Skip to content

OAuth 2.0 Grant Types

Grant types are used to authorize access to protected resources in different ways. This section lists out the main OAuth2 grant types supported by WSO2 Identity Server.

Note

WSO2 Identity Server provides more control over issuing id tokens and user claims for client-credential grant type. To facilitate this, add the following configurations to the deployment.toml file found in the <IS_HOME>/repository/conf folder in order to register new ScopeHandlers and ScopeValidators .

[oauth.custom_scope_validator]
class = "org.fully.qualified.class.name.CustomScopeValidator"

Further, by configuring the <IdTokenAllowed> property to true or false along with the above configuration, you can turn on or turn off the process of issuing ID tokens for the grant types that have the openid scope. By default, IdTokenAllowed is set to true, you can allow it to issue id_tokens for all grant types that have the openid scope. By configuring it to false, you can stop issuing ID tokens.
Note: You can not turn off the process of issuing ID tokens for the authorization_code grant type.

By configuring the <IsRefreshTokenAllowed> property to true or false along with the above configuration, you can turn on or turn on the process of issuing refresh tokens. By default, IsRefreshTokenAllowed is set to true, and you can allow it to issue refresh tokens for all grant types. By configuring it to false, you can stop issuing refresh tokens.
Note: By default, issuing ID token for client_credentials grant type is disabled as it is logically invalid.

Top