diff --git a/packages/@okta/vuepress-site/docs/reference/api/apps/index.md b/packages/@okta/vuepress-site/docs/reference/api/apps/index.md
index 1e8c83f4d21..d4bf05165f2 100644
--- a/packages/@okta/vuepress-site/docs/reference/api/apps/index.md
+++ b/packages/@okta/vuepress-site/docs/reference/api/apps/index.md
@@ -1334,28 +1334,30 @@ Adds an OAuth 2.0 client application. This application is only available to the
##### Settings
-| Parameter | Description | DataType | Nullable | Unique | Validation |
-| :-------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------- | :--------- | :------- | :--------- |
-| application_type | The type of client application | `web`, `native`, `browser`, or `service` | TRUE | FALSE | TRUE |
-| client_uri | URL string of a web page providing information about the client | String | TRUE | FALSE | FALSE |
-| consent_method | Indicates whether user consent is required or implicit. Valid values: `REQUIRED`, `TRUSTED`. Default value is `TRUSTED` | String | TRUE | FALSE | TRUE |
-| grant_types | Array of OAuth 2.0 grant type strings | Array of `authorization_code`, `implicit`, `password`, `refresh_token`, `client_credentials`, `urn:ietf:params:oauth:grant-type:saml2-bearer`, `urn:openid:params:grant-type:ciba` | FALSE | FALSE | TRUE |
-| initiate_login_uri | URL string that a third party can use to initiate a sign in by the client | String | TRUE | FALSE | TRUE |
-| issuer_mode | Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of the ID token for this client. See [Details](#details). | `CUSTOM_URL` or `ORG_URL` or `DYNAMIC` | TRUE | FALSE | TRUE |
-| idp_initiated_login | The type of Idp-Initiated login that the client supports, if any | [Idp-Initiated Login](#idp-initiated-login-object) | TRUE | FALSE | TRUE |
-| logo_uri | URL string that references a logo for the client. This value is used with the client consent dialog box during the client consent flow. See [Details](#details).| URL | TRUE | FALSE | FALSE |
-| policy_uri | URL string of a web page providing the client's policy document | URL | TRUE | FALSE | FALSE |
-| post_logout_redirect_uris | Array of redirection URI strings for relying party-initiated logouts | Array | TRUE | FALSE | FALSE |
-| redirect_uris | Array of redirection URI strings for use in redirect-based flows | Array | TRUE | FALSE | TRUE |
-| wildcard_redirect | Indicates if the client is allowed to use wildcard matching of `redirect_uris`. See [Details](#details) for matching rules. | String | TRUE | FALSE | `DISABLED`, `SUBDOMAIN`. Default value is `DISABLED`. |
-| response_types | Array of OAuth 2.0 response type strings | Array of `code`, `token`, `id_token` | TRUE | FALSE | TRUE |
-| tos_uri | URL string of a web page providing the client's terms of service document | URL | TRUE | FALSE | FALSE |
-| refresh_token | Refresh token configuration | [Refresh Token object](#refresh-token-object) | TRUE | FALSE | TRUE |
-| jwks_uri | URL string that references a [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta. | String | TRUE | FALSE | TRUE |
-| backchannel_token_delivery_mode | The delivery mode for Client-Initiated Backchannel Authentication. Valid types include `poll`, `ping`, and `push`. Supported values: `poll`. | String | TRUE | FALSE | TRUE |
-| backchannel_authentication_request_signing_alg | The signing algorithm for Client-Initiated Backchannel Authentication signed requests. If this value isn't set and a signed request is sent, the request fails. | String | TRUE | FALSE | TRUE |
-| backchannel_custom_authenticator_id | The ID of the custom authenticator that authenticates the user. | String | TRUE | FALSE | TRUE |
-| dpop_bound_access_tokens | Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If omitted, the default value is `false`. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header. | Boolean | TRUE | FALSE | TRUE |
+| Parameter | Description | DataType | Nullable | Unique | Validation |
+|:------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| :--------- | :------- | :--------- |
+| application_type | The type of client application | `web`, `native`, `browser`, or `service` | TRUE | FALSE | TRUE |
+| client_uri | URL string of a web page providing information about the client | String | TRUE | FALSE | FALSE |
+| consent_method | Indicates whether user consent is required or implicit. Valid values: `REQUIRED`, `TRUSTED`. Default value is `TRUSTED` | String | TRUE | FALSE | TRUE |
