oidc hybrid flow

Others 2019-11-20 23:46:45 views: null

3.3.1. Hybrid Flow Steps
The Hybrid Flow follows the following steps:

Client prepares an Authentication Request containing the desired request parameters.
Client sends the request to the Authorization Server.
Authorization Server Authenticates the End-User.
Authorization Server obtains End-User Consent/Authorization.
Authorization Server sends the End-User back to the Client with an Authorization Code and, depending on the Response Type, one or more additional parameters.
Client requests a response using the Authorization Code at the Token Endpoint.
Client receives a response that contains an ID Token and Access Token in the response body.
Client validates the ID Token and retrieves the End-User's Subject Identifier.

3.2.1. Implicit Flow Steps
The Implicit Flow follows the following steps:

Client prepares an Authentication Request containing the desired request parameters.
Client sends the request to the Authorization Server.
Authorization Server Authenticates the End-User.
Authorization Server obtains End-User Consent/Authorization.
Authorization Server sends the End-User back to the Client with an ID Token and, if requested, an Access Token.
Client validates the ID token and retrieves the End-User's Subject Identifier.

3.3.2.5. Successful Authentication Response
When using the Hybrid Flow, Authentication Responses are made in the same manner as for the Implicit Flow, as defined in Section 3.2.2.5, with the exception of the differences specified in this section.

These Authorization Endpoint results are used in the following manner:

access_token
OAuth 2.0 Access Token. This is returned when the response_type value used is code token, or code id_token token. (A token_type value is also returned in the same cases.)
id_token
ID Token. This is returned when the response_type value used is code id_token or code id_token token.
code
Authorization Code. This is always returned when using the Hybrid Flow.
The following is a non-normative example of a successful response using the Hybrid Flow (with line wraps for the display purposes only):

  HTTP/1.1 302 Found
  Location: https://client.example.org/cb#
    code=SplxlOBeZQQYbYS6WxSbIA
    &id_token=eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso
    &state=af0ifjsldkj

https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowSteps
https://openid.net/specs/openid-connect-core-1_0.html#HybridFlowSteps
https://www.cnblogs.com/stulzq/p/7833480.html

Guess you like

Origin www.cnblogs.com/wswind/p/11901789.html
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com