Product Documentation
Visit curity.io
Developer
Developer Portal
Tutorials
Videos
Code examples
Support
Contact
Docs
/
Token Service Admin Guide
☀️ Theme
Menu
Token Service Admin Guide
¶
Introduction to the Token Service
Defining an OAuth Profile
Preparing the OAuth Profile
Base Configuration of an OAuth Profile
OAuth Flows
Code
Implicit
Client Credentials
Resource Owner Password Credentials
OpenID Connect Hybrid Flows
Token Exchange
Assisted Token
Refresh
Revoke
Introspect
Json Web Key Set (JWKS)
Device Flow
Assertion Flow
Logout Flow
Using the device flow
Configuration
Endpoints
Token Procedures
Templates
Scopes and Claims
Adding a scope to the profile
Adding a scope to a client
Scope Lifetime
Required scopes
Prefix scopes
Claims of a scope
Claims I/O
Configuring OAuth User Authentication
OpenID Connect
Metadata
The “claims” request parameter
Issuing pseudonymous subject identifiers
Dynamic Client Registration
Architectural Overview of Dynamic Client Registration
Enabling Dynamic Client Registration
Dynamic Client Registration Management (DCRM)
OAuth Client Configuration
Client Capabilities
User Authentication
Client Authentication
Client Framability
Examples
Issuing OAuth and OpenId Connect Tokens
OAuth Endpoint Reference
Anonymous
Authorize
Assisted Token
Introspect
Revoke
Token
User Consent
Consenting to requested claims
Asking for consent
Enabling user consent
The user consent template
Consentors
Consentors
Profile configuration
Client configuration
Consentor selection
Consentor result
Mutual TLS Authentication
TLS termination
Binding certificates to tokens
Trusted certificates
DN comparison
Configuring Mutual TLS
Reverse Proxy Server Setup
Non-Templatized Dynamic Client Registration using Mutual TLS
OpenID Connect Issuer Discovery
Session Management and Logout
Session Endpoint
Logout
OpenId Connect specifications for Session Management and Logout