Standards Fundamentals
Concise primers: why it matters, how it works, and where it's enforced (Gateway, Shield, PDP, IdP).
OAuth 2.0
OpenID Connect (OIDC)
PKCE
Rich Authorization Requests (RAR)
Pushed Authorization Requests (PAR)
JARM
FAPI 2.0
SCIM
CIBA
Model Context Protocol (MCP)
CAEP
Token Exchange (RFC 8693)
Resource Indicators (RFC 8707)
DPoP (RFC 9449)
OAuth mTLS (RFC 8705)
Dynamic Client Registration (RFC 7591/7592)
OpenID AuthZEN
OpenID AuthZEN Draft‑04
Authorization fundamentals
PAP authors. PDP decides with PIPs. PEPs enforce.
Read explainer with diagram →