Airlock IAM as OAuth Client/OIDC Relying Party (RP)

Airlock IAM can be configured as OAuth Client / OIDC Relying Party (RP). In such setups, Airlock IAM delegates user authentication to a remote IDP (e.g. Google). IAM can then take user information from the IDP into account in its authentication flows.

  • The main concepts explained in this chapter are:
  • Retrieving user attributes (claims) from remote IDPs and using them in identity propagation.
  • Account linking and social registration

More information can be found in the configuration articles linked below.

Client ID and secret

OAuth/OIDC clients must be registered manually with the remote IDP (the authorization server). The remote authorization server issues a client ID and a client secret to the registering client. These values must exactly match the entries in the Airlock IAM configuration.