Using the OIDC protocol as client

Airlock IAM as a client supports the OpenID Connect protocol.

  • When using OIDC, Airlock IAM will process the id token and no longer needs resource mappings for claims provided in the id token.
  • OIDC is used when either OIDC Flow Client or OIDC Discovery Flow Client plugins are configured as AS Settings For Flow Clients.
  • When using OIDC, Airlock IAM┬ávalidates the id token received together with the OAuth 2.0 access token. If the validation fails, the login process will fail.

It is recommended to use OAuth 2.0 if the presence of an id token cannot be guaranteed.