You can configure your applications so that they are accessible to Identity as a Service accounts through OpenID Connect (OIDC) authentication and OAuth authorization. Identity as a Service supports both the Code (or Basic) Authentication Flow use case and the Implicit Authentication Flow use case.
OIDC issues ID tokens and access tokens to:
● Allow desktop and mobile devices to confirm an end-user's identity based on the authentication method performed by Identity as a Service.
● Obtain the Userinfo data.
OAuth issues access tokens that allow client applications to access resource server APIs on behalf of a user using access tokens.
Both OIDC and OAuth access tokens can also be issued with refresh tokens. See Manage OIDC and OAuth tokens for more information about OIDC and OAuth tokens.
Identity as a Service also supports the Client Credentials Flow use case that can be used with direct client application requests to resource server APIs without a user present.
Attention: The Implicit grant type has security implications. It is currently supported with OpenID Connect (OIDC) and not with OAuth. It is deprecated and will be removed in a future Identity as a Service release. Applications using the Implicit grant type should use the Authorization Code grant type with Proof Key for Code Exchange (PKCE) instead.
In addition to the standard OIDC request parameters, OIDC and OAuth support the following ones:
● login_hint
● claims
● acr_values
● amr_values
● audience or resource
● org_id
OIDC and OAuth do not support the following OIDC request parameters:
● acr_values
● amr_values
● display
● id_token_hint
● ui_locales
OIDC and OAuth do not support the following features:
● Introspection
● Dynamic Client Registration
● Token Encryption
Topics in this section:
● Integrate Microsoft Azure AD Conditional Access
● Integrate Microsoft Entra ID External Authentication
Note: To create a generic OIDC and OAuth application, see Integrate OpenID Connect and OAuth Cloud applications in the Administrator Help.