๐ŸœProtocol Soup

Protocol Reference

Documentation, flow diagrams, and security considerations for each protocol family.

OAuth 2.0

Spec

The industry-standard authorization framework for delegated access. Enables applications to obtain limited access to user accounts without exposing credentials.

Available Flows

Authorization Codeยง4.1
Authorization Code + PKCERFC 7636
Client Credentialsยง4.4
Refresh Tokenยง6
Token IntrospectionRFC 7662
Token RevocationRFC 7009
View OAuth 2.0 overview

OpenID Connect

Spec

An identity layer built on top of OAuth 2.0. Adds authentication to authorization, enabling clients to verify user identity and obtain basic profile information.

Available Flows

Authorization Code Flowยง3.1
Implicit Flow (Legacy)ยง3.2
Hybrid Flowยง3.3
UserInfo Endpointยง5.3
DiscoveryDiscovery 1.0
View OpenID Connect overview

OID4VCI

Spec

OpenID for Verifiable Credential Issuance. Demonstrates credential offers, pre-authorized code token exchange, nonce-bound proof validation, and multi-format VC issuance (dc+sd-jwt, jwt_vc_json, jwt_vc_json-ld, ldp_vc).

Available Flows

Pre-Authorized CodeOID4VCI ยง4, ยง6.1, ยง8
Pre-Authorized + tx_codeOID4VCI ยง6.1
Deferred IssuanceOID4VCI Deferred Endpoint
View OID4VCI overview

OID4VP

Spec

OpenID for Verifiable Presentations. Shows DCQL request contracts, request object validation, direct_post/direct_post.jwt responses, and verifier policy decisions.

Available Flows

DCQL + direct_postOID4VP ยง5, ยง8.2
DCQL + direct_post.jwtOID4VP ยง8.3.1
View OID4VP overview

SAML 2.0

Spec

XML-based standard for exchanging authentication and authorization data between identity providers and service providers. Enables enterprise single sign-on.

Available Flows

SP-Initiated SSOProfiles ยง4.1
IdP-Initiated SSOProfiles ยง4.1.5
Single Logout (SLO)Profiles ยง4.4
Metadata ExchangeMetadata
View SAML 2.0 overview

SPIFFE/SPIRE

Spec

Secure Production Identity Framework for Everyone. Provides cryptographic workload identity for zero-trust architectures via X.509 and JWT SVIDs.

Available Flows

X.509-SVID AcquisitionX.509-SVID
JWT-SVID AcquisitionJWT-SVID
mTLS with X.509-SVIDsRFC 8446
Certificate RotationWorkload API
View SPIFFE/SPIRE overview

SCIM 2.0

Spec

System for Cross-domain Identity Management. Standards-based protocol for automating user provisioning and lifecycle management between identity providers and service providers.

Available Flows

User LifecycleRFC 7644 ยง3.2-3.6
Group ManagementRFC 7644 ยง3.2-3.6
Filter QueriesRFC 7644 ยง3.4.2
Schema DiscoveryRFC 7644 ยง4
Bulk OperationsRFC 7644 ยง3.7
View SCIM 2.0 overview

Shared Signals (SSF)

Spec

OpenID Shared Signals Framework for real-time security event sharing. Enables continuous access evaluation (CAEP) and risk incident coordination (RISC) between identity providers and relying parties.

Available Flows

Stream ConfigurationSSF ยง4
Push DeliverySSF ยง5.2.1
Poll DeliverySSF ยง5.2.2
Session Revoked (CAEP)CAEP ยง3.1
Credential Change (CAEP)CAEP ยง3.2
Account Disabled (RISC)RISC ยง2.2
Credential Compromise (RISC)RISC ยง2.1
View Shared Signals (SSF) overview

Coming Soon

WebAuthn
Passwordless authentication
FIDO2
Strong authentication framework