End user

(Resource Owner)

User-Agent

OIDC Client

OIDC Provider

IDP Service

Supplementary Service

(Resource Server)

0: login request

0: click login

1: redir: authorize request

1:authorize request

2: redir: auth request

OIDC GUI

re-direct

/authorize

6: init idp session

2: auth request

re-direct

3: get session params

8: idp gui

9: idp auth

10: auth response

re-direct

16: redir: authorize response

17: authorize response

re-direct

/authorize

11: redir: consent request

12:  consent request

14: consent gui

re-direct

13: get scopes

15: consent response

re-direct

18: get access token

/token

19 userinfo request

/userinfo

22: login response

20: get additional info

21: userinfo response

/userinfo

/login

/login

5: idp init request

7: idp init response

/session

/idp

/idp

/auth

/consent

/auth

Open session with

OIDC Provider

Analyze OIDC session params

Open session with IDP service

Complete session with IDP service

9: interact with

idp gui

14: interact with

consent gui

4: idp selector

4: interact with

selector gui