Silent Authorization

To identify whether a user has already signed in to Unidy from another service or directly into Unidy you can perform a silent authorization request. Instead of redirecting the user back to the login form it always redirects back to the initiator with an error or with the requested login details. To do this add the prompt parameter to the authorization requests. The prompt parameter must be set to none in this case.

Authorize Request

  GET http://unidy.de/oauth/authorize?client_id=1mubVA3Ld91dYVA3PnAT7ZaqU1liKUp_OwRmKz6jztU
  &redirect_uri=https://example.com 
  &response_type=code
  &response_mode=fragment
  &state=ed6h2uvz4gf
  &nonce=asizef7aq8p
  &prompt=none
  &scope=openid`

Signed out redirect location

The redirect url will contain the following fragments:

  https://example.com#error=login_required
  &error_description=Der+Autorisierungs-Server+hat+ein+unerwartetes+Problem+festgestellt+und+konnte+die+Anfrage+nicht+beenden.
  &state=ed6h2uvz4gf

Signed in redirect location

This example is using the PKCE Flow

Redirect location:
  https://example.com#code=qULCL1D3CfuXZ-4Qe5omJHzQV3Lc_f_HxL6CtINOxeU

Creating Access Token
  POST https://unidy.de/oauth/token

  Content-Type: application/x-www-formurlencoded 

  grant_type=authorization_code
  &code=qULCL1D3CfuXZ-4Qe5omJHzQV3Lc_f_HxL6CtINOxeU
  &client_id=1wv1DtA-nikRzMw6tLTc2yhEGljx98ZpBIuc5JakxzM
  &redirect_uri=https://example.com
  &code_verifier:"Dvs4d8IUuULfRIdvN2KAyenp8viOIK5Ez_yrtk0wdG4"

Note

UNIDY sessions are kept alive until the browser is closed or users clear the browser session data.

Note

When a service integrates the RP-Initiated Logout Open ID Connect - Unidy Documentation users get signed out from UNIDY. This will not automatically end sessions/ sign out users in different services. The silent login can be performed in all services even when a user is still signed in within the service. In case Unidy returns an error the service could clear its session and sign out the user if needed.