0PricingLogin
OAuth2 & OpenID Connect Deep Dive · Lesson

OIDC Flows Overview

Get an introduction to the various OIDC flows: Authorization Code, Implicit, and Hybrid, and when to use each.

Welcome to OIDC Flows!

In this lesson, we'll explore the main flows (or grant types) used in OpenID Connect (OIDC). These flows define how your application (the Client) interacts with an OpenID Provider (like Google or Auth0) to get identity information about a user.

OIDC builds directly on top of OAuth2, so these flows will look familiar if you've studied OAuth2 grant types.

OIDC's Foundation: OAuth2 Flows

Remember, OIDC is an identity layer built on OAuth2. This means it reuses OAuth2's authorization flows, but with a crucial addition: the ID Token.

  • ID Token: A JSON Web Token (JWT) containing information (claims) about the authenticated user.
  • The choice of flow determines how this ID Token (and an Access Token) is delivered to your client application.

All lessons in this course

  1. OIDC: Identity Layer on OAuth2
  2. ID Tokens & Claims
  3. OIDC Flows Overview
  4. The UserInfo Endpoint
← Back to OAuth2 & OpenID Connect Deep Dive