Authorization Code Flow
Issue a GET or POST to /idp/profile/oidc/auth with the following parameters.
Parameter | Type | Description |
|---|---|---|
scope | String required | Space-delimited list of scopes. Must contain the value "openid". |
response_type | String required | "code" |
client_id | String required | The OAuth 2.0 Client Identifier. |
redirect_uri | String required | A callback URL previously registered for the client. |
state | String optional | An opaque value used by the client application to maintain state between the request and callback. |
response_mode | String optional | Not used. |
nonce | String optional | String value used to associate a Client session with an ID Token, and to mitigate replay attacks. |
display | optionalString | RapidIdentity Federation currently supports the value "page". |
prompt | String optional | RapidIdentity Federation currently supports the "none" and "login" values. |
max_age | String optional | Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated. |
ui_locales | String optional | End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. |
id_token_hint | String optional | ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. NoteEncrypted id_token_hint values are not supported at this time. |
login_hint | String optional | Not used. |
acr_values | String optional | Not used. |
If the authenticating user does not already have an authenticated Federation session, they will be redirected to the login page.
After successful authentication or validation of the user's current session, the browser will be redirected to the callback URL with a "code" parameter and a "state" parameter (if one was supplied in the initial request).
The "code" must be exchanged for an access token and an ID Token in the next step.