OpenID Connect Authorization Code Flow

Q

What is the authentication code flow specified in OpenID Connect?

✍: FYIcenter.com

A

The Authorization Code Flow is most secure authentication flow specified in OpenID Connect. Here are the steps of the Authorization Code flow given in the OpenID Connect 1.0 specification:

  • Rely Party prepares an authentication request containing the desired request parameters.
  • User Agent sends the request to the OpenID Provider.
  • OpenID Provider authenticates the End User.
  • OpenID Provider obtains End User's consent to release information to the Rely Party.
  • OpenID Provider sends the User Agent back an authorization code.
  • Rely Party sends a token request using the authorization code to the OpenID Provider.
  • OpenID Provider sends an ID Token and Access Token back to the Rely Party.
  • OpenID Provider validates the ID Token and Access Token, then lets the End User to access Rely Party's application.

 

What Is id_token

What Are Authentication Flows

OpenID Connect Authentication Flows

⇑⇑ OpenID Tutorials

2019-01-14, 464👍, 0💬