Tasks of an OAuth 2.0 / OpenID Connect authorization server
Airlock IAM has to provide the following services when configured as OAuth 2.0 / OpenID Connect authorization server:
- Issue tokens to clients. This includes authorization codes, access, and refresh tokens as well as the ID Token if OpenID Connect is enabled.
- Authenticate the user.
- Handle client authorizations on behalf of the user. The authorization server should inform the user about the scope of authorization. Additionally, the user must have the possibility to revoke authorization of OAuth 2.0 / OpenID Connect clients.
When configured as authorization server, Airlock IAM also adopts the role of the resource endpoint. The duty of the resource endpoint is to serve resources to clients presenting an access token authorized to access this specific resource.
Deprecation warning
It is recommended that customers use the AS-centric implementation of the OAuth 2.0 and OIDC features. The client-centric implementation has been deprecated (see deprecation announcement in the release information section for details).
The client-centric implementation will NOT be available in the Loginapp REST UI.
Supported features in the Loginapp REST UI:
- OAuth 2.0 Client features: available from IAM 7.5
- OAuth 2.0 Authorization Server - AS-centric: available from IAM 7.6
See also Migrating from the JSP-Loginapp to the Loginapp REST UI.