STANDARD

FAPI 2.0 — Primer

FAPI 2.0 is an OpenID security profile that hardens OAuth/OIDC with stricter requirements (e.g., PAR/JARM, sender‑constrained tokens).

Visual representation of FAPI 2.0 standard

← All standards

Why it matters

Standards reduce risk and vendor lock‑in. We implement this spec across our Studios and runtime so policy is portable.

Where it’s enforced

Gateway: pre‑execution gating (plan/schema pins, params/egress)
Shield: inline budgets/stream caps/content checks
PDP: decisions with constraints/obligations/TTL
IdP: passports, token exchange, consent/DPoP

How it works (high level)

FAPI 2.0 hardens OAuth/OIDC. Baseline vs Advanced differ by requirements such as PAR/JARM and sender‑constrained tokens (mTLS or DPoP). Follow profile conformance for cipher suites and redirect URI handling.

References

OIDF: FAPI 2.0 Baseline

← JARM

All standards

SCIM →