Using an OpenID Connect provider as an OAuth 2.0 authorization server
An OpenID Connect provider can be used as a normal OAuth 2.0 authorization provider to
issue an OAuth 2.0 access_token
, and support all OAuth 2.0 grant types.
An OpenID Connect provider supports JSON Web Token (JWT) Bearer Token as a grant for requesting an OAuth 2.0 access token, see JSON Web Token (JWT) for OAuth Client Authorization Grants and Configuring an OpenID Connect Provider to accept JSON Web Tokens (JWT) for authorization grants.
If an authorization request is made with an authorization code grant
or
implict grant type
, and if openid scope
is not included or
approved, the request is handled as a normal OAuth authorization request. An
id_token
is not issued, and an access_token
and
refresh_token
can be issued.
An OpenID Connect provider can support OAuth authorization flow with Resource Owner
Password Credentials Grant
or Client Credentials Grant
, see Configuring an OpenID Connect
Provider to enable 2-legged OAuth requests.