End user

(Resource Owner)

User-Agent

OIDC Client

OIDC Provider

IDP Service

Supplementary Service

(Resource Server)

0: start login

0: click login

1: redir: authorize request

1:authorize request

3: redir: authenticate

OIDC GUI

re-direct

/authorize

2: idp session

3: authenticate

re-direct

4: get session info

5: idp gui

6: idp auth

7: idp done

re-direct

11: redir: authorize response

11: authorize response

re-direct

/authorize

C

C

8: redir: consent

8:  consent

10: consent gui

re-direct

9: get scopes

10: consent done

re-direct

12: get access token

/token

13: userinfo request

/userinfo

1: redir: authorize request

13: userinfo request