Configure OIDC Flows

Learn how to discover the OIDC endpoints in your Asgardeo organization and then use them to implement OIDC flows in your applications.

Discover the OIDC endpoints

This section covers how you can configure OIDC-based login for your single page application by discovering the required OIDC endpoints and configuring them in the Asgardeo Console.

Discover OIDC endpoints has detailed instructions on this.

Implement authorization code grant in apps

The guides listed below will help you understand the OIDC login flow using the authorization code flow.

• Implement authorization code flow

• Implement authorization code flow with PKCE

• Implement private key JWT client authentication for OIDC

Validate ID tokens

This section explains how the signature and the claims are verifieed in the ID token that is sent by Asgardeo to an application.

Validate ID tokens has detailed instructions on this.

Request user information

When Asgardeo sends the ID token to an application, there is user information encoded within it. This can be obtained using the userinfo endpoint.

Request user information has detailed instructions on this.

Token validation by resource servers

Asgardeo provides the '/oauth2/introspect' endpoint to perform token validation. Using this, the resource server can verify the access token before authorizing the access.

Token validation by resource servers has detailed instructions on this.

Revoke access tokens

The token revocation endpoint can revoke any access granted to both confidential clients such as web apps and public clients such as the SPAs or mobile apps.

Revoke access tokens has detailed instructions on this.

Add logout to application

The logout endpoint is used to terminate the user session at Asgardeo and to log the user out.

Add logout to application has detailed instructions on this.