Skip to content
oidc-provider

features.fapi

FAPI Security Profiles

Specifies whether FAPI Security Profile capabilities shall be enabled. When enabled, the authorization server shall implement additional security behaviors defined in FAPI specifications that cannot be achieved through other configuration options.

default value:

{
  enabled: false,
  profile: undefined
}
(Click to expand) features.fapi options details

profile

Section titled “profile”

Specifies the FAPI profile version that shall be applied for security policy enforcement. The authorization server shall implement the behaviors defined in the selected profile specification. Supported values include:

  • ‘2.0’ - The authorization server shall implement behaviors from FAPI 2.0 Security Profile
  • ‘1.0 Final’ - The authorization server shall implement behaviors from FAPI 1.0 Security Profile - Part 2: Advanced
  • Function - A function that shall be invoked with arguments (ctx, client) to determine the profile contextually. The function shall return one of the supported profile values or undefined when FAPI behaviors should be ignored for the current request context.

default value:

undefined