📄️ About OpenID Connect
Overview of OpenID Connect (OIDC) identity layer and ID token claims in EmpowerID.
📄️ Authorization Code Grant
Use the Authorization Code grant to obtain access, refresh, and ID tokens; includes PKCE and .NET client examples.
📄️ Device Authorization Grant
Use the Device Authorization (Device Code) flow for devices without a browser to obtain user-approved access tokens.
📄️ Resource Owner Password
Issue tokens to trusted apps by submitting a user's credentials directly to the token endpoint.
📄️ JWT Bearer Grant
Exchange a signed JWT for EmpowerID access/refresh tokens using the JWT Bearer grant.
📄️ Client Credentials
Obtain an access token for machine-to-machine apps using the Client Credentials grant.
📄️ Client Certificate Grant
Use signed SAML assertions with client credentials to obtain access tokens via the certificate grant.
📄️ Refresh Token Grant
Exchange a refresh token for new access/refresh tokens using the Refresh Token grant.
📄️ Implicit Grant
Obtain tokens directly from the authorization endpoint using the Implicit grant (legacy browser-based apps).
📄️ RP-Initiated Logout
End user sessions at EmpowerID and optionally at relying parties (global logout) using RP-initiated logout.
📄️ UserInfo Endpoint
Retrieve claims about the authenticated user via the OpenID Connect UserInfo endpoint.
📄️ Token Introspection Endpoint
Validate and inspect access or refresh tokens using the token introspection endpoint.
📄️ Token Revoke Endpoint
Revoke access or refresh tokens using the token revoke endpoint.
📄️ Token Exchange Endpoint
Exchange external access tokens (e.g., Azure) for EmpowerID tokens using the token exchange endpoint.
📄️ Azure Token Auth
How EmpowerID accepts Azure access tokens, exchanges them internally, and enforces access on APIs.