Users connecting services to the eduTEAMS Service using OpenID Connect (OIDC) will need to choose which Grants they their services need. This page and the following table presents present guidance for the recommended and supported configurations.
...
| Grants | offline_access | Client authentication methods | PKCE | |
|---|---|---|---|---|
authorization_code | false | client_secret_basic and client_secret_post | false | |
authorization_code | false | client_secret_basic and client_secret_post | true | |
authorization_code | false | public | false | |
authorization_code | false | public | true | |
authorization_code and refresh_token | true | client_secret_basic and client_secret_post | false | |
authorization_code and refresh_token | true | client_secret_basic and client_secret_post | true | |
authorization_code and refresh_token | true | public | true | |
authorization_code and token-exchange | false | client_secret_basic and client_secret_post | false | |
authorization_code and token-exchange | false | client_secret_basic and client_secret_post | true | |
authorization_code and token-exchange | false | public | true | |
authorization_code and refresh_token and token-exchange | true | client_secret_basic and client_secret_post | false | |
authorization_code and refresh_token and token-exchange | true | public | true | |
device_code | false | public | false | |
device_code and refresh_token | true | public | false | |
implicit | false | public | false | |