OpenID Connect supports many of the same flows as OAuth 2.0. At the end of the OpenID Connect process, the client ends up with an "ID Token", which contains information about the user who signed in. This token is encoded and signed, and the client is expected to parse it directly. When a client uses an OpenID Connect flow, it can request an access token in addition to an ID token.
In this example, we'll cover the OpenID Connect Authorization Code flow and request an ID token as well as an access token.
Before authorization begins, it first generates a random string to use for the state
parameter. The client will need to store this to be used in the next step.
/authorize?
response_type=code
&client_id=
&redirect_uri=/oidc.html
&scope=openid+profile+email+photos
&state=
&nonce=
For this demo, we've gone ahead and generated random state and nonce parameters (shown above) and saved them in a cookie.
Click "Authorize" below to be taken to the authorization server. You'll need to enter the username and password that was generated for you.