Introduction

Authorization within web applications and other applications is typically done by requesting an OAuth / OIDC token. In order to initiate that process, an authentication request can be started. This is typically handled by an OIDC library.

Authentication Request

A simple example could look like this

https://server.example.com/connect/authorize?
    response_type=code
    &client_id=s6BhdRkqt3
    &scope=openid%20profile%20email
    &state=af0ifjsldkj
    &nonce=AF453ADF234ASF2

An in detail documentation off the possible parameters can be found in the OIDC specification.

Parameters

Parameter	Value
`scope`	The requested scopes that define what data will be available to the client.
`response_type`	Impacts the OIDC flow.
`client_id`	The identifier of the client.
`redirect_uri`	Where the user will be redirected to after a successful authentication.
`state`	Opaque value to contain the state.
`response_mode`	Impacts the return mode of the request.
`nonce`	String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
`display`	ASCII string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User.
`prompt`	Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
`max_age`	Maximum Authentication Age.
`ui_locales`	Determinates the UI language.
`id_token_hint`	D Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.
`login_hint`	Can indicate the user that needs to authenticate.
`acr_values`	See the https://itsense.atlassian.net/wiki/spaces/IKB/pages/486965311/Level+of+Authentication#ACR-Values