End user

(Resource Owner)

User-Agent

OIDC Client

OIDC Provider

IDP Service

Supplementary Service

(Resource Server)

0: login request

0: click login

1: redir: authorize request

1:authorize request

3: redir: auth request

OIDC GUI

re-direct

/authorize

6: init idp session

3: auth request

re-direct

4: get session info

8: idp gui

9: idp auth

10: auth response

re-direct

11: redir: authorize response

11: authorize response

re-direct

/authorize

11: redir: consent request

12:  consent request

10: consent gui

re-direct

9: get scopes

10: consent response

re-direct

12: get access token

/token

13: userinfo request

/userinfo

16: login response

14: get additional info

15: userinfo response

/userinfo

/login

/login

5: idp init request

7: idp init response

/session

/idp

/idp

/auth

/consent

/auth

Open new session and save params for later retrival

5: idp init request