Versions Compared

Old Version 1

changes.mady.by.user Frode Nilsen (Unlicensed)

Saved on

compared with

New Version 2

changes.mady.by.user Frode Nilsen (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version Moscow_OIDC

When integrating towards to OIDC platform you will need to provide a redirect_uri where you will receive the Authorization Code/Token. Traditionally this This is done by specifying an endpoint in the backend of your web application. By default  Using the JS Connector do with its default redirect mode does not need any special considerations on the backend, but when using method inline or window, you can integrate further with the JS Connector. See the following sections for further information on Back-end implementation of the JS Connector:

...

Finally this will cause the callback function passed in the doConnect method to be called with the data retrieved in the authentication response

With specific token_url and/or userinfo_url (experimental feature)

You can have the JS Connector call token_url and userinfo_url endpoints with the received data from the authentication response.

Token endpoint (token_url)

...

JSON

{
    access_token: "654fe6f11ad61ceb1697d643b5fc59", 
    token_type: "Bearer", 
    expires_in: 3600, 
    scope: "openid phone address", 
    id_token: "...."  // JWT
}

...

Userinfo endpoint (userinfo_url)

Using the access token (which also could be stored on the server) to access user information OIDC.

...

JSON

{
 "sub": "9578-6000-4-127698",
 "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
"iat": 1485866449,

...

Implementing redirect_uri when using code flow or hybrid flow

The implicit flow is special since it contains both the id_token and the access_token directly the requests to the redirect_uri, thus making back-end handling trivial. With the code flow and hybrid flow the back-end becomes slightly more complex since the Token endpoint must be called from the back-end to retrieve a complete set of tokens. It is beyond the scope of the JS Connector to describe how the response from the Token endpoint is further handled across the back-end and front-end of the merchant site.

Implementing redirect_uri when using Value Added Services

When using a Value Added Service, eg. TINFO Userinfo, with the JS Connector, the back-end implementation must also handle the request for such services based on an access_token that is delivered to the back-end along with the id_token, either directly in the request to the redirect_uri for implicit_mode or indirectly via an intermediate exchange with the Token Endpoint for code flow and hybrid flow. It is beyond the scope of the JS Connector to describe how the response from any Value Added Service is further handled across the back-end and front-end of the merchant site.