+| grant_types | Array of OAuth 2.0 grant type strings | Array of `authorization_code`, `implicit`, `password`, `refresh_token`, `client_credentials`, `urn:ietf:params:oauth:grant-type:saml2-bearer`, `urn:openid:params:grant-type:ciba` | FALSE | FALSE | TRUE |
+| initiate_login_uri | URL string that a third party can use to initiate a sign in by the client | String | TRUE | FALSE | TRUE |
+| issuer_mode | Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of the ID token for this client. See [Details](#details). | `CUSTOM_URL` or `ORG_URL` or `DYNAMIC` | TRUE | FALSE | TRUE |
+| idp_initiated_login | The type of Idp-Initiated login that the client supports, if any | [Idp-Initiated Login](#idp-initiated-login-object) | TRUE | FALSE | TRUE |
+| logo_uri | URL string that references a logo for the client. This value is used with the client consent dialog box during the client consent flow. See [Details](#details). | URL | TRUE | FALSE | FALSE |
+| policy_uri | URL string of a web page providing the client's policy document | URL | TRUE | FALSE | FALSE |
+| post_logout_redirect_uris | Array of redirection URI strings for relying party-initiated logouts | Array | TRUE | FALSE | FALSE |
+| redirect_uris | Array of redirection URI strings for use in redirect-based flows | Array | TRUE | FALSE | TRUE |
+| wildcard_redirect | Indicates if the client is allowed to use wildcard matching of `redirect_uris`. See [Details](#details) for matching rules. | String | TRUE | FALSE | `DISABLED`, `SUBDOMAIN`. Default value is `DISABLED`. |
+| response_types | Array of OAuth 2.0 response type strings | Array of `code`, `token`, `id_token` | TRUE | FALSE | TRUE |
+| tos_uri | URL string of a web page providing the client's terms of service document | URL | TRUE | FALSE | FALSE |
+| refresh_token | Refresh token configuration | [Refresh Token object](#refresh-token-object) | TRUE | FALSE | TRUE |
+| jwks_uri | URL string that references a [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta. | String | TRUE | FALSE | TRUE |
+| backchannel_token_delivery_mode | The delivery mode for Client-Initiated Backchannel Authentication. Valid types include `poll`, `ping`, and `push`. Supported values: `poll`. | String | TRUE | FALSE | TRUE |
+| backchannel_authentication_request_signing_alg | The signing algorithm for Client-Initiated Backchannel Authentication signed requests. If this value isn't set and a signed request is sent, the request fails. | String | TRUE | FALSE | TRUE |
+| backchannel_custom_authenticator_id | The ID of the custom authenticator that authenticates the user. | String | TRUE | FALSE | TRUE |
+| dpop_bound_access_tokens | Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If omitted, the default value is `false`. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header. | Boolean | TRUE | FALSE | TRUE |
+| sector_identifier_uri | URL that references a file with a single JSON array of redirect_uri values used in calculating Pseudonymous Identifiers when `subject_type` is `pairwise` . | URL | TRUE | FALSE | TRUE |
+| subject_type | Array of OAuth 2.0 subject type strings. Default value: `public` | Array of `public`, `pairwise` | TRUE | FALSE | TRUE |
###### Details
diff --git a/packages/@okta/vuepress-site/docs/reference/api/oauth-clients/index.md b/packages/@okta/vuepress-site/docs/reference/api/oauth-clients/index.md
index 04995603314..ed818bdef85 100644
--- a/packages/@okta/vuepress-site/docs/reference/api/oauth-clients/index.md
+++ b/packages/@okta/vuepress-site/docs/reference/api/oauth-clients/index.md
@@ -761,26 +761,28 @@ Content-Type: application/json;charset=UTF-8
Client Applications have the following properties:
-| Property | Description | DataType | Nullable | Unique | Readonly |
-| :------------------------------------ | :--------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------- | :--------- | :------- | :-------- |
-| application_type | The type of client application. Default value: `web` | `web`, `native`, `browser`, or `service` | TRUE | FALSE | TRUE |
-| client_id | Unique key for the client application | String | FALSE | TRUE | TRUE |
-| client_id_issued_at | Time at which the client_id was issued (measured in unix seconds) | Number | TRUE | FALSE | TRUE |
-| client_name | Human-readable string name of the client application | String | FALSE | FALSE | FALSE |
-| client_secret | OAuth 2.0 client secret string (used for confidential clients) | String | TRUE | TRUE | TRUE |
