OAuth & OpenID Connect
Learn how to work with OAuth and OpenID Connect in the Curity Identity Server. How to run code flow, implicit flow, hybrid flow, client credentials flow and more.
Code Flow
This tutorial explains how to obtain an OAuth access token using the code flow, a popular message exchange pattern used by server-based applications. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.
Implicit Flow
Using the OAuth 2.0 Implicit Flow
Hybrid Flow
This tutorial explains how to obtain an OAuth access token using the hybrid flow. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.
Client Credentials Flow
OAuth has a flow called client credentials, that comes in handy when there are requests to your APIs that are not involving a user. Using the Client Credentials flow, it's possible to let servers communicate with your API without modifying the APIs themselves.
Refresh Tokens
This tutorial explains how to issue Refresh Tokens in the Curity Identity Server, control their lifetime, include/exclude them for certain clients, and use them to get new access tokens
Revoking OAuth Tokens
Learn how to revoke access and refresh tokens issued according to the OAuth standard
Resource Owner Password Flow
This tutorial explains how to use the Resource Owner Password Credential Flow (ROPC) to obtain tokens from the Curity Identity Server
User Consent
Handling user consent for claims
Device Authorization Grant
The OAuth 2.0 Device Authorization Grant solves the problem of authenticating a user on a device that does not have user friendly input capabilities. Authentication instead takes place out-of-band on a different device.
