End user

(Resource Owner)


OIDC Client

OIDC Provider

Selected IDP

Service option

Additional Info

Supplementary Service

(Resource Server)

0: login request

0: click login

1: redir: authorize request

1:authorize request

2: redir: auth request



6: init idp session

2: auth request


3: get session params

8: idp gui

9: idp auth

10: auth response


16: redir: authorize response

17: authorize response


11: redir: consent request

12:  consent request

14: consent gui


13: get scopes

15: consent response


18: get access token

19 userinfo request

23: login response

21: get additional info

22: userinfo response



5: idp init request

7: idp init response







Open session with

OIDC Provider

Analyze OIDC session params to determine IDP handling

Open session with IDP service

Complete session with IDP service

9: interact with

idp gui

14: interact with

consent gui

4: idp selector

4: interact with

selector gui

Close session with

OIDC Provider and

return ID Token

(hybrid flow)

Analyze OIDC session scopes


User is authenticated with OIDC Provider via selected IDP Service

IDP Service re-directs  back to OIDC Provider

User is authenticated and has given consented access to additional info

Retrieve additional info on user based on consent

Return Access Token to be used in request for additional info


20: validate access token