You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Relying Party creates a SIOP Request with a response_type parameter of "code".
The Provider receives the SIOP Request and validates it.
The Provider presents an authorization prompt to the user and obtains their consent.
The Provider generates an Authorization Code and associates it with the user and the Relying Party.
The Provider redirects the user's browser to the Relying Party's redirect_uri with the Authorization Code.
The Relying Party receives the Authorization Code and sends a direct HTTP POST request to the Provider to exchange it for an ID Token and an Access Token.
The Provider validates the Authorization Code and generates an ID Token and an Access Token.
The Provider sends the ID Token and the Access Token back to the Relying Party in the HTTP response.
We should be able to add support for the Authorization Code Flow in the SIOP Requests, and the Provider should be able to handle the Authorization Code and generate the ID Token and Access Token accordingly. The library should also be able to perform the necessary token exchange requests to obtain the tokens from the Provider.
Motivation
The Authorization Code Flow is an important OAuth 2.0 flow that provides a more secure way of obtaining access tokens compared to the Implicit Flow. This flow is widely used in many applications and is also supported by major identity providers, such as Google and Microsoft. By adding support for the Authorization Code Flow in SIOPv2, we can provide users and developers with a more secure and standardized way of obtaining access tokens, which is crucial for the protection of sensitive user data. Additionally, this will enable more seamless integration of SIOPv2 with other OAuth 2.0 based systems, providing greater flexibility in application design and implementation.
Description
We need to add support for the Authorization Code Flow as described in SIOPv2 and in section 3.1.2 of the OIDC-core standard. The Authorization Code Flow is summarized as follows:
We should be able to add support for the Authorization Code Flow in the SIOP Requests, and the Provider should be able to handle the Authorization Code and generate the ID Token and Access Token accordingly. The library should also be able to perform the necessary token exchange requests to obtain the tokens from the Provider.
Motivation
The Authorization Code Flow is an important OAuth 2.0 flow that provides a more secure way of obtaining access tokens compared to the Implicit Flow. This flow is widely used in many applications and is also supported by major identity providers, such as Google and Microsoft. By adding support for the Authorization Code Flow in SIOPv2, we can provide users and developers with a more secure and standardized way of obtaining access tokens, which is crucial for the protection of sensitive user data. Additionally, this will enable more seamless integration of SIOPv2 with other OAuth 2.0 based systems, providing greater flexibility in application design and implementation.
Resources
SIOPv2
section 3.1.2 of the OIDC-core standard
To-do List
Providertoken_endpointfor theProviderThe text was updated successfully, but these errors were encountered: