OIDC Implicit Flow (Legacy)
OpenID Connect Implicit flow returns tokens directly from the authorization endpoint (OIDC Core §3.2). ⚠️ DEPRECATED: Not recommended for new applications due to token exposure in browser history and URL. Use Authorization Code + PKCE instead.
OIDC Implicit Flow (Legacy)
OpenID Connect Implicit flow returns tokens directly from the authorization endpoint (OIDC Core §3.2). ⚠️ DEPRECATED: Not recommended for new applications due to token exposure in browser history and URL. Use Authorization Code + PKCE instead.
ID Token
Sequence Diagram
Click any step for details
Request
Response
Redirect
Internal
Step-by-Step Breakdown
1
Authentication Request
Client → OpenID Provider
2
User Authentication & Consent
User → OpenID Provider
3
Token Response via Fragment
OpenID Provider → Client
4
ID Token Validation
Client → Client
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.