0PricingLogin
OAuth2 & OpenID Connect Deep Dive · Lesson

Authorization Code Flow with OIDC

Implement the secure Authorization Code Flow, now extended with OIDC to return an ID Token alongside the access token.

OIDC & Auth Code Flow Intro

Welcome! In this lesson, we'll combine the secure Authorization Code Flow from OAuth2 with OpenID Connect (OIDC). This allows an application to not only get permission to access resources (OAuth2) but also to verify the user's identity (OIDC).

Think of it as getting both a key to a safe and a valid ID card for the person holding the key, all in one go!

Requesting Identity with OIDC

When using the Authorization Code Flow with OIDC, your application (the Client) starts by sending an authorization request to the Authorization Server. This request is similar to OAuth2 but includes specific OIDC parameters.

  • response_type=code: Specifies we want an Authorization Code.
  • scope=openid ...: Crucially, includes the openid scope to signal an OIDC request.
  • nonce: A unique string to prevent replay attacks (optional but recommended).

All lessons in this course

  1. Authorization Code Flow with OIDC
  2. Implicit Flow with OIDC
  3. Hybrid Flow with OIDC
  4. Using nonce to Prevent Replay
← Back to OAuth2 & OpenID Connect Deep Dive