Remote Consent Protocol configuration
- Go to:
Loginapp >> OAuth 2.0/OIDC Authorization Server >> {{AS-ID}} >> OAuth 2.0 Grants/OIDC Flows >> OAuth 2.0 Authorization Code Grant | OIDC Authorization Code / Hybrid Flow - Go to the section User Interface.
Set OAuth 2.0 Remote Consent as the value for the Consent property and follow the information in the Config Editor for configuration. Choose the plugin
For security reasons it is strongly recommended to:
In the Remote Consent Protocol, the Remote Consent Application sends a JWT with the set of accepted scopes to Airlock IAM. IAM accepts the JWT if the signature is correct and can be decrypted. The JWT is transported via the end user's browser in an HTTP redirect. This implies that whoever can correctly sign such a JWT can determine the scopes accepted by the end-user!
You must ensure the following:
We strongly recommend using URL encryption on the Airlock Gateway mapping for the Remote Consent Application.