-| client_secret_expires_at | Time at which the client_secret will expire or 0 if it will not expire(measured in unix seconds) | Number | TRUE | FALSE | TRUE |
-| grant_types | Array of OAuth 2.0 grant type strings. Default value: `authorization_code` | Array of `authorization_code`, `client_credentials`, `implicit`, `interaction_code` , `password`, `refresh_token`, `urn:ietf:params:oauth:grant-type:device_code`, `urn:ietf:params:oauth:grant-type:saml2-bearer` , `urn:ietf:params:oauth:grant-type:token-exchange` | TRUE | FALSE | FALSE |
-| initiate_login_uri | URL that a third party can use to initiate a login by the client | String | TRUE | FALSE | FALSE |
-| jwks_uri | URL string that references a [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta. | String | TRUE | FALSE | FALSE |
-| jwks | A [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta. | [JSON Web Key Set](#json-web-key-set) | TRUE | FALSE | FALSE |
-| logo_uri | URL string that references a logo for the client consent dialog box (not the sign-in dialog box). See [Add an OAuth 2.0 client application](/docs/reference/api/apps/#details) for more information on how the `logo_uri` is used. | String | TRUE | FALSE | FALSE |
-| policy_uri | URL string of a web page providing the client's policy document | URL | TRUE | FALSE | FALSE |
-| post_logout_redirect_uris | Array of redirection URI strings for use for relying party initiated logouts | Array | TRUE | FALSE | FALSE |
-| redirect_uris | Array of redirection URI strings for use in redirect-based flows | Array | TRUE | FALSE | FALSE |
-| request_object_signing_alg | The type of JSON Web Key Set (JWKS) algorithm that must be used for signing request objects. | `HS256`, `HS384`, `HS512`, `RS256`, `RS384`, `RS512`, `ES256`, `ES384`, `ES512` | TRUE | FALSE | FALSE |
-| response_types | Array of OAuth 2.0 response type strings. Default value: `code` | Array of `code`, `token`, `id_token` | TRUE | FALSE | FALSE |
-| token_endpoint_auth_method | Requested authentication method for the token endpoint. Default value: `client_secret_basic` | `none`, `client_secret_post`, `client_secret_basic`, or `client_secret_jwt` | TRUE | FALSE | FALSE |
-| tos_uri | URL string of a web page providing the client's terms of service document | URL | TRUE | FALSE | FALSE |
+| Property | Description | DataType | Nullable | Unique | Readonly |
+|:-----------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------|:---------|:----------|
+| application_type | The type of client application. Default value: `web` | `web`, `native`, `browser`, or `service` | TRUE | FALSE | TRUE |
+| client_id | Unique key for the client application | String | FALSE | TRUE | TRUE |
+| client_id_issued_at | Time at which the client_id was issued (measured in unix seconds) | Number | TRUE | FALSE | TRUE |
+| client_name | Human-readable string name of the client application | String | FALSE | FALSE | FALSE |
+| client_secret | OAuth 2.0 client secret string (used for confidential clients) | String | TRUE | TRUE | TRUE |
+| client_secret_expires_at | Time at which the client_secret will expire or 0 if it will not expire(measured in unix seconds) | Number | TRUE | FALSE | TRUE |
+| grant_types | Array of OAuth 2.0 grant type strings. Default value: `authorization_code` | Array of `authorization_code`, `client_credentials`, `implicit`, `interaction_code` , `password`, `refresh_token`, `urn:ietf:params:oauth:grant-type:device_code`, `urn:ietf:params:oauth:grant-type:saml2-bearer` , `urn:ietf:params:oauth:grant-type:token-exchange` | TRUE | FALSE | FALSE |
+| initiate_login_uri | URL that a third party can use to initiate a login by the client | String | TRUE | FALSE | FALSE |
+| jwks_uri | URL string that references a [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta. | String | TRUE | FALSE | FALSE |
+| jwks | A [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta. | [JSON Web Key Set](#json-web-key-set) | TRUE | FALSE | FALSE |
+| logo_uri | URL string that references a logo for the client consent dialog box (not the sign-in dialog box). See [Add an OAuth 2.0 client application](/docs/reference/api/apps/#details) for more information on how the `logo_uri` is used. | String | TRUE | FALSE | FALSE |
+| policy_uri | URL string of a web page providing the client's policy document | URL | TRUE | FALSE | FALSE |
+| post_logout_redirect_uris | Array of redirection URI strings for use for relying party initiated logouts | Array | TRUE | FALSE | FALSE |
