Overview of the OAuth 2.0 / OIDC Grants Flows and Endpoints
To configure grants and flows for an authorization server, navigate to OAuth 2.0 / OpenID Connect AS Settings >> Authorization Servers >> select the desired AS and create a new OAuth 2.0 Grants / OpenID Connect Flows plugin.
- The authorization server provides support for:
- OAuth 2.0 Authorization Code Grant
- OIDC Authorization Code / Hybrid Flow
- OAuth 2.0 Client Credentials Grant
- OAuth 2.0 Token Exchange Grant
Setting up an authorization server that supports OAuth 2.0 and OIDC simultaneously is not supported. The Config Editor will, therefore, report such a configuration as invalid and fail to activate it.
Clients that use the authorization code flow must add the scope openid
as defined in the OIDC specification. An OIDC authorization server will return an error if the openid
scope is missing.