/authorize
/authorize
/token
/userinfo
/userinfo
End user
(Resource Owner)
User-Agent
OIDC Client
OIDC Provider
IDP Service
TINFO Service
(Resource Server)
1: login request
1: click login
2: redir: authorize request
2:authorize request
3: redir: auth request
OIDC GUI
(default)
re-direct
7: init idp session
3: auth request
re-direct
4: get session params
9: idp gui
10: idp auth
11: auth response
re-direct
16: redir: authorize response
16: authorize response
re-direct
12: redir: consent request
12: consent request
14: consent gui
re-direct
13: get scopes
15: consent response
re-direct
17: get access token
18 userinfo request
22: login response
20: get additional info
21: userinfo response
/login
/login
6: idp init request
8: idp init response
/session
/idp
/idp
/auth
/consent
/auth
Open session with
OIDC Provider
Analyze OIDC session params to determine IDP handling
Open session with IDP service
Complete session with IDP service
10: interact with
idp gui
14: interact with
consent gui
5: idp selector
5: interact with
selector gui
Close session with
OIDC Provider and
return ID Token
(hybrid flow)
Analyze OIDC session scopes
/scopes
User is authenticated with OIDC Provider via selected IDP Service
IDP Service re-directs back to OIDC Provider
User is authenticated and has given consented access to additional info
Retrieve additional info on user based on consent
Return Access Token to be used in request for additional info
/introspect
19: validate access token