Configure OIDC Flows¶
Learn how to discover the OIDC endpoints in your Asgardeo organization and then use them to implement OIDC flows in your applications.
Discover the OIDC endpoints¶
This section covers how you can configure OIDC-based login for your single page application by discovering the required OIDC endpoints and configuring them in the Asgardeo Console.
Discover OIDC endpoints has detailed instructions on this.
Implement authorization code grant in apps¶
The guides listed below will help you understand the OIDC login flow using the authorization code flow.
Implement login using Pushed Authorization Requests¶
Asgardeo provides the '/par' endpoint which returns a reference to the authorization payload called the request_uri. This authorization payload is sent by the back-channel during a PAR initiated login.
- Implement login using Pushed Authorization Requests has detailed instructions on this.
JWT Secured Authorization Response Mode (JARM) for OAuth 2.0¶
With JWT Secured Authorization Response Mode, clients can request authorization response parameters in JWT format instead of plain text.
- JWT Secured Authorization Response Mode (JARM) for OAuth 2.0 has detailed instructions on this.
Validate ID tokens¶
This section explains how the signature and the claims are verifieed in the ID token that is sent by Asgardeo to an application.
Validate ID tokens has detailed instructions on this.
Request user information¶
When Asgardeo sends the ID token to an application, there is user information encoded within it. This can be obtained using the userinfo endpoint.
Request user information has detailed instructions on this.
Token validation by resource servers¶
Asgardeo provides the '/oauth2/introspect' endpoint to perform token validation. Using this, the resource server can verify the access token before authorizing the access.
Token validation by resource servers has detailed instructions on this.
Revoke access tokens¶
The token revocation endpoint can revoke any access granted to both confidential clients such as web apps and public clients such as the SPAs or mobile apps.
Revoke access tokens has detailed instructions on this.
Add logout to application¶
The logout endpoint is used to terminate the user session at Asgardeo and to log the user out.
Add logout to application has detailed instructions on this.