OAuth 2.0 and OpenID Connect (OIDC) overview

OAuth 2.0 is an authorization framework that enables target applications (so-called OAuth 2.0 Clients) to securely obtain access to protected HTTP resources (such as user information) on behalf of a user. The obvious way to achieve this goal would be for the user to share her credentials (e.g. her password) with the target application. As sharing passwords has many drawbacks, OAuth 2.0 solves this problem without requiring the user to share credentials.

OpenID Connect 1.0 adds an identity layer to the OAuth 2.0 protocol, allows clients to verify the user's identity information and usually save a few HTTP roundtrips.

Supported features

The following table lists the OAuth/OIDC feature set supported by Airlock IAM.

Features		OAuth 2.0 Authorization Server (AS)	OAuth 2.0 Client
Features		Airlock IAM as OAuth Authorization Server (AS)/OpenID Provider (OP)	Airlock IAM as OAuth Client/OIDC Relying Party (RP)
OAuth 2.0	OAuth 2.0 Authorization Code Grant^*
	OAuth 2.0 Client Credentials Grant^*
	OAuth 2.0 Token Exchange Grant^*
	OAuth 2.0 Implicit Grant (officially no longer recommended for use by the OAuth Working Group)
	OAuth 2.0 Token Introspection
	OAuth 2.0 Token Revocation
	OAuth 2.0 Dynamic Client Registration
	Pushed Authorization Request (PAR)
	OAuth 2.0 Authorization Server Metadata Endpoint
OIDC	OpenID Connect Authorization Code Flow
	OpenID Connect Hybrid Flow
	OpenID Connect Implicit Flow
	OpenID Connect Token Introspection
	OpenID Connect Token Revocation
	OpenID Connect Discovery
	OAuth 2.0 Dynamic Client Registration
	OpenID Connection Session Management
	OpenID Connect UserInfo Endpoint
	OpenID Connect RP-initiated logout (as RP)
	Pushed Authorization Request (PAR)
	Account Linking
	Automated Account Registration (Social Registration)

*: Implemented grant type.

Further information and links

Internal links:

OAuth 2.0 / OIDC configuration

External links: