FortiAuthenticator can act as an authorization server to issue and manage OAuth access tokens via a set of REST API endpoints. An OAuth client is issued an OAuth access token by FortiAuthenticator after successfully providing its login credentials. The OAuth client can then use this access token as proof of authorization to access a third-party service. The third-party service may contact FortiAuthenticator to validate any given OAuth access token.
To enable OAuth service access, enable the Auth Service API (/api/v1/oauth) service on applicable network interface(s) under System > Network > Interfaces.
You can use OpenID Connect (OIDC) by configuring an authentication policy, authorization code, and OIDC claim(s) for participating clients. See Relying Party.
OIDC only works with remote users if their account has been imported to the FortiAuthenticator configuration.
This section contains the following topics: