Using an OpenID Connect provider as an OAuth 2.0 authorization server

An OpenID Connect provider can be used as a normal OAuth 2.0 authorization provider to issue an OAuth 2.0 access_token, and support all OAuth 2.0 grant types.

An OpenID Connect provider supports JSON Web Token (JWT) Bearer Token as a grant for requesting an OAuth 2.0 access token, see JSON Web Token (JWT) for OAuth Client Authorization Grants and Configuring an OpenID Connect Provider to accept JSON Web Tokens (JWT) for authorization grants.

If an authorization request is made with an authorization code grant or implict grant type, and if openid scope is not included or approved, the request is handled as a normal OAuth authorization request. An id_token is not issued, and an access_token and refresh_token can be issued.

An OpenID Connect provider can support OAuth authorization flow with Resource Owner Password Credentials Grant or Client Credentials Grant , see Configuring an OpenID Connect Provider to enable 2-legged OAuth requests.