The following is a high level capabilities matrix for OAuth2. The vendors chosen for comparison, are a selected few, that have well known capabilities within the access management space.
For example, some are listed within the Gartner Magic Quadrant for Access Management – typically seen as the largest and most capable providers of access technology.
The most recent Gartner Magic Quadrant for Access Management, was released in August 2019 (available here – subscription required).
In addition, Google’s IAM platform and Amazon Cognito have also been added.
This article is to take a look at the capabilities, specifically related to OAuth2, for each vendor.
Note testing was not conducted and analysis was based on publicly available documentation, with the necessary links added.
OAuth2 Provider Capabilities
The following table is a matrix of OAuth2 provider related functionality. The feature list, is derived from a common set of key components required to deploy a successful, secure and broad based ecosystem and takes some pointers from the OAuth2 Best Current Practice.
Yes – supported and public documentation link could be found and referenced
No doc found – no evidence of support in public documentation
|Vendor||Client Creds||Authz Code||Device Grant||PKCE||MTLS||JWT Tokens||Client Reg||Proof of Poss.||Custom Claims|
|Amazon Cognito||Yes||Yes||No doc found||Yes||No doc found||Yes||No doc found||No doc found||No doc found|
|Auth0||Yes||Yes||Yes||Yes||No||Yes||Yes||No doc found||Yes|
|Broadcom (CA)||Yes||Yes||No doc found||Yes||No doc found||No doc found||Yes||No doc found||No doc found|
|Google IAM||Yes||Yes||Yes||Yes||No doc found||No doc found||No doc found||No doc found||No doc found|
|IBM||No doc found||Yes||Yes||Yes||No doc found||Yes||No doc found||No doc found||No doc found|
|Microsoft||Yes||Yes||Yes||Yes||No doc found||Yes||No doc found||No doc found||Yes|
|Okta||Yes||Yes||Yes||Yes||No doc found||Yes||Yes||No doc found||Yes|
|OneLogin||Yes||Yes||No doc found||Yes||No doc found||No doc found||No doc found||No doc found||No doc found|
|Oracle||Yes||Yes||Yes||No doc found||No doc found||No doc found||No doc found||No doc found||No doc found|
|Ping Identity||Yes||Yes||Yes||Yes||Yes||Yes||Yes||Yes||No doc found|