Versions Compared

Version Old Version 5 New Version Current
Changes made by

Silvan Grüter

Silvan Grüter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

An in detail documentation off the possible parameters can be found in the OIDC specification.

Parameters

Parameter

Example

Value

scope

oidc email profile

The requested scopes that define what data will be available to the client.

response_type

code

Impacts the OIDC flow.

id_token requests an identity token

token requests an access token

id_token token requests an identity token and an access token

code requests an authorization code

code id_token requests an authorization code and identity token

code id_token token requests an authorization code, identity token and access token

client_id

01d084c3a2a44043b28934d6a9dde00d

The identifier of the client.

redirect_uri

https://my.application.ch/signing-oidc

Where the user will be redirected to after a successful authentication.

state

4af227e317634c2e8000e4cb3a67ddf4

Opaque value to contain the state. The authentication server will send that state back to the client.

response_mode

form_post

Impacts the return mode of the request. The following response types are supported:

  • query

  • fragement

  • form_post

Note: From a security point of view, form_post is to be favored!

nonce

fbf6481c19244b9581fd1df815f719ef

String value used to associate a Client session with an ID Token, and to mitigate replay attacks.

prompt

login

Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent.

none no UI will be shown during the request. If this is not possible (e.g. because the user has to sign in or consent) an error is returned

login the login UI will be shown, even if the user is already signed-in and has a valid session

max_age

90

Maximum Authentication Age in seconds.

ui_locales

de

Determinates the UI language.

id_token_hint

e79d58a3a157447294869651cc5ec877

ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.

login_hint

username

Can indicate the user that needs to authenticate.

acr_values

urn:coreone:authentication:loa:user:max

See the https://itsense.atlassian.net/wiki/spaces/IKB/pages/486965311/Level+of+Authentication#ACR-Values