Old inbound integrations experience
Old experience - Inbound integrations.
Note:
You can perform the OAuth inbound configuration, depending on the following type of grant type:
- OAuth authorization code grant flowNote:For authorization code flow, user needs to complete the Authentication by local login, SSO or MFA and then provide consent.
- Password grant
- JWT bearer grant flow
- ID token flow
- OAuth implicit grants
- Client Credentials
Configure OAuth integration that includes the following enhancements from Zurich release:
- Increase client secret length up-to 4096 characters to meet security requirements of third-party systems.
- Provide a JSON Web Key Set (JWKS) URL to automatically manage and update the public key for JSON Web Tokens (JWT) signature validation.
- Request OAuth tokens using the JWT grant type signed with Elliptic Curve Digital Signature Algorithm (ES) signing algorithms, including ES256, ES384, and ES512, for inbound JSON Web Tokens (JWT).
- Customize the JWT ID (JTI) claim name in both inbound OpenID Connect (OIDC) and JWT Bearer flows.