Came across a really neat tool for testing:
Also, Vittorio blogged some useful information:
Securing a Web API with Windows Server 2012 R2 ADFS and Katana
So let's put the pieces together.
In ADFS, create a RP as per Vittorio's instructions.
There's no certificate and no endpoints because you don't pick either SAML or WS-Fed.
Unlike my usual RP stuff, the identifier is not a URI.
I made the name and identifier simply "OAuth Test".
Then again following Vittorio,
Add-AdfsClient -Name "OAuth Test" -ClientId "112e0117-ef3d-44c4-a367-5b4bef313d8f" -RedirectUri "https://www.authnauthz.com/oauth/inboundauthenticationresponse" -Description "OAuth client"The ClientID and RedirectURL are from the test tool.
So off to the test tool.
Under OAuth click "OIDC Authentication Request".
The authorisation endpoint is:
Response type: Ensure only code is ticked.
ADFS doesn't support anything else.
Set Resource to "OAuth Test"
Remove all Scope.
ADFS doesn't support any.
Off to ADFS, authenticate as per usual and you'll be be redirected to the Response page in the tool with an authorisation code.