Share via


1.5 Prerequisites/Preconditions

The OAuth 2.0 Protocol Extensions for Broker Clients define extensions to [RFC6749] and [MS-OAPX]. A prerequisite to implementing the OAuth 2.0 Protocol Extensions is that the REQUIRED parts of [RFC6749] have been implemented on the AD FS server.

These extensions also assume that if the OAuth 2.0 client requests authorization for a particular resource, or relying party, secured by the AD FS server, the client knows the identifier of that resource. These extensions also assume that the OAuth 2.0 client knows its own client identifier and all relevant client authentication information if it is a confidential client.

The client runs on a device for which there is a corresponding msDS-Device object in Active Directory with the following additional requirements:

The OAuth 2.0 Protocol Extensions for Broker Clients assume that they, the OAuth 2.0 Protocol Extensions [MS-OAPX], and the OpenID Connect 1.0 Protocol Extensions [MS-OIDCE], if being used, are all be running on the same AD FS server.