This documentation is for WSO2 Identity Server 5.4.1 . View documentation for the latest release.

All docs This doc
Skip to end of metadata
Go to start of metadata

This section guides you through consuming an OpenID connect implicit client profile that is based on implicit flow. The following steps outline the flow according to the OpenID specification. 

  1. The client prepares an authentication request containing the desired request parameters.
  2. The client sends the request to the authorization server.
  3. The authorization server authenticates the end-user.
  4. The authorization server obtains end-user consent/authorization.
  5. The athorization server sends the end-user back to the client with an ID token and, if requested, an access token.
  6. The client validates the ID token and retrieves the end-user's subject identifier.

The following parameters are mandatory and have to be included in the authorization request in order to execute this flow. 

Note: The following parameters have a different usage in the implicit flow vs its usage in the authorization code flow.

  • response_type
  • redirect_uri/callback_uri
  • nonce
scopeSpecifies the behaviour of the request. 
Value: "openid" 
client_idThe OAuth 2.0 Client Identifier valid at the authorization server.

Determines which authorization processing flow is to be used, including what parameters are returned from the endpoints used.
"id_token token" or "id_token"

  • id_token token:  The ID token is issued together with the access token.
  • id_token: Only the id token is returned and no access token is returned.
redirect_uri/callback_uriThe URI which the authorization server should send the response to.
nonceAssociates a client session with an ID Token to mitigate replay attacks. The value is passed through unmodified from the authentication request to the ID Token.

for details about oidc-scope-config.xml file, see excerpt below:

OpenID Connect Basic Client Profile

Related Topics