This section guides you through consuming an OpenID connect implicit client profile that is based on implicit flow. The following steps outline the flow according to the OpenID specification.
- The client prepares an authentication request containing the desired request parameters.
- The client sends the request to the authorization server.
- The authorization server authenticates the end-user.
- The authorization server obtains end-user consent/authorization.
- The athorization server sends the end-user back to the client with an ID token and, if requested, an access token.
- The client validates the ID token and retrieves the end-user's subject identifier.
The following parameters are mandatory and have to be included in the authorization request in order to execute this flow.
Note: The following parameters have a different usage in the implicit flow vs its usage in the authorization code flow.
|scope||Specifies the behaviour of the request. |
|client_id||The OAuth 2.0 Client Identifier valid at the authorization server.|
Determines which authorization processing flow is to be used, including what parameters are returned from the endpoints used.
|redirect_uri/callback_uri||The URI which the authorization server should send the response to.|
|nonce||Associates a client session with an ID Token to mitigate replay attacks. The value is passed through unmodified from the authentication request to the ID Token.|
for details about oidc-scope-config.xml file, see excerpt below: