Very helpful video.. one doubt.. the four endpoints which we have talked about in this video's.. need to be configured on application side? I mean the four endpoints we talked earlier is having well-known/openid-Configuration at the end but in auth code flow diagram it is showing as Authorize and token endpoints.. a bit confused here..
your video is interesting. I am confused. There is a video from OktaDev nate. Nate says that both access token and Id token will be returned by the token endpoint. can you please clarify this?
The contents of the ID Token are as described in Section 2. When using the Implicit Flow, these additional requirements for the following ID Token Claims apply: nonce Use of the nonce Claim is REQUIRED for this flow. at_hash Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and base64url encode them. The at_hash value is a case sensitive string. If the ID Token is issued from the Authorization Endpoint with an access_token value, which is the case for the response_type value id_token token, this is REQUIRED; it MAY NOT be used when no Access Token is issued, which is the case for the response_type value id_token. Source - openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken This is open id connect rfc, happy learning 🤝
Thank you for keeping this short and under 10/mins. I really appreciate it!
Very clean and well presented. Well Done
Thanks for watching
Thanks!
Thanks
Well explained 👍👍
nice