== Other OpenID Connect libraries OAuth2 https://tools.ietf.org/html/rfc6749 OpenID Connect http://openid.net/connect/ === Endpoints TODO === Flows ==== Authorization Grant ==== Implicit [[_resource_owner_password_credentials_flow]] ==== Resource Owner Password Credentials ==== Client Credentials === Redirect URIs Keycloak provides two special redirect uris for installed applications. [[_installed_applications_url]] ==== Installed Applications url http://localhost This returns the code to a web server on the client as a query parameter. Any port number is allowed. This makes it possible to start a web server for the installed application on any free port number without requiring changes in the `Admin Console`. [[_installed_applications_urn]] ==== Installed Applications urn `urn:ietf:wg:oauth:2.0:oob` If its not possible to start a web server in the client (or a browser is not available) it is possible to use the special `urn:ietf:wg:oauth:2.0:oob` redirect uri. When this redirect uri is used Keycloak displays a page with the code in the title and in a box on the page. The application can either detect that the browser title has changed, or the user can copy/paste the code manually to the application. With this redirect uri it is also possible for a user to use a different device to obtain a code to paste back to the application. === Session Management === Dynamic Client Registration