Underneath OAuth Server > Grant Mapping is where you begin to configure the first stage of the two-stage OAuth attribute mapping process. You can map from authentication sources (IdP adapter instances or IdP connections), authentication policy contracts, or Password Credential Validator instances (for resource owner credentials) to persistent grants. You may define issuance criteria to control whether a fulfillment can be made. Persistent grants (and the associated attributes and their values, if any) remain valid until the grants expired or are explicitly revoked or cleaned up.