OAuth 2.0 OIDC Configuration override

Different clients may have different requirements. To meet this requirement, the authorization server in Airlock IAM offers configuration overrides.

Configuration overrides use the configuration of the authorization server as the base and allow for configuration on a particular client to override the base configuration.

The following table shows which features can profit from configuration overrides and how:

Feature

Authorization server

client

Flows and Grants

configuration applies to all clients

-

Endpoints

configuration applies to all clients

-

Persistency

configuration applies to all clients

-

Scopes

  • default configuration for
  • -Scope Policy
  • -Always Granted Scopes
  • -Granted Scope Processor
  • configuration of
  • -Allowed/Default Scopes
  • -Filtering
  • overrides for
  • -Allways Granted Scopes

Claims

  • default token format for
  • -Access token
  • -ID token
  • overrides for
  • -Audience (audit token only)
  • -Custom Claims
  • -Distributed Claim

PKCE

  • default for
  • -PKCE behavior
  • override for
  • -PKCE behavior