Overview#

OpenID Connect Authentication Response is an OAuth 2.0 Authorization Response message returned from the OpenID Connect Provider's Authorization_endpoint in response to the Authentication Request sent by the Relying Party.

Only if the Authentication Request was successful and:

• Authorization Server Authentication of the End-User was successful
• Authorization Server Request End-User Consent-Authorization was successful

can the Authorization Server return a OpenID Connect Authentication Response

OpenID Connect Flow#

The Exact OpenID Connect Authentication Response varies based on the OpenID Connect Flow being implemented.

When using the Authorization Code Flow, the OpenID Connect Authentication Response MUST return the parameters defined in Section 4.1.2 of OAuth 2.0 RFC 6749 by adding them as query parameters to the redirect_uri specified in the Authorization Request using the application/x-www-form-urlencoded format, unless a different Response Mode was specified.

OpenID Connect Authentication Response will either result in an OAuth Error or the return of an Authorization Code which can be submitted to obtain:

• Access_token - Which can be used to obtain more claims from the userinfo_endpoint
• id_token
• Refresh_token

More Information#

There might be more information for this subject on one of the following:

• Authentication Request
• Hybrid Flow