24.0 OAuth 2.0

In OAuth 2.0 authorization, the third-party client requests access to the resources that are controlled by the resource owner. Instead of using the resource owner's credentials to access the protected resources, the third-party client obtains an access token. The third-party clients can be web applications, mobile phones, handheld devices, and desktop applications.

You can find the public key to verify the JWT in the following path:

https://<AAserver>/osp/a/<tenant_id>/auth/oauth2/.well-known/openid-configuration. It contains the jwks_uri.

You can specify TOP for the tenant_id parameter, if the Multitenancy mode is disabled or you are not in Advanced Authentication as a Service (SaaS).

This section contains the following topics:

For information on the following see the respective link: