Introduction
Authorization within web applications and other applications is typically done by requesting an OAuth / OIDC token. In order to initiate that process, an authentication request can be started. This is typically handled by an OIDC library.
Authentication Request
A simple example could look like this
https://server.example.com/connect/authorize?
response_type=code
&client_id=s6BhdRkqt3
&scope=openid%20profile%20email
&state=af0ifjsldkj
&nonce=AF453ADF234ASF2
An in detail documentation off the possible parameters can be found in the OIDC specification.
Parameters
Parameter | Value |
|---|---|
scope | The requested scopes that define what data will be available to the client. |
response_type | Impacts the OIDC flow. |
client_id | The identifier of the client. |
redirect_uri | Where the user will be redirected to after a successful authentication. |
state | Opaque value to contain the state. |
response_mode | Impacts the return mode of the request. |
nonce | String value used to associate a Client session with an ID Token, and to mitigate replay attacks. |
display | ASCII string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. |
prompt | Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. |
max_age | Maximum Authentication Age. |
ui_locales | Determinates the UI language. |
id_token_hint | D Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. |
login_hint | Can indicate the user that needs to authenticate. |
acr_values | See the https://itsense.atlassian.net/wiki/spaces/IKB/pages/486965311/Level+of+Authentication#ACR-Values |