OAuth 2.1 Test

client_id—

client_secret—

access_token—

id_token—

1. Dynamic Client Registration — RFC 7591

client_name scope

2. Authorization Code + PKCE — RFC 7636

POSTs credentials to /api/authn/oauth2/credentials; OAuth params (client, PKCE, state) are encoded in the form action, rebuilt on each scope change.

3. Token Exchange

code (from redirect) code_verifier

4. Token Introspection — RFC 7662

token

5. Token Revocation — RFC 7009

token

6. Authorization Server Metadata — RFC 8414

Fetches /.well-known/oauth-authorization-server.

7. Protected Resource Metadata — RFC 9728

Fetches /.well-known/oauth-protected-resource.

8. OpenID Configuration — OIDC Discovery 1.0

Fetches /.well-known/openid-configuration.

9. JSON Web Key Set

Fetches /.well-known/jwks.json.

OAuth 2.1 Test Console