OAuth 2.0 Grant Types¶
Grant types are used to authorize access to protected resources in different ways. This section lists out the main OAuth2 grant types supported by WSO2 Identity Server.
- Authorization Code Grant
- Implicit Grant
- Resource Owner Password Credentials Grant
- Client Credentials Grant
- Refresh Token Grant
- Kerberos Grant
Note
WSO2 Identity Server provides more control over issuing id tokens and
user claims for client-credential grant type. To facilitate this, add the following configurations to the deployment.toml file found in the <IS_HOME>/repository/conf folder in order
to register new ScopeHandlers and
ScopeValidators .
[oauth.custom_scope_validator]
class = "org.fully.qualified.class.name.CustomScopeValidator"Further, by configuring the <IdTokenAllowed> property
to true or false along with the
above configuration, you can turn on or turn off the process of issuing
ID tokens for the grant types that have the openid
scope. By default, IdTokenAllowed is set to
true, you can allow it to issue
id_tokens for all grant types that have the
openid scope. By configuring it to false, you can
stop issuing ID tokens.
Note: You can not turn off the process of issuing ID tokens for the
authorization_code grant type.
By configuring the <IsRefreshTokenAllowed> property
to true or false along with the
above configuration, you can turn on or turn on the process of issuing
refresh tokens. By default, IsRefreshTokenAllowed is
set to true, and you can allow it to
issue refresh tokens for all grant types. By configuring it to
false, you can stop issuing refresh tokens.
Note: By default, issuing ID token for
client_credentials grant type is disabled as it is
logically invalid.