OAuth 2.0 and OpenID Connect overview

OAuth 2.0 is an authorization framework that enables target applications (so-called OAuth 2.0 Clients) to securely obtain access to protected HTTP resources (such as user information) on behalf of a user. The obvious way to achieve this goal would be for the user to share her credentials (e.g. her password) with the target application. As sharing passwords has many drawbacks, OAuth 2.0 solves this problem without requiring the user to share credentials.

OpenID Connect 1.0 adds an identity layer to the OAuth 2.0 protocol, allows clients to verify the user's identity information and usually save a few HTTP roundtrips.

AS-centric vs. client-centric

Before Airlock IAM 8.0 there were two implementations of the OAuth 2.0 / OpenID Connect server. These two implementations had the following characteristics.



(deprecated and removed)


The authorization server can support any number of static and dynamically registered clients.

Every client configures its own authorization server.


In continuous development.

Removed in IAM 8.0.

Since Airlock IAM 8.0, only the AS-centric implementation of the OAuth 2.0 / OpenID Connect server remains in the product. Therefore, the differentiator AS-centric has been removed from the product and the documentation.