This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

OpenID Connect Basic Client Profile

This topic guides you through consuming an OpenID connect basic client profile that is based on authorization code flow. The following steps outline the flow according to the OpenID specification. 

  1. The client prepares an authentication request containing the desired request parameters.
  2. The client sends the request to the authorization server.
  3. The authorization server authenticates the end-user.
  4. The authorization server obtains end-user consent/authorization.
  5. The authorization server sends the end-user back to the client with an authorization code.
  6. The client requests a response using the authorization code at the token endpoint.
  7. The client receives a response that contains an ID token and an access token in the response body.
  8. The client validates the ID token and retrieves the end-user's subject identifier.

The following parameters are mandatory and have to be included in the authorization request in order to execute this flow. 

ParameterDescription
scopeSpecifies the behaviour of the request.
Value: "openid" 
response_type

Determines which authorization processing flow is to be used, including what parameters are returned from the endpoints used.
Value: "code" 

client_idThe OAuth 2.0 Client Identifier valid at the authorization server.
redirect_uri/callback_uriThe URI which the authorization server should send the response to.
Related Topics