Token Endpoint Options
Token Grants
Axioms support following OAuth2 token grants.
| Grant Type | Supported | Enabled by default | Description |
|---|---|---|---|
| Authorization Code | Yes | Yes | Used by clients to exchange an authorization code for id_token, access_token, optionally refresh_token on behalf of user. Typically used by standard web, mobile and single-page applications |
| Client Credential | Yes | Yes | Used by clients to obtain access_token, optionally refresh_token outside of the context of a user. Typically used by service account and IoT applications to access data about themselves. |
| Refresh Token | Yes | Yes | Used to exchange a refresh_token for an access_token when the access token has expired. |
| Username Password | Yes | No | Used by a highly-trusted client to obtain access_token, optionally refresh_token on behalf of user. For security reasons, this grant type is not recommended. |
| Device Code | Yes | Yes | Used by clients with limited or constrained browsing or user interaction capabilities to obtain access_token, optionally refresh_token on behalf of user. Typically used by IoT devices such Smart TV, Refrigerators, command-line interface (CLI) applications. |
Authorization Endpoint Options
Navigate to Tenant and then find Token Endpoint Options panel under Tenant Settings tab. You can enable or disable one or more grant types and click Update Details.
