Share via

1.3 Overview

  • Article

Active Directory Federation Services (AD FS) implements parts of the OAuth 2.0 Authorization Framework [RFC6749] and extends it. Those extensions are the OAuth 2.0 Protocol Extensions and are specified in this document. They are implemented by OAuth 2.0 clients that request authorization from AD FS servers using the OAuth 2.0 protocol.

Note  Throughout this specification, the fictitious names "client.example.com" and "server.example.com" are used, which are examples in [RFC6749].

In addition to the terms specified in the Glossary (section 1.1), the following terms are used in this document:

From [RFC6749]:

  • access token

  • access token request

  • access token response

  • authorization code

  • authorization code grant

  • authorization request

  • authorization response

  • authorization server

  • client identifier

  • confidential client

  • redirection URI

  • refresh token

  • resource owner

From [OIDCCore]:

  • ID token

From [RFC8628]:

  • Device Verification Code

  • User code

  • Verification URI