Protocol reference
TraffiTech speaks the standard identity protocols so your existing IdP, apps, and provisioning tools work without custom code.
Supported
| Protocol | What it's for | Learn more |
|---|---|---|
| OAuth 2.0 | Authorization - delegated access for backend services and APIs; the substrate of OIDC | OAuth 2.0 |
| OpenID Connect (OIDC) | Authentication - signing users in from SPAs, web apps, and mobile clients | OpenID Connect |
| SCIM 2.0 | User provisioning - sync users from an enterprise directory (e.g. Microsoft Entra ID) | User Provisioning (SCIM) |
How they relate
OIDC, OAuth, and SCIM solve three different problems and are usually used together:
- OAuth 2.0 gives a client an access token that represents a delegated permission ("this app is allowed to read your data").
- OpenID Connect builds on OAuth to also answer "who is the user?" - it adds an ID token that carries user identity claims.
- SCIM is completely separate from sign-in: it's how your IdP pushes the list of users (and their attribute changes, deactivations) into TraffiTech on a schedule.
If you only need sign-in, you need OIDC. If you also want your IdP to keep user accounts in sync, add SCIM.