Remote consent applications with OAuth

The consent screen is usually generated by the OAuth authorization server – in our case Airlock IAM – and asks the end user whether certain scopes may be granted to a third party (the OAuth Client).

IAM-generated consent screen example:

However, there are situations (e.g., PSD2) where information from the business domain (e.g., bank accounts) must be involved in the consent step.
To support such situations, Airlock IAM supports the concept of Remote Consent as described in this chapter.