+| redirect_uris | Array of redirection URI strings for use in redirect-based flows | Array | TRUE | FALSE | FALSE |
+| request_object_signing_alg | The type of JSON Web Key Set (JWKS) algorithm that must be used for signing request objects. | `HS256`, `HS384`, `HS512`, `RS256`, `RS384`, `RS512`, `ES256`, `ES384`, `ES512` | TRUE | FALSE | FALSE |
+| response_types | Array of OAuth 2.0 response type strings. Default value: `code` | Array of `code`, `token`, `id_token` | TRUE | FALSE | FALSE |
+| sector_identifier_uri | URL that references a file with a single JSON array of redirect_uri values used in calculating Pseudonymous Identifiers when `subject_type` is `pairwise` . | URL | TRUE | FALSE | FALSE |
+| subject_type | Array of OAuth 2.0 subject type strings. Default value: `public` | Array of `public`, `pairwise` | TRUE | FALSE | FALSE |
+| token_endpoint_auth_method | Requested authentication method for the token endpoint. Default value: `client_secret_basic` | `none`, `client_secret_post`, `client_secret_basic`, or `client_secret_jwt` | TRUE | FALSE | FALSE |
+| tos_uri | URL string of a web page providing the client's terms of service document | URL | TRUE | FALSE | FALSE |
Property details
diff --git a/packages/@okta/vuepress-site/docs/reference/api/oidc/index.md b/packages/@okta/vuepress-site/docs/reference/api/oidc/index.md
index 68570855c63..092aca88a4f 100644
--- a/packages/@okta/vuepress-site/docs/reference/api/oidc/index.md
+++ b/packages/@okta/vuepress-site/docs/reference/api/oidc/index.md
@@ -1032,32 +1032,32 @@ curl -X GET \
#### Response properties
-| Property | Description | Type |
-| ----------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| issuer | The complete URL for a custom authorization server. This becomes the `iss` claim in an access token. In the context of this document, this is your authorization server's [base URL](#composing-your-base-url). | String |
-| authorization endpoint | URL of the authorization server's [authorization endpoint](#authorize). | String |
-| device_authorization_endpoint | URL of the authorization server's [device authorize endpoint](#device-authorize). | String |
-| token_endpoint | URL of the authorization server's [token endpoint](#token). | String |
-| registration_endpoint | URL of the authorization server's [Dynamic Client Registration endpoint](/docs/reference/api/oauth-clients/#register-new-client). | String |
-| jwks_uri | URL of the authorization server's [JSON Web Key Set](/docs/reference/api/authorization-servers/#certificate-json-web-key-object) document. | String |
-| response_types_supported | JSON array that contains a list of the `response_type` values that this authorization server supports. Can be a combination of `code`, `token`, and `id_token`. | Array |
-| response_modes_supported | JSON array that containis a list of the `response_mode` values that this authorization server supports. More information in [parameter details](#parameter-details). | Array |
-| grant_types_supported | JSON array that contains a list of the `grant_type` values that this authorization server supports. | Array |
-| subject_types_supported | JSON array that contains a list of the Subject Identifier types that this authorization server supports. Valid types are `pairwise` and `public`. Supported values: `public`. See the [Subject Identifier Types] (https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) section in the OpenID Connect specification. | Array |
-| scopes_supported | JSON array that contains a list of the `scope` values that this authorization server supports. | Array |
-| token_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this token endpoint. | Array |
-| claims_supported | A list of the claims supported by this authorization server. | Array |
-| code_challenge_methods_supported | JSON array that contains a list of [PKCE code challenge](/docs/guides/implement-grant-type/authcodepkce/main/) methods supported by this authorization server. | Array |
-| introspection_endpoint | URL of the authorization server's [introspection endpoint](#introspect). | String |
-| introspection_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this introspection endpoint. More info [here](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response). | Array |
-| revocation_endpoint | URL of the authorization server's [revocation endpoint](#revoke). | String |
