OAuth & OpenID Connect

Working with OAuth flows and OpenID Connect

Code Flow

Code Flow

This tutorial explains how to obtain an OAuth access token using the code flow, a popular message exchange pattern used by server-based applications. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.

Implicit Flow

Implicit Flow

Using the OAuth 2 Implicit Flow

Hybrid Flow

Hybrid Flow

This tutorial explains how to obtain an OAuth access token using the hybrid flow. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.

Client Credentials Flow

Client Credentials Flow

OAuth has a flow called client credentials, that comes in handy when there are requests to your APIs that are not involving a user. Using the Client Credentials flow, it's possible to let servers communicate with your API without modifying the APIs themselves.

Refresh Tokens

Refresh Tokens

This tutorial explains how to issue Refresh Tokens in the Curity Identity Server, control their lifetime, include/exclude them for certain clients, and use them to get new access tokens

Revoking OAuth Tokens

Revoking OAuth Tokens

Learn how to revoke access and refresh tokens issued according to the OAuth standard

Resource Owner Password Flow

Resource Owner Password Flow

This tutorial explains how to use the Resource Owner Password Credential Flow (ROPC) to obtain tokens from the Curity Identity Server

User consent

User consent

Handling user consent for claims

Device Authorization Grant

Device Authorization Grant

The OAuth 2.0 Device Authorization Grant solves the problem of authenticating a user on a device that does not have user friendly input capabilities. Authentication instead takes place out-of-band on a different device.