Loading
Salesforce から送信されるメールは、承認済ドメインからのみとなります続きを読む

How to Check What Grant Types an OIDC Server Supports

公開日: Aug 5, 2025
タスク

GOAL

When configuring Anypoint Platform external identity client management with OpenID Connect (OIDC), it's important to understand what grant types the external OIDC server supports. So that when creating an application client in Anypoint Platform, you won't get unexpected responses. This article explains how to find out what grant types are supported by the external OIDC server.
ステップ

Step 1, get OIDC discovery/well-known document

OpenID Connect metadata document, aka "OIDC discovery/well-known" document, has the information of the URLs we need to configure OpenID Connect in Anypoint Platform. 

The OIDC discovery/well-known document URL is normally: $ISSUER/.well-known/openid-configuration. For example: https://mulesoft.okta.com/.well-known/openid-configuration

Please reference vendor-specific docs below:
  • For Auth0, please check here
  • For Microsoft Azure, please check here
  • For Okta, please check here
  • For OpenAM, please check here
  • For PingFederate, please check here
  • For Salesforce, please check here

Step 2, locate the grant types from the OIDC metadata document


Take Okta as an example, the discovery/well-known document: https://mulesoft.okta.com/.well-known/openid-configuration, search for "grant_types_supported"
  
"grant_types_supported": [
  "authorization_code",
  "implicit",
  "refresh_token",
  "password"
],
which lists 4 grant types. Please make sure the grant types you are going to create in Anypoint Platform is listed here.

If "grant_types_supported" is not present, it defaults to authorization_code, implicit, and refresh_token. By default Okta Open ID does not default client credentials grant type. One needs to enable it at Okta end.
 

Reference

ナレッジ記事番号

001116987

 
読み込み中
Salesforce Help | Article