OAuth 2.0 OIDC Configuration override

Different clients may have different requirements. To meet this requirement, the authorization server in Airlock IAM offers configuration overrides.

Configuration overrides use the configuration of the authorization server as the base and allow for configuration on a particular client to override the base configuration.

The following table shows which features can profit from configuration overrides and how:

Feature

Authorization server

client

Flows and Grants

configuration applies to all clients

-

Endpoints

configuration applies to all clients

-

Persistency

configuration applies to all clients

-

Scopes

default configuration for

  • -Scope Policy
  • -Always Granted Scopes
  • -Granted Scope Processor

configuration of

  • -Allowed/Default Scopes
  • -Filtering

overrides for

  • -Allways Granted Scopes

Claims

default token format for

  • -Access token
  • -ID token

overrides for

  • -Audience (audit token only)
  • -Custom Claims
  • -Distributed Claim

PKCE

default for

  • -PKCE behavior

override for

  • -PKCE behavior

Further information and links