New creates a new openid provider.

WithACRs makes available authentication context references.

WithAuthenticationSessionTimeout sets the user authentication session lifetime.

WithAuthnSessionStorage replaces the default authn session storage which keeps the authn sessions stored in memory.

WithAuthorizationCodeGrant allows the authorization_code grant type and the associated response types.

WithAuthorizationDetails allows clients to make rich authorization requests.

WithAuthorizeEndpoint overrides the default value for the token endpoint which is [defaultEndpointAuthorize].

WithCheckJTIFunc registers a function to validate JWT IDs (JTI) during JWT processing.

WithCIBAEndpoint overrides the default value for the CIBA endpoint which is [defaultEndpointCIBA].

WithClaims signals support for user claims.

WithClaimsParameter allows clients to send the "claims" parameter during authorization requests.

WithClaimTypes defines the types supported for the user claims.

WithClientCredentialsGrant makes available the client credentials grant.

WithClientStorage replaces the default client storage which keeps the clients stored in memory.

WithDCR allows clients to be registered dynamically.

WithDCREndpoint overrides the default value for the dcr endpoint which is [defaultEndpointDynamicClient].

WithDCRTokenRotation makes the registration access token rotate during client update requests.

WithDisplayValues makes available display values during requests to the authorization endpoint.

WithDPoP enables proof of possession with DPoP.

WithDPoPRequired makes DPoP required.

WithGrantSessionStorage replaces the default grant session storage which keeps the authn sessions stored in memory.

WithHandleGrantFunc defines a function executed everytime a new grant is created.

WithHTTPClientFunc defines how to generate the client used to make HTTP requests to, for instance, a client's JWKS endpoint.

WithIDTokenContentEncryptionAlgs overrides the default content encryption algorithm which is A128CBC-HS256.

WithIDTokenEncryption allows encryption of ID tokens.

WithIDTokenLifetime overrides the default ID token lifetime.

WithUserSignatureAlgs set the algorithms available to sign ID tokens.

WithImplicitGrant allows the implicit grant type and the associated response types.

WithIssuerResponseParameter enables the "iss" parameter to be sent in the response of authorization requests.

WithJAR allows authorization requests to be securely sent as signed JWTs.

WithJARContentEncryptionAlgs overrides the default content encryption algorithm for request objects which is A128CBC-HS256.

WithJAREncryption allows authorization requests to be securely sent as encrypted JWTs.

WithJARM allows responses for authorization requests to be sent as signed JWTs.

WithJARMContentEncryptionAlgs overrides the default content encryption algorithm which is A128CBC-HS256.

WithJARM allows responses for authorization requests to be sent as encrypted JWTs.

WithJARRequired requires authorization requests to be securely sent as signed JWTs.

WithJWKSEndpoint overrides the default value for the jwks endpoint which is [defaultEndpointJSONWebKeySet].

WithJWTBearerGrant enables the JWT bearer grant type.

WithJWTBearerGrantClientAuthnRequired makes client authentication required for the jwt bearer grant type.

WithJWTLeewayTime defines a tolarance in seconds when validating time based claims in JWTs.

WithJWTLifetime defines a maximum threshold for lifetime of JWTs.

WithMTLS allows requests to be established with mutual TLS.

WithNotifyErrorFunc defines a handler to be executed when an error happens.

WithOpenIDScopeRequired forces the openid scope to be informed in all the authorization requests.

WithPAR allows authorization flows to start at the pushed authorization request endpoint.

WithPAREndpoint overrides the default value for the par endpoint which is [defaultEndpointPushedAuthorizationRequest].

WithPARRequired forces authorization flows to start at the pushed authorization request endpoint.

WithPathPrefix defines a shared prefix for all endpoints.

WithPKCE makes proof key for code exchange available to clients.

WithPKCERequired makes proof key for code exchange required.

WithPolicy adds an authentication policy that will be evaluated at runtime and then executed if selected.

WithPrivateKeyJWTSignatureAlgs sets the signature algorithms for private key JWT authentication.

WithRefreshTokenGrant makes available the refresh token grant.

WithRefreshTokenRotation causes a new refresh token to be issued each time one is used.

WithAuthorizeErrorPlugin defines a handler to be executed when the authorization request results in error, but the error can't be redirected.

WithResourceIndicators enables client to indicate which resources they intend to access.

WithResourceIndicatorsRequired makes resource indicators required.

WithScopes defines the scopes accepted by the provider.

WithSecretJWTSignatureAlgs sets the signature algorithms for private key JWT authentication.

WithStaticClient adds a static client to the provider.

WithSubIdentifierTypes sets de subject identifier types available for clients.

WithTLSCertTokenBinding makes requests to /token return tokens bound to the client certificate if any is sent.

WithTLSCertTokenBindingRequired makes requests to /token return tokens bound to the client certificate.

WithTokenBindingRequired makes at least one sender constraining mechanism (TLS or DPoP) be required in order to issue an access token to a client.

WithTokenEndpoint overrides the default value for the authorization endpoint which is [defaultEndpointToken].

WithTokenIntrospection allows authorized clients to introspect tokens.

WithTokenIntrospectionEndpoint overrides the default value for the introspection endpoint which is [defaultEndpointTokenIntrospection] To enable token introspection, see [WithTokenIntrospection].

WithTokenOptions configures the way access tokens are issued by the provider.

WithTokenRevocation allows clients to revoke tokens.

WithTokenRevocationEndpoint overrides the default value for the token revocation endpoint which is [defaultEndpointTokenRevocation] To enable token revocation, see [WithTokenRevocation].

WithUnregisteredRedirectURIsForPAR allows clients to inform unregistered redirect URIs during requests to pushed authorization endpoint.

WithUserInfoContentEncryptionAlgs overrides the default content encryption algorithm which is A128CBC-HS256.

WithUserInfoEncryption allows encryption of the user info endpoint response.

WithUserInfoEndpoint overrides the default value for the user info endpoint which is [defaultEndpointUserInfo].

WithUserInfoSignatureAlgs set the algorithms available to sign the user info endpoint response.