Overview#

Authentication Request in OpenID Connect is an Authorization Request that requests that the Resource Owner be authenticated by the Authorization Server.

The Authentication Request is specifically identified from an OAuth 2.0 Authorization Request by the presence present only when the "OpenID" OAuth Scope value is present.

OAuth 2.0 Authentication Request using extension parameters and scopes defined by OpenID Connect to request that the Human participant be authenticated by the Authorization Server, which is an OpenID Connect Provider, to the OAuth Client, which is an OpenID Connect Relying Party.

Authorization Servers MUST support the use of the HTTP GET and HTTP POST methods defined in at the Authorization_endpoint. OAuth Clients MAY use the HTTP GET or HTTP POST methods to send the Authentication Request to the Authorization Server. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization. If using the HTTP POST method, the request parameters are serialized using Form Serialization.

Authentication Request Validation#

The Authorization Server MUST validate the Authentication Request received as follows:

As specified in OAuth 2.0 RFC 6749, Authorization Servers SHOULD ignore unrecognized Authentication Request parameters.

If the Authorization Server encounters any error, it MUST return an error response, OpenID Connect Core 1.0 per Section 3.1.2.6.

If no errors are encountered, then the following proceeds:

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-20) was last changed on 25-Jun-2017 09:19 by jim