Sample use-case configuration
13.4.2.1.2. Configuring IAM for the sample use-case

IAM treats the OAuth 2.0 Implicit Grant as identity propagation.

Thus, an Identity propagator in a target application has to be configured:

  • In the Loginapp "Application Settings", create an Identity Propagator Target Application:
    • URL Pattern:  
    • (remember to escape dots in host names)

      https://this\.is\.your\.redirect\.url/
    • Application Entry URLs:  
    • (remember to escape dots in host names)

      https://this\.is\.your\.redirect\.url/
    • Add an "OAuth 2.0 Implicit Grant Identity Propagator" as "Identity Propagator":
      • Client ID: clientId
      • Redirect URL: 
      • https://this\.is\.your\.redirect\.url/
      • Authorization Server Settings: use the default
      • Resource Endpoint: use the default
      • Select "Show User Confirm Page"

OAuth Scopes and IAM Roles

The user must have the roles "customer" and "employee" for this to work as depicted. For more details, see 13.3.1.2. OAuth 2.0 Scopes .