Protocol surface

OpenID Connect discovery, authorization, token, userinfo, revocation, introspection, and JWKS publication.

Modern flows

PAR, JAR, JARM, Device Authorization, CIBA, Token Exchange, and DPoP-backed access patterns.

Administration

Tenant admin and platform admin surfaces, client management, provider setup, branding, rate limits, and audit visibility.

Security operations

Client secret rotation, back-channel logout dispatch, passkeys with WebAuthn, and key rotation support.