13.4.2.1.1. Sample use-case

We reference the following OAuth 2.0 parameters for the Implicit Grant. We refer to the RFC for more details.

Name
Value
Comments
client_id
clientId
 
response_type
token
identifies an implicit grant request
state
xyz
 
scope
customer, employee
 
redirect_uri
https://this.is.your.redirect.url/
 

The OAuth 2.0 Implicit Grant is initiated using the following request by the Client to the Authorization Server. Please note that the parameter values are URL-encoded.

https://your.airlock-iam.com/auth-login/oauth2/clientId?response_type=token&client_id=clientId&state=xyz&scope=customer%2Cemployee&redirect_uri=https%3A%2F%2Fthis.is.your.redirect.url%2F

Note that the client id appears in both the URL path and as URL parameter "client_id".

After issuing this request, the user is asked to authenticate (e.g. using username and password).

After successful authentication, the user is asked to grant a selection of the requested scope:

(page can be disabled by configuration in which case all requested scopes matching user roles are automatically granted)

73461321.png

Assuming the user granted the scope "employee", an access token is issued by sending the following redirect to the user:

https://this.is.your.redirect.url/#access_token=tester1.m4hFcbSSoCgNxQGYBrkpXUl0WvTiwXgNDaMfaDrA&scope=employee&state=xyz&token_type=Bearer&expires_in=180