Overview#

Authorization Server Authentication of the End-User is when the OpenID Connect Authorization Server attempts to Authenticate the End-User or determines whether the End-User

ONLY when the Authentication Request is valid, the Authorization Server attempts to Authenticate the End-User or determines whether the End-User is Authenticated, depending upon the Authentication Request parameters. The Authentication Methods used by the Authorization Server for Authentication of the End-User (e.g. username and password, session cookies, etc.) are beyond the scope of this specification. An Authentication user interface MAY be displayed by the Authorization Server, depending upon the request parameter values used and the Authentication Methods used.

The Authorization Server MUST attempt Authentication of the End-User in the following cases:

The Authorization Server MUST NOT interact with the End-User in the following case:

When interacting with the End-User, the Authorization Server MUST employ appropriate measures against Cross-Site Request Forgery and Clickjacking as, described in Sections 10.12 and 10.13 of OAuth 2.0 RFC 6749.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 25-Jun-2017 09:11 by jim