== Other OpenID Connect libraries

OAuth2 https://tools.ietf.org/html/rfc6749
OpenID Connect http://openid.net/connect/


=== Endpoints

TODO

=== Flows

==== Authorization Grant

==== Implicit

==== Resource Owner Password Credentials

==== Client Credentials

=== Redirect URIs

Keycloak provides two special redirect uris for installed applications.

[[_installed_applications_url]]
==== Installed Applications url

http://localhost

This returns the code to a web server on the client as a query parameter.
Any port number is allowed.
This makes it possible to start a web server for the installed application on any free port number without requiring changes in the `Admin Console`.

[[_installed_applications_urn]]
==== Installed Applications urn

`urn:ietf:wg:oauth:2.0:oob`

If its not possible to start a web server in the client (or a browser is not available) it is possible to use the special `urn:ietf:wg:oauth:2.0:oob` redirect uri.
When this redirect uri is used Keycloak displays a page with the code in the title and in a box on the page.
The application can either detect that the browser title has changed, or the user can copy/paste the code manually to the application.
With this redirect uri it is also possible for a user to use a different device to obtain a code to paste back to the application.

=== Session Management

=== Dynamic Client Registration