Conceptual overview of the AS-centric OAuth 2.0 and OIDC

This chapter presents an overview of the AS-centric implementation of OAuth 2.0 and OIDC in Airlock IAM.

Architecture of the AS-centric authorization server

The following picture shows the fundamental concept of the new implementation of the OAuth 2.0 and OIDC Authorization Server.

Authorization Server 2

The architectural design of the AS-centric AS implementation shown above leads to the following characteristics:

  • One instance of Airlock IAM can support an unlimited number of authorization servers
  • Every authorization server is configured separately in Airlock IAM
  • Each authorization server can support an unlimited number of clients
  • Clients can be configured statically within the authorization server configuration
  • Clients can be registered dynamically through the DCR (Dynamic Client Registration) protocol
  • Each client must have a unique client-id per authorization server