-| revocation_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this revocation endpoint. More info [here](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response). | Array |
-| end_session_endpoint | URL of the authorization server's [logout endpoint](#logout). | String |
-| request_parameter_supported | Indicates if [request parameters](#parameter-details) are supported by this authorization server. | Boolean |
-| request_object_signing_alg_values_supported | The signing algorithms that this authorization server supports for signed requests. | Array |
-| backchannel_token_delivery_modes_supported | The delivery modes that this authorization server supports for Client-Initiated Backchannel Authentication. Valid types include `poll`, `ping` and `push`. Supported values: `poll`. | Array |
-| backchannel_authentication_request_signing_alg_values_supported | The signing algorithms that this authorization server supports for Client-Initiated Backchannel Authentication signed requests. | Array |
-| dpop_signing_alg_values_supported | JSON array that contains a list of the JWS algorithm values supported by the authorization server for Demonstrating Proof-of-Possession (DPoP) JWTs. | Array |
+| Property | Description | Type |
+| ----------------------------------------------------------------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------- |
+| issuer | The complete URL for a custom authorization server. This becomes the `iss` claim in an access token. In the context of this document, this is your authorization server's [base URL](#composing-your-base-url). | String |
+| authorization endpoint | URL of the authorization server's [authorization endpoint](#authorize). | String |
+| device_authorization_endpoint | URL of the authorization server's [device authorize endpoint](#device-authorize). | String |
+| token_endpoint | URL of the authorization server's [token endpoint](#token). | String |
+| registration_endpoint | URL of the authorization server's [Dynamic Client Registration endpoint](/docs/reference/api/oauth-clients/#register-new-client). | String |
+| jwks_uri | URL of the authorization server's [JSON Web Key Set](/docs/reference/api/authorization-servers/#certificate-json-web-key-object) document. | String |
+| response_types_supported | JSON array that contains a list of the `response_type` values that this authorization server supports. Can be a combination of `code`, `token`, and `id_token`. | Array |
+| response_modes_supported | JSON array that containis a list of the `response_mode` values that this authorization server supports. More information in [parameter details](#parameter-details). | Array |
+| grant_types_supported | JSON array that contains a list of the `grant_type` values that this authorization server supports. | Array |
+| subject_types_supported | JSON array that contains a list of the Subject Identifier types that this authorization server supports. Valid types are `pairwise` and `public`. Supported values: `public` and `pairwise` . See the [Subject Identifier Types] (https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) section in the OpenID Connect specification. | Array |
+| scopes_supported | JSON array that contains a list of the `scope` values that this authorization server supports. | Array |
+| token_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this token endpoint. | Array |
+| claims_supported | A list of the claims supported by this authorization server. | Array |
+| code_challenge_methods_supported | JSON array that contains a list of [PKCE code challenge](/docs/guides/implement-grant-type/authcodepkce/main/) methods supported by this authorization server. | Array |
+| introspection_endpoint | URL of the authorization server's [introspection endpoint](#introspect). | String |
+| introspection_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this introspection endpoint. More info [here](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response). | Array |
+| revocation_endpoint | URL of the authorization server's [revocation endpoint](#revoke). | String |
+| revocation_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this revocation endpoint. More info [here](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response). | Array |
+| end_session_endpoint | URL of the authorization server's [logout endpoint](#logout). | String |
+| request_parameter_supported | Indicates if [request parameters](#parameter-details) are supported by this authorization server. | Boolean |
+| request_object_signing_alg_values_supported | The signing algorithms that this authorization server supports for signed requests. | Array |
+| backchannel_token_delivery_modes_supported | The delivery modes that this authorization server supports for Client-Initiated Backchannel Authentication. Valid types include `poll`, `ping` and `push`. Supported values: `poll`. | Array |
+| backchannel_authentication_request_signing_alg_values_supported | The signing algorithms that this authorization server supports for Client-Initiated Backchannel Authentication signed requests. | Array |
+| dpop_signing_alg_values_supported | JSON array that contains a list of the JWS algorithm values supported by the authorization server for Demonstrating Proof-of-Possession (DPoP) JWTs. | Array |
#### Response example (success)
@@ -1092,7 +1092,8 @@ curl -X GET \
"urn:openid:params:grant-type:ciba"
],
"subject_types_supported": [
- "public"
+ "public",
+ "pairwise"
],
"scopes_supported": [
"openid",
@@ -1214,32 +1215,32 @@ curl -X GET \
#### Response properties
-| Property | Description | Type |
-| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| authorization_endpoint | URL of the authorization server's [authorization endpoint](#authorize). | String |
-| device_authorization_endpoint | URL of the authorization server's [device authorize endpoint](#device-authorize). | String |
-| claims_supported | A list of the claims supported by this authorization server. | Array |
-| code_challenge_methods_supported | JSON array that contains a list of [PKCE code challenge](/docs/guides/implement-grant-type/authcodepkce/main/) methods supported by this authorization server. | Array |
-| end_session_endpoint | URL of the authorization server's [logout endpoint](#logout). | String |
-| grant_types_supported | JSON array that contains a list of the grant type values that this authorization server supports. | Array |
-| introspection_endpoint | URL of the authorization server's [introspection endpoint](#introspect). | String |
-| introspection_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this introspection endpoint. | Array |
-| issuer | The authorization server's issuer identifier. In the context of this document, this is your authorization server's [base URL](#composing-your-base-uRL). | String |
-| jwks_uri | URL of the authorization server's JSON Web Key Set document. | String |
-| registration_endpoint | URL of the authorization server's [Dynamic Client Registration endpoint](/docs/reference/api/oauth-clients/#register-new-client) | String |
-| request_object_signing_alg_values_supported | The signing algorithms that this authorization server supports for signed requests. | Array |
-| request_parameter_supported | Indicates if [Request Parameters](#parameter-details) are supported by this authorization server. | Boolean |
-| response_modes_supported | JSON array that contains a list of the `response_mode` values that this authorization server supports. More information in [Parameter details](#parameter-details). | Array |
-| response_types_supported | JSON array that contains a list of the `response_type` values that this authorization server supports. Can be a combination of `code`, `token`, and `id_token`. | Array |
-| revocation_endpoint | URL of the authorization server's [revocation endpoint](#revoke). | String |
-| revocation_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this revocation endpoint. | Array |
-| scopes_supported | JSON array that contains a list of the `scope` values that this authorization server supports. | Array |
-| subject_types_supported | JSON array that contains a list of the Subject Identifier types that this authorization server supports. Valid types are `pairwise` and `public`. Supported values: `public`. See the [Subject Identifier Types] (https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) section in the OpenID Connect specification. | Array |
-| token_endpoint | URL of the authorization server's [token endpoint](#token). | String |
-| token_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this token endpoint. | Array |
-| backchannel_token_delivery_modes_supported | The delivery modes that this authorization server supports for Client-Initiated Backchannel Authentication. Valid types include `poll`, `ping` and `push`. Supported values: `poll`. | Array |
-| backchannel_authentication_request_signing_alg_values_supported | The signing algorithms that this authorization server supports for Client-Initiated Backchannel Authentication signed requests. | Array |
-| dpop_signing_alg_values_supported | JSON array that contains a list of the JWS `alg` values supported by the authorization server for Demonstrating Proof-of-Possession (DPoP) JWTs. | Array |
+| Property | Description | Type |
+| ----------------------------------------------------------------- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------- |
+| authorization_endpoint | URL of the authorization server's [authorization endpoint](#authorize). | String |
+| device_authorization_endpoint | URL of the authorization server's [device authorize endpoint](#device-authorize). | String |
+| claims_supported | A list of the claims supported by this authorization server. | Array |
+| code_challenge_methods_supported | JSON array that contains a list of [PKCE code challenge](/docs/guides/implement-grant-type/authcodepkce/main/) methods supported by this authorization server. | Array |
+| end_session_endpoint | URL of the authorization server's [logout endpoint](#logout). | String |
+| grant_types_supported | JSON array that contains a list of the grant type values that this authorization server supports. | Array |
+| introspection_endpoint | URL of the authorization server's [introspection endpoint](#introspect). | String |
+| introspection_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this introspection endpoint. | Array |
+| issuer | The authorization server's issuer identifier. In the context of this document, this is your authorization server's [base URL](#composing-your-base-uRL). | String |
+| jwks_uri | URL of the authorization server's JSON Web Key Set document. | String |
+| registration_endpoint | URL of the authorization server's [Dynamic Client Registration endpoint](/docs/reference/api/oauth-clients/#register-new-client) | String |
+| request_object_signing_alg_values_supported | The signing algorithms that this authorization server supports for signed requests. | Array |
+| request_parameter_supported | Indicates if [Request Parameters](#parameter-details) are supported by this authorization server. | Boolean |
+| response_modes_supported | JSON array that contains a list of the `response_mode` values that this authorization server supports. More information in [Parameter details](#parameter-details). | Array |
+| response_types_supported | JSON array that contains a list of the `response_type` values that this authorization server supports. Can be a combination of `code`, `token`, and `id_token`. | Array |
+| revocation_endpoint | URL of the authorization server's [revocation endpoint](#revoke). | String |
+| revocation_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this revocation endpoint. | Array |
+| scopes_supported | JSON array that contains a list of the `scope` values that this authorization server supports. | Array |
+| subject_types_supported | JSON array that contains a list of the Subject Identifier types that this authorization server supports. Valid types are `pairwise` and `public`. Supported values: `public` and `pairwise` . See the [Subject Identifier Types] (https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) section in the OpenID Connect specification. | Array |
+| token_endpoint | URL of the authorization server's [token endpoint](#token). | String |
+| token_endpoint_auth_methods_supported | JSON array that contains a list of [client authentication methods](/docs/reference/api/oidc/#client-authentication-methods/) supported by this token endpoint. | Array |
+| backchannel_token_delivery_modes_supported | The delivery modes that this authorization server supports for Client-Initiated Backchannel Authentication. Valid types include `poll`, `ping` and `push`. Supported values: `poll`. | Array |
+| backchannel_authentication_request_signing_alg_values_supported | The signing algorithms that this authorization server supports for Client-Initiated Backchannel Authentication signed requests. | Array |
+| dpop_signing_alg_values_supported | JSON array that contains a list of the JWS `alg` values supported by the authorization server for Demonstrating Proof-of-Possession (DPoP) JWTs. | Array |
#### Response example (success)
@@ -1275,7 +1276,8 @@ curl -X GET \
"urn:openid:params:grant-type:ciba"
],
"subject_types_supported": [
- "public"
+ "public",
+ "pairwise"
],
"id_token_signing_alg_values_supported": [
"RS256"