OAuth 2.0 Authorization Grant types
The authorization grant is given to an application by the resource owner, in cooperation with the authorization server associated with the resource server. Kofax TotalAgility supports the following OAuth 2.0 authorization grant types.
Authorization code
This grant type is used to obtain access tokens and refresh tokens from the authorization server and is optimized for confidential clients. TotalAgility supports authorization grants only with refresh token grant which means:
-
You should generate access and refresh tokens at design time.
-
TotalAgility uses the refresh token to regenerate the access token. It does not require manual intervention.
Client credentials
This grant type is suitable for cases where the client application needs to access resources or call functions in the resource server, which are not related to a specific resource owner. The client can request an access token using only its client credentials, which means the client requests access to the protected resources under its control or those of another resource owner that has previously engaged with the authorization server.
Resource owner password
This grant type is used where the resource owner has a trust relationship with the client. Using this grant type, clients can obtain the resource owner's credentials, username, and password, usually in an interactive form. This grant type is also used to migrate existing clients using direct authentication schemes to OAuth by converting the stored credentials into an access token.
As per OAuth 2.0 specifications, Kofax TotalAgility will not save username and password to the database. Hence TotalAgility can support this grant only with a refresh token which means:
-
You should generate access and refresh tokens at design time.
-
TotalAgility uses the refresh token to regenerate the access token.
How to:
-
Configure OAuth 2.0 server using the Authorization code grant type
-
Configure OAuth 2.0 server using the Client credential grant type
-
Configure OAuth 2.0 server using the Resource owner password grant type
See also: