OpenID Connect Authorization Code Flow
  • 08 Jul 2024
  • 1 Minute to read
  • Dark
    Light

OpenID Connect Authorization Code Flow

  • Dark
    Light

Article summary

Issue a GET or POST to /idp/profile/oidc/auth with the following parameters.

Parameter

Type

Description

scope

String required

Space-delimited list of scopes. Must contain the value "openid".

response_type

String required

“code”

client_id

String required

The OAuth 2.0 Client Identifier.

redirect_uri

String required

A callback URL previously registered for the client.

state

String optional

An opaque value used by the client application to maintain state between the request and callback.

response_mode

String optional

Not Used

nonce

String optional

String value used to associate a Client session with an ID Token, and to mitigate replay attacks.

display

String optional

RapidIdentity currently supports the value "page".

prompt

String optional

RapidIdentity currently supports the "none" and "login" values.

max_age

String optional

Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated.

ui_locales

String optional

End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 language tag values, ordered by preference.

id_token_hint

String optional

ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.

** Note: Encrypted id_token_hint values are not supported at this time

login_hint

String optional

Not Used.

acr_values

String optional

Not Used

If the authenticating user does not already have an authenticated Federation session, they will be redirected to the login page.

After successful authentication or validation of the user’s current session, the browser will be redirected to the callback URL with a “code” parameter and a “state” parameter (if one was supplied in the initial request).

The “code” must be exchanged for an access token and an ID Token in the next step.


Was this article helpful?

ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence