Module protocols 

Protocol-level types shared across OAuth, OIDC, and SAML flows.

Modules

acme

ACME (Automatic Certificate Management Environment) protocol — RFC 8555.

caep

CAEP (Continuous Access Evaluation Protocol) implementation.

cas

CAS (Central Authentication Service) Protocol Client

ciba

OpenID Connect Client-Initiated Backchannel Authentication (CIBA).

fido1

FIDO U2F (Universal 2nd Factor) protocol support.

gnap

GNAP (Grant Negotiation and Authorization Protocol) implementation.

hotp

HOTP (RFC 4226) — HMAC-Based One-Time Password Algorithm

indieauth

IndieAuth protocol support (OAuth 2.0–based identity layer for the IndieWeb).

kerberos

Kerberos / SPNEGO Authentication Protocol Support

macaroons

Macaroons authorization credential support.

oauth1

OAuth 1.0a protocol support (RFC 5849).

opa

Open Policy Agent (OPA) integration for externalized authorization.

openid4vci

OpenID for Verifiable Credential Issuance (OpenID4VCI).

openid4vp

OpenID for Verifiable Presentations (OpenID4VP) and Credential Issuance.

paseto

PASETO (Platform-Agnostic Security Tokens) v4 implementation.

radius

RADIUS (RFC 2865 / RFC 2866) — Remote Authentication Dial-In User Service

saml_assertions

SAML 2.0 Assertion Support for WS-Security

scim

SCIM 2.0 (RFC 7643 / RFC 7644) — System for Cross-domain Identity Management

sd_jwt

SD-JWT (Selective Disclosure JWT) implementation.

siwe

Sign-In with Ethereum (SIWE / ERC-4361) support.

spiffe

SPIFFE (Secure Production Identity Framework for Everyone) implementation.

tacacs

TACACS+ (Terminal Access Controller Access-Control System Plus) protocol support.

uma

UMA 2.0 (User-Managed Access) implementation.

ws_federation

WS-Federation Passive Requestor Profile

ws_security

WS-Security 1.1 Client Implementation

ws_trust

WS-Trust 1.3 Security Token Service (STS) Support

zanzibar

Google Zanzibar–inspired Relationship-Based Access Control (ReBAC).