page details which specifications are implemented in Canaille, and compares Canaille with other well-known identity providers.

State of the specs in Canaille

OAuth2

• ✅ RFC6749: OAuth 2.0 Framework

• ✅ RFC6750: OAuth 2.0 Bearer Tokens

• ✅ RFC7009: OAuth 2.0 Token Revocation

• ✅ RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants

• ✅ RFC7591: OAuth 2.0 Dynamic Client Registration Protocol

• ✅ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol

• ✅ RFC7636: Proof Key for Code Exchange by OAuth Public Clients

• ✅ RFC7662: OAuth 2.0 Token Introspection

• ✅ RFC8414: OAuth 2.0 Authorization Server Metadata

• ❌ RFC8428: OAuth 2.0 Device Authorization Grant

• ❌ RFC8693: OAuth 2.0 Token Exchange

• ❌ RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens

• ❌ RFC8707: Resource Indicators for OAuth 2.0

• ❌ RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

• ✅ RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR)

• ❌ RFC9126: OAuth 2.0 Pushed Authorization Requests

• ✅ RFC9207: OAuth 2.0 Authorization Server Issuer Identification

• ❌ RFC9394: OAuth 2.0 Rich Authorization Requests

• ❌ OAuth2 Multiple Response Types

• ❌ OAuth2 Form Post Response Mode

OpenID Connect

Since version 0.0.82, Canaille is certified by the OpenID Foundation for the Basic and Dynamic profiles.

• ✅ OpenID Connect Core

• ✅ OpenID Connect Discovery

• ✅ OpenID Connect Dynamic Client Registration

• ✅ OpenID Connect RP Initiated Logout

• ❌ OpenID Connect Session Management

• ❌ OpenID Connect Front Channel Logout

• ❌ OpenID Connect Back Channel Logout

• ❌ OpenID Connect Back Channel Authentication Flow

• ❌ OpenID Connect Core Error Code unmet_authentication_requirements

• ✅ Initiating User Registration via OpenID Connect 1.0

• ❌ OpenID Connect Profile for SCIM Services

SCIM

Canaille provides a basic SCIM server implementation.

• 🟠 RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements

• 🟠 RFC7643: System for Cross-domain Identity Management: Core Schema

• 🟠 RFC7644: System for Cross-domain Identity Management: Protocol

What’s implemented

Endpoints:

• /Users (GET, POST)

• /Users/<user_id> (GET, PUT, PATCH, DELETE)

• /Groups (GET, POST)

• /Groups/<group_id> (GET, PUT, PATCH, DELETE)

• /ServiceProviderConfig (GET)

• /Schemas (GET)

• /Schemas/<schema_id> (GET)

• /ResourceTypes (GET)

• /ResourceTypes/<resource_type_id> (GET)

• /.search (POST)

• /Me (GET, PUT, PATCH, DELETE)

Features:

• pagination

• ETags

• attributes selection

What is not implemented yet

Endpoints:

• /Bulk (POST)

Features

• filtering

• sorting