5.14 OAuth and OpenID Connect

Access Manager Identity Server acts as an authorization server. It issues access tokens to a client application based on the user’s grant. A registered third-party client application uses API calls to retrieve the access token for accessing OAuth protected resources. For information about API calls, see the NetIQ Access Manager 5.0 Administration API Guide.

OpenID Connect implements a single sign-on protocol on top of the OAuth authorization process. It allows client applications to verify the identity of a user based on the authentication performed by Identity Server (authorization server). It also allows client applications to obtain a user’s basic profile information.

In this Section

How OAuth and OpenID Connect Helps
OAuth Keywords and Their Usage in Access Manager
Implementing OAuth in Access Manager
OIDC Front-Channel Logout
Configuring OAuth and OpenID Connect
Using Access Gateway in the OAuth Flow
Configuring Access Gateway for OAuth
OAuth Scenarios
Mobile Authentication
Exchanging SAML 2.0 Assertions with Access Token
Encrypting Access Token
Configuring Multi-Factor Authentication for Resource Owner Credentials Grant
Viewing Endpoint Details
OAuth and OpenID Connect Audit Events
Enabling Logging for OAuth and OpenID Connect
Managing Client Applications by Using REST API
Managing OAuth 2.0 Resource Server and Scope by Using REST API
Revoking Refresh Tokens and the Associated Access Tokens
Configuring the Demo OAuth Application