AS-centric vs. client-centric authorization servers
Airlock IAM implements two different types of OAuth 2.0 / OpenID Connect authorization servers.
AS Type | Description | Storage of Client Information |
---|---|---|
Client-centric | The client-centric approach configures an entire authorization server for every single client. This is a design limitation and therefore prohibits support for dynamic client registration. | IAM configuration |
AS-centric | The Authorization Server-centric (AS-centric) implementation provides support for dynamic client registration so that one authorization server can support a multitude of technical clients. | IAM database and configuration |
Deprecation warning
It is recommended that customers use the AS-centric implementation of the OAuth 2.0 and OIDC features. The client-centric implementation has been deprecated (see deprecation announcement in the release information section for details).
The client-centric implementation will NOT be available in the Loginapp REST UI.
Supported features in the Loginapp REST UI:
- OAuth 2.0 Client features: available from IAM 7.5
- OAuth 2.0 Authorization Server - AS-centric: available from IAM 7.6
See also Migrating from the JSP-Loginapp to the Loginapp REST UI.