This section guides you through consuming an OpenID connect implicit client profile that is based on implicit flow. The following steps outline the flow according to the OpenID specification.
- The client prepares an authentication request containing the desired request parameters.
- The client sends the request to the authorization server.
- The authorization server authenticates the end-user.
- The authorization server obtains end-user consent/authorization.
- The athorization server sends the end-user back to the client with an ID token and, if requested, an access token.
- The client validates the ID token and retrieves the end-user's subject identifier.
The following parameters are mandatory and have to be included in the authorization request in order to execute this flow.
Note: The following parameters have a different usage in the implicit flow vs its usage in the authorization code flow.
- response_type
- redirect_uri/callback_uri
- nonce
Parameter | Description |
|---|---|
| scope | Specifies the behaviour of the request. Value: "openid" |
| client_id | The OAuth 2.0 Client Identifier valid at the authorization server. |
| response_type | Determines which authorization processing flow is to be used, including what parameters are returned from the endpoints used.
|
| redirect_uri/callback_uri | The URI which the authorization server should send the response to. |
| nonce | Associates a client session with an ID Token to mitigate replay attacks. The value is passed through unmodified from the suthentication request to the ID Token. |
Related Topics
- See the Implicit Client Profile with Playground topic to try out this flow with the playground sample for OAuth in WSO2 Identity Server.