This topic guides you through consuming an OpenID connect basic client profile that is based on authorization code flow. The following steps outline the flow according to the OpenID specification.
- The client prepares an authentication request containing the desired request parameters.
- The client sends the request to the authorization server.
- The authorization server authenticates the end-user.
- The authorization server obtains end-user consent/authorization.
- The authorization server sends the end-user back to the client with an authorization code.
- The client requests a response using the authorization code at the token endpoint.
- The client receives a response that contains an ID token and an access token in the response body.
- The client validates the ID token and retrieves the end-user's subject identifier.
The following parameters are mandatory and have to be included in the authorization request in order to execute this flow.
|scope||Specifies the behaviour of the request. |
Determines which authorization processing flow is to be used, including what parameters are returned from the endpoints used.
|client_id||The OAuth 2.0 Client Identifier valid at the authorization server.|
|redirect_uri/callback_uri||The URI which the authorization server should send the response to.|