Introduction
Authorization within web applications and other applications is typically done by requesting an OAuth / OIDC token. In order to initiate that process, an authentication request can be started. This is typically handled by an OIDC library.
Authentication Request
A simple example could look like this
https://server.example.com/connect/authorize? response_type=code &client_id=s6BhdRkqt3 &scope=openid%20profile%20email &state=af0ifjsldkj &nonce=AF453ADF234ASF2
An in detail documentation off the possible parameters can be found in the OIDC specification.
Parameters
Parameter | Example | Value |
---|---|---|
| oidc email profile | The requested scopes that define what data will be available to the client. |
| code | Impacts the OIDC flow.
|
| 01d084c3a2a44043b28934d6a9dde00d | The identifier of the client. |
| https://my.application.ch/signing-oidc | Where the user will be redirected to after a successful authentication. |
| 4af227e317634c2e8000e4cb3a67ddf4 | Opaque value to contain the state. The authentication server will send that state back to the client. |
| form_post | Impacts the return mode of the request. |
| fbf6481c19244b9581fd1df815f719ef | String value used to associate a Client session with an ID Token, and to mitigate replay attacks. |
| login | Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
|
| 90 | Maximum Authentication Age in seconds. |
| de | Determinates the UI language. |
| e79d58a3a157447294869651cc5ec877 | ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. |
| username | Can indicate the user that needs to authenticate. |
|
| See the https://itsense.atlassian.net/wiki/spaces/IKB/pages/486965311/Level+of+Authentication#ACR-Values |