OAuth 2.0 and OIDC support

ISAM supports the OAuth 2.0 protocol, including OpenID Connect. The support is provided at both the Advanced Access Control and the Federation licensing levels.

• OAuth is an HTTP-based authorization protocol. It gives third-party applications scoped access to a protected resource on behalf of the resource owner. It gives scoped access by creating an approval interaction between the resource owner, client, and the resource server. It gives users the ability to share their private resources between sites without providing user names and passwords. Private resources can be anything, but common examples include photos, videos, and contact lists. The implementation of OAuth 2.0 in Advanced Access Control strictly follows the OAuth 2.0 standards. For a complete description of the OAuth 2.0 specifications, see the OAuth website. The OAuth 2.0 implementation of Advanced Access Control also integrates with WebSphere DataPower. For information, see DataPower Integration.

• OpenID Connect (OIDC) is an extension of the OAuth protocol to better support identity and authentication. For a complete description of the OpenID Connect specifications, see the OpenID website Prior versions ISAM supported OIDC through federation support. Security Verify Access now supports OIDC through API Protection. Existing deployments ISAM OIDC federations are fully supported, but new OIDC deployments should use API Protection. For documentation on managing existing OIDC federations, see Legacy support for OpenID Connect federations

See also

• Concepts
  
• OAuth 2.0 endpoints
  
• OAuth 2.0 and OIDC workflows
  
• State management
  
• Trusted clients management
  
• Proof Key for Code Exchange support
  
• Reverse proxy configuration for OAuth and OIDC provider
  
• Configure API protection
  
• OIDC Claims customization
  
• Client authentication to /token through an incoming JSON Web Token
  
• Passing parameters through JWT in a request to /authorize
  
• Mapping rules for OAuth and OIDC
  
• OAuth 2.0 template files
  
• OAuth 2.0 template page for consent to authorize
  
• Error responses
  
• User self-administration tasks for OAuth
  
• OAuth STS Interface for Authorization Enforcement Points
  
• API Protection form post response mode
  
• Access policy for OAuth or OIDC
  
• OIDC Dynamic Clients
  

Parent topic: Advanced Access Control configuration