Robuta

Token request refers to the OAuth 2.0 request for exchanging credentials (e.g., authorization code, refresh token) for a set of tokens, typically including one...

Client credentials flow is an OAuth 2.0 grant type that allows confidential clients to obtain access tokens to access protected resources. It is suitable for...

A One-time password (OTP) is a unique, automatically generated temporary password that can only be used once, and it is commonly used for a single transaction...

A time-based one-time password (TOTP) is a temporary, unique code generated by an algorithm that uses the current time as a key factor.

The hybrid flow is an OpenID Connect (OIDC) flow that combines the authorization code flow and the implicit flow. It is designed to provide a balance between...

Userinfo endpoint is an OpenID Connect (OIDC) endpoint that provides user information to clients. It is a supplementary endpoint to the ID token and allows...

Passwordless authentication is an authentication method that allows users to sign in to computer systems without entering (or remembering) a password or any...

A signing key is a cryptographic key used to sign and verify JSON Web Tokens in OpenID Connect (OIDC). It is used to ensure the integrity and authenticity of...

Service provider (SP) is an application or service that relies on an identity provider (IdP) for authentication and authorization.

The audience claim in a token specifies the intended recipient, typically the client application or API resource. It ensures the token is used only by the...

Cross-site request forgery (CSRF) is an attack that deceives users into executing unwanted actions on a web application in which they are authenticated. It is...

OAuth 2.1 is a proposed update to the OAuth 2.0 authorization framework that aims to improve security and usability by deprecating insecure flows and...

OpenID Connect (OIDC) is an authentication (identity) layer on top of OAuth 2.0, allowing clients to authenticate users and obtain identity information in a...

Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between identity providers and service...

The authorization code flow is a secure OAuth 2.0 mechanism that enables applications to obtain access tokens on behalf of users. It involves user...

OAuth 2.0 is a widely used authorization framework that allows an application (client) to obtain limited access to protected resources on behalf of a user or...

Passkey is a phishing-resistant and convenient credential that replaces passwords which can be used for sign-in and multi-factor authentication.

An authorization request is an OAuth 2.0 request for authorizing a client to access protected resources on behalf of a user. It is the first step of user...

Identity and access management (IAM) is a broad concept that encompasses the processes, technologies, and policies used to manage digital identities and...

JSON Web Token (JWT) is an open standard defined in RFC 7519 that enables secure communication between two parties. It is compact, URL-safe, and...

A JSON Web Key (JWK) is a JSON-based format used for representing cryptographic keys. When multiple JWKs need to be grouped together, they are organized into a...

An authentication request is an OpenID Connect (OIDC) request for authenticating a user. It reuses the OAuth 2.0 authorization request and extends it to...

Scope defines the permissions that an application requests from a user to access their protected resources. It is a fundamental concept in OAuth 2.0 and OIDC...

A backup code (also called a recovery code) is a set of randomly generated, single-use codes that serve as a fallback authentication method when your primary...

An OAuth 2.0 authorization grant (sometimes referred to as an "OAuth 2.0 grant type" or "OAuth 2.0 flow"), is a method used by clients to...

Machine-to-machine (M2M) communication refers to the automated exchange of data between devices without human intervention. In the context of authentication...

OAuth 2.0 device authorization flow is a user-friendly sign-in method for input-limited devices or headless applications. By verifying a unique device code,...

Authentication is the process of verifying the identity ownership (e.g. user or service). It is the foundation of identity and access management (IAM) systems...

A refresh token is a long-lived credential used to obtain new access tokens without requiring the user to re-authenticate. It is used to maintain user sessions...