This topic guides you through consuming an OpenID connect basic client profile that is based on authorization code flow. The following steps outline the flow according to the OpenID specification.
- The client prepares an authentication request containing the desired request parameters.
- The client sends the request to the authorization server.
- The authorization server authenticates the end-user.
- The authorization server obtains end-user consent/authorization.
- The authorization server sends the end-user back to the client with an authorization code.
- The client requests a response using the authorization code at the token endpoint.
- The client receives a response that contains an ID token and an access token in the response body.
- The client validates the ID token and retrieves the end-user's subject identifier.
The following parameters are mandatory and have to be included in the authorization request in order to execute this flow.
Parameter | Description |
---|---|
scope | Specifies the behaviour of the request. Value: "openid" |
response_type | Determines which authorization processing flow is to be used, including what parameters are returned from the endpoints used. |
client_id | The OAuth 2.0 Client Identifier valid at the authorization server. |
redirect_uri/callback_uri | The URI which the authorization server should send the response to. |
Related Topics
- See the Basic Client Profile with Playground topic to try out this flow with the playground sample for OAuth in WSO2 Identity Server.
Overview
Content Tools
Activity