Implicit Flow - ID Token
Warning
The Implicit flow was used when the client secret cannot be kept confidential. However, the more secure way is performing the PKCE Flow.
How it works
sequenceDiagram
participant Client
participant AuthServer as Authentication Server
participant User
Client->>AuthServer: Authentication Request
AuthServer->>User: User Login
User->>AuthServer: Consent
AuthServer->>User: Verify User
AuthServer->>AuthServer: Generate ID Token
AuthServer-->>Client: Authentication Response (ID Token)
Client->>AuthServer: ID Token Validation Request
AuthServer->>AuthServer: Validate ID Token
AuthServer-->>Client: ID Token Validation Response
When using response_type=id_token
Unidy redirects the user with a jwt token parameter to the partner application. This jwt token already contains the userdata.
Decoding
To decode the JWT you must decode each part of the JWT token with base64 decode
. To get each part split the token at ".". This is normally done by all the libraries out there for you.