OIDC Authorization Code Flow
OpenID Connect 1.0 authentication using the OAuth 2.0 Authorization Code flow (OIDC Core §3.1). Adds an ID Token containing identity claims about the authenticated user. Most secure flow for server-side applications.
OIDC Authorization Code Flow
OpenID Connect 1.0 authentication using the OAuth 2.0 Authorization Code flow (OIDC Core §3.1). Adds an ID Token containing identity claims about the authenticated user. Most secure flow for server-side applications.
ID Token
Sequence Diagram
Click any step for details
Request
Response
Redirect
Internal
Step-by-Step Breakdown
1
Discovery Document Fetch
Client → OpenID Provider
2
JWKS Fetch
Client → OpenID Provider
3
Authentication Request
Client → OpenID Provider
4
User Authentication
User → OpenID Provider
5
User Consent
User → OpenID Provider
6
Authorization Code Response
OpenID Provider → Client
7
Token Request
Client → OpenID Provider
8
Token Response with ID Token
OpenID Provider → Client
9
ID Token Validation
Client → Client
10
UserInfo Request (Optional)
Client → OpenID Provider
11
UserInfo Response
OpenID Provider → Client
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.