Powered by Algolia

    Authorization code grant type

    OAuth allows using different authorization types for different use case scenarios:

    • Authorization code.
    • PKCE.
    • Client credentials,
    • Device code,
    • Refresh token.

    As an example, the authorization code grant type will be configured in this document.

    To get user attributes in id_token on Authorization Code grant type (like email, address, etc.), perform the next steps.

    1. Set groovy script for required scope (for example, an email). Go to webconsole > Access control > Resource. Apply OAuth scope filter and select the required scope by clicking on Edit.

    Scope

    Groovy

    1. In the scope configuration window opened find the Groovy Script field and set the /oauth/EmailScopeResolver.groovy script. The example of the cope code is given below.

    Groovy code

    1. In authorization requests scope use openid. Below, a Postman example is given.

    Authorization request scope

    1. You will get a response, similar to the following.

    Response

    Response token coded/encoded

    There are several scopes that must work without a groovy script, for example the following.

    • given_name
    • family_name
    • middle_name
    • nickname
    • user_name
    • preferred_username
    • picture
    • gender
    • birthdate
    • locale
    • updated_at
    • phone_number_verified
    • email_verified

    Hence, you can get a response for them without an additional groovy script, as shown below.

    Response without groovy

    Response no groovy

    Note that in OpenIAM version 4.2.1.10 we have a limit for Scope field, comprising 100 characters.

    Characters limit

    Previous
    oAuth 2.0
    Next
    OpenID Connect