Title: Protocol Soup | Run Real Authentication & Identity Protocol Flows | Protocol Soup
Open Graph Title: Protocol Soup | Run Real Authentication & Identity Protocol Flows
X Title: Protocol Soup | Run Real Authentication & Identity Protocol Flows
Description: Execute real OAuth 2.0, OpenID Connect, OID4VCI, OID4VP, SAML, SPIFFE, SCIM and SSF flows against live infrastructure. Inspect every request, decode JWTs, and learn protocols hands-on.
Open Graph Description: Execute real OAuth 2.0, OpenID Connect, OID4VCI, OID4VP, SAML, SPIFFE, SCIM and SSF flows against live infrastructure. Inspect every request, decode JWTs, and learn protocols hands-on.
X Description: Execute real OAuth 2.0, OpenID Connect, OID4VCI, OID4VP, SAML, SPIFFE, SCIM and SSF flows against live infrastructure. Inspect every request, decode JWTs, and learn protocols hands-on.
Keywords:
Opengraph URL: https://protocolsoup.com
Domain: protocolsoup.com
{"@context":"https://schema.org","@type":"WebSite","@id":"https://protocolsoup.com#website","name":"Protocol Soup","url":"https://protocolsoup.com","inLanguage":"en-US","publisher":{"@id":"https://protocolsoup.com#organization"}}
{"@context":"https://schema.org","@type":"Organization","@id":"https://protocolsoup.com#organization","name":"Protocol Soup","url":"https://protocolsoup.com","logo":"https://protocolsoup.com/icons/icon-512.svg","sameAs":["https://twitter.com/protocolsoup","https://github.com/ParleSec/ProtocolSoup"]}
{"@context":"https://schema.org","@type":"WebSite","@id":"https://protocolsoup.com#website","name":"Protocol Soup","url":"https://protocolsoup.com","inLanguage":"en-US","publisher":{"@id":"https://protocolsoup.com#organization"}}
{"@context":"https://schema.org","@type":"WebApplication","name":"Protocol Soup","description":"Interactive playground for learning authentication and verifiable credential protocols by running real OAuth 2.0, OpenID Connect, OID4VCI, OID4VP, SAML, SPIFFE, and SCIM flows.","url":"https://protocolsoup.com","applicationCategory":"DeveloperApplication","operatingSystem":"Web Browser","offers":{"@type":"Offer","price":"0","priceCurrency":"USD"},"featureList":["Real protocol execution against working infrastructure","Live HTTP traffic inspection","JWT token decoding and validation","OAuth 2.0 flow visualization","OpenID Connect testing","OID4VCI issuance flow testing","OID4VP verification flow testing","SAML 2.0 SSO debugging","SPIFFE/SPIRE workload identity","SCIM 2.0 provisioning testing"],"screenshot":"https://protocolsoup.com/opengraph-image","softwareVersion":"1.0.0","author":{"@type":"Person","name":"Mason Parle"}}
{"@context":"https://schema.org","@type":"Organization","@id":"https://protocolsoup.com#organization","name":"Protocol Soup","url":"https://protocolsoup.com","logo":"https://protocolsoup.com/icons/icon-512.svg","sameAs":["https://twitter.com/protocolsoup","https://github.com/ParleSec/ProtocolSoup"]}
{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is Protocol Soup?","acceptedAnswer":{"@type":"Answer","text":"Protocol Soup is a free, interactive testing tool for authentication and identity protocols. Execute real OAuth 2.0, OpenID Connect, OID4VCI, OID4VP, SAML 2.0, SPIFFE/SPIRE, SCIM 2.0, and SSF flows against live infrastructure, inspect every HTTP exchange, and decode tokens in real-time."}},{"@type":"Question","name":"How do I test OAuth 2.0 flows?","acceptedAnswer":{"@type":"Answer","text":"Protocol Soup lets you execute real OAuth 2.0 flows — Authorization Code, Authorization Code + PKCE, Client Credentials, Refresh Token, Token Introspection, and Token Revocation — against a working authorization server. You see every request, response, header, and token as it happens."}},{"@type":"Question","name":"What is the difference between OAuth 2.0 and OpenID Connect?","acceptedAnswer":{"@type":"Answer","text":"OAuth 2.0 is an authorization framework that grants delegated access to resources. OpenID Connect (OIDC) is an authentication layer built on OAuth 2.0 that adds an ID token containing verified user identity claims. OAuth answers \"what can this app access?\" while OIDC answers \"who is this user?\""}},{"@type":"Question","name":"What are verifiable credentials and how do OID4VCI and OID4VP work?","acceptedAnswer":{"@type":"Answer","text":"Verifiable credentials are tamper-evident digital credentials (like diplomas or licenses) that a holder can present to a verifier. OID4VCI (OpenID for Verifiable Credential Issuance) defines how an issuer delivers credentials to a wallet. OID4VP (OpenID for Verifiable Presentations) defines how a verifier requests and validates credential presentations from a wallet."}},{"@type":"Question","name":"What is PKCE and why is it required for OAuth 2.0?","acceptedAnswer":{"@type":"Answer","text":"PKCE (Proof Key for Code Exchange, RFC 7636) prevents authorization code interception attacks by binding the token request to the original authorization request via a code_verifier/code_challenge pair. It is required for public clients (SPAs, mobile apps) and recommended for all OAuth 2.0 clients."}},{"@type":"Question","name":"How is SAML different from OAuth and OIDC?","acceptedAnswer":{"@type":"Answer","text":"SAML 2.0 is an XML-based federation protocol primarily used for enterprise single sign-on (SSO) between identity providers and service providers. OAuth 2.0 and OIDC are JSON/REST-based protocols designed for API authorization and modern web/mobile authentication. SAML predates OAuth and is common in enterprise environments."}},{"@type":"Question","name":"What is SPIFFE and how does it provide zero-trust workload identity?","acceptedAnswer":{"@type":"Answer","text":"SPIFFE (Secure Production Identity Framework For Everyone) provides cryptographic identities to workloads in distributed systems. SPIRE is the reference implementation that issues X.509-SVIDs and JWT-SVIDs, enabling mTLS between services and automatic certificate rotation — the foundation for zero-trust service mesh architectures."}},{"@type":"Question","name":"What is SCIM 2.0 and how does it automate user provisioning?","acceptedAnswer":{"@type":"Answer","text":"SCIM 2.0 (System for Cross-domain Identity Management, RFC 7644) is a REST API standard for automating user and group provisioning across identity domains. It supports create, read, update, delete operations, filter queries, bulk operations, and schema discovery."}},{"@type":"Question","name":"What is the Shared Signals Framework (SSF)?","acceptedAnswer":{"@type":"Answer","text":"SSF enables real-time security event sharing between cooperating systems using Security Event Tokens (SETs). It includes CAEP (Continuous Access Evaluation Protocol) for session signals and RISC (Risk Incident Sharing and Coordination) for account compromise signals — essential for zero-trust continuous authorization."}}]}
| application-name | Protocol Soup |
| referrer | origin-when-cross-origin |
| creator | Mason Parle |
| publisher | Protocol Soup |
| category | Technology |
| og:site_name | Protocol Soup |
| og:locale | en_US |
| og:image | https://protocolsoup.com/opengraph-image |
| og:image:width | 1200 |
| og:image:height | 630 |
| og:image:alt | Protocol Soup | Run Real Authentication & Identity Protocol Flows | Protocol Soup |
| og:type | website |
| twitter:card | summary_large_image |
| twitter:creator | @protocolsoup |
| twitter:image | https://protocolsoup.com/opengraph-image |
Links:
Viewport: width=device-width, initial-scale=1