OpenID Connect Authorization Code Flow

Q

What is the authentication code flow specified in OpenID Connect?

✍: FYIcenter.com

A

The Authorization Code Flow is most secure authentication flow specified in OpenID Connect. Here are the steps of the Authorization Code flow given in the OpenID Connect 1.0 specification:

  • Rely Party prepares an authentication request containing the desired request parameters.
  • User Agent sends the request to the OpenID Provider.
  • OpenID Provider authenticates the End User.
  • OpenID Provider obtains End User's consent to release information to the Rely Party.
  • OpenID Provider sends the User Agent back an authorization code.
  • Rely Party sends a token request using the authorization code to the OpenID Provider.
  • OpenID Provider sends an ID Token and Access Token back to the Rely Party.
  • OpenID Provider validates the ID Token and Access Token, then lets the End User to access Rely Party's application.

 

⇒ What Is id_token

⇐ What Are Authentication Flows

⇑ OpenID Connect Authentication Flows

⇑⇑ OpenID Tutorials

2021-08-11, 637👍, 0💬