OAuth 2.0 and OIDC support

Edit online

Security Verify Access supports the OAuth 2.0 protocol, including OpenID Connect.

The support is provided at both the Advanced Access Control and the Federation licensing levels.

  • OAuth is an HTTP-based authorization protocol. It gives third-party applications scoped access to a protected resource on behalf of the resource owner. It gives scoped access by creating an approval interaction between the resource owner, client, and the resource server. It gives users the ability to share their private resources between sites without providing usernames and passwords. Private resources can be anything, but common examples include photos, videos, and contact lists.

    The implementation of OAuth 2.0 in Advanced Access Control strictly follows the OAuth 2.0 standards. For a complete description of the OAuth 2.0 specifications, see the OAuth website http://www.oauth.net.

    The OAuth 2.0 implementation of Advanced Access Control also integrates with WebSphere DataPower. For more information, see DataPower Integration.

  • OpenID Connect is an extension of the OAuth protocol to better support identity and authentication. For a complete description of the OpenID Connect specifications, see the OpenID website: http://openid.net/specs/