What are authentication flows specified in OpenID Connect?

OpenID Connect supports 3 authentication data flows:

1. Authorization Code Flow - The Authorization Code Flow is more complex to implement. But it is more secure. In the Authorization Code Flow, only a short authorization code is returned to the User Agent from the OpenID Provider. The actual authentication information is returned to the Reply Party only.

2. Implicit Flow - The Implicit Flow is simple to implement. But it is less secure. In the Implicit Flow, the actual authentication information is returned to the User Agent from the OpenID Provider.

3. Hybrid Flow, also called OAuth 2.0 Multiple Response Type Encoding Practices - In the Hybrid Flow, some authentication information is returned to the User Agent from the OpenID Provider. And additional authentication information is returned to the Reply Party.

 

⇒ OpenID Connect Authorization Code Flow

⇐ Components Involved in OpenID Connect Authentication

⇑ OpenID Connect Authentication Flows

⇑⇑ OpenID Tutorials