Airlock IAM as OAuth Authorization Server (AS)/OpenID Provider (OP)

This chapter provides conceptual information about Airlock IAM acting as OAuth Authorization Server (AS) or OpenID Provider (OP).

The architecture of the authorization server

The following picture shows the fundamental concept of the OAuth 2.0 and OIDC Authorization Server implementation.

Authorization Server 2
  • The architectural design of the implementation shown above leads to the following characteristics:
  • One instance of Airlock IAM can support an unlimited number of authorization servers
  • Every authorization server is configured separately in Airlock IAM
  • Each authorization server can support an unlimited number of clients
  • Clients can be configured statically within the authorization server configuration
  • Clients can be registered dynamically through the DCR (Dynamic Client Registration) protocol
  • Each client must have a unique client-id per authorization server