Quando OpenID Connect restituisce JSON?

1

Mentre OAuth2 non definisce esplicitamente quale tipo di token usare, OpenID Connect definisce un'API e un formato dati per eseguire i flussi di autorizzazione OAuth2.

Quali sono le occasioni in cui viene restituito un JWT in OpenID Connect?

    
posta random65537 02.02.2017 - 19:41
fonte

1 risposta

2

Authorization flow: the client requests an authorization code to the authorization endpoint (/authorize). This code can be used againt the token endpoint (/token) to request an ID token (in JWT format), an access token or a refresh token.

Implicit flow: the client requests tokens directly from the authorization endpoint (/authorize). The tokens are specified in the request. If an ID token is requested, is is returned in JWT format.

Hybrid flow: the client requests both an authorization code and certain tokens from the authorization endpoint (/authorize). If an ID token is requested, it is returned in JWT format. If an ID token is not requested at this step, it may later by requested directly from the token endpoint (/token).

Fonte: Sebastián E. Peyrott, Auth0 Inc. The JWT Handbook (Kindle Posations 262-269). Edizione Kindle.

    
risposta data 02.02.2017 - 19:41
fonte

Leggi altre domande sui tag