Silent Authorization
To identify whether a user has already signed in to Unidy from another service or directly into Unidy you can perform a silent authorization request. Instead of redirecting the user back to the login form it always redirects back to the initiator with an error or with the requested login details. To do this add the prompt
parameter to the authorization requests. The prompt
parameter must be set to none
in this case.
Authorize Request
GET http://unidy.de/oauth/authorize?client_id=1mubVA3Ld91dYVA3PnAT7ZaqU1liKUp_OwRmKz6jztU
&redirect_uri=https://example.com
&response_type=code
&response_mode=fragment
&state=ed6h2uvz4gf
&nonce=asizef7aq8p
&prompt=none
&scope=openid`
Signed out redirect location
The redirect url will contain the following fragments:
https://example.com#error=login_required
&error_description=Der+Autorisierungs-Server+hat+ein+unerwartetes+Problem+festgestellt+und+konnte+die+Anfrage+nicht+beenden.
&state=ed6h2uvz4gf
Signed in redirect location
This example is using the PKCE Flow
Redirect location:
https://example.com#code=qULCL1D3CfuXZ-4Qe5omJHzQV3Lc_f_HxL6CtINOxeU
Creating Access Token
POST https://unidy.de/oauth/token
Content-Type: application/x-www-formurlencoded
grant_type=authorization_code
&code=qULCL1D3CfuXZ-4Qe5omJHzQV3Lc_f_HxL6CtINOxeU
&client_id=1wv1DtA-nikRzMw6tLTc2yhEGljx98ZpBIuc5JakxzM
&redirect_uri=https://example.com
&code_verifier:"Dvs4d8IUuULfRIdvN2KAyenp8viOIK5Ez_yrtk0wdG4"
Note
UNIDY sessions are kept alive until the browser is closed or users clear the browser session data.
Note
When a service integrates the RP-Initiated Logout Open ID Connect - Unidy Documentation users get signed out from UNIDY. This will not automatically end sessions/ sign out users in different services. The silent login can be performed in all services even when a user is still signed in within the service. In case Unidy returns an error the service could clear its session and sign out the user if needed.