OAuth 2.0 and OpenID Connect (OIDC) overview

OAuth 2.0 is an authorization framework that enables target applications (so-called OAuth 2.0 Clients) to securely obtain access to protected HTTP resources (such as user information) on behalf of a user. The obvious way to achieve this goal would be for the user to share her credentials (e.g. her password) with the target application. As sharing passwords has many drawbacks, OAuth 2.0 solves this problem without requiring the user to share credentials.

OpenID Connect 1.0 adds an identity layer to the OAuth 2.0 protocol, allows clients to verify the user's identity information and usually save a few HTTP roundtrips.

Supported features

The following table lists the OAuth/OIDC feature set supported by Airlock IAM.

Features

OAuth 2.0 Authorization Server (AS)

OAuth 2.0 Client

OAuth 2.0

OAuth 2.0 Authorization Code Grant*

Icon - Tick (GW grün)
Icon - Tick (GW grün)

OAuth 2.0 Client Credentials Grant*

Icon - Tick (GW grün)

OAuth 2.0 Token Exchange Grant*

Icon - Tick (GW grün)

OAuth 2.0 Implicit Grant
(officially no longer recommended for use by the OAuth Working Group)

OAuth 2.0 Token Introspection

Icon - Tick (GW grün)

OAuth 2.0 Token Revocation

Icon - Tick (GW grün)

OAuth 2.0 Dynamic Client Registration

Icon - Tick (GW grün)

Pushed Authorization Request (PAR)

Icon - Tick (GW grün)

OAuth 2.0 Authorization Server Metadata Endpoint

Icon - Tick (GW grün)
Icon - Tick (GW grün)

OIDC

OpenID Connect Authorization Code Flow

Icon - Tick (GW grün)
Icon - Tick (GW grün)

OpenID Connect Hybrid Flow

Icon - Tick (GW grün)

OpenID Connect Implicit Flow

OpenID Connect Token Introspection

Icon - Tick (GW grün)

OpenID Connect Token Revocation

Icon - Tick (GW grün)

OpenID Connect Discovery

Icon - Tick (GW grün)
Icon - Tick (GW grün)

OAuth 2.0 Dynamic Client Registration

Icon - Tick (GW grün)

OpenID Connection Session Management

Icon - Tick (GW grün)

OpenID Connect UserInfo Endpoint

Icon - Tick (GW grün)
Icon - Tick (GW grün)

OpenID Connect RP-initiated logout (as RP)

Icon - Tick (GW grün)

Account Linking

Icon - Tick (GW grün)

Automated Account Registration (Social Registration)

Icon - Tick (GW grün)

Pushed Authorization Request (PAR)

Icon - Tick (GW grün)
*

Implemented grant type.