Grant types are used to authorize access to protected resources in different ways. This section lists out the main OAuth2 grant types supported by WSO2 Identity Server.
- Authorization Code Grant
- Implicit Grant
- Resource Owner Password Credentials Grant
- Client Credentials Grant
- Refresh Token Grant
- Kerberos Grant
Identity Server 5.4.0 provides more control over issuing id tokens and user claims for client-credential grant type. To facilitate this, the following configurations should be added to the
<IS_HOME>/repository/conf/identity/identity.xml file in order to register new
Further, by configuring the
<IdTokenAllowed> property to
false along with the above configuration, you can turn on or turn off the process of issuing ID tokens for the grant types that have the
openid scope. By default,
IdTokenAllowed is set to
true, you can allow it to issue
id_tokens for all grant types that have the
openid scope. By configuring it to false, you can stop issuing ID tokens.
Note: You can not turn off the process of issuing ID tokens for the
authorization_code grant type.
By configuring the
<IsRefreshTokenAllowed> property to
false along with the above configuration, you can turn on or turn on the process of issuing refresh tokens. By default,
IsRefreshTokenAllowed is set to
false, you can stop issuing refresh tokens.
Note: By default, issuing ID token for
client_credentials grant type is disabled as it is logically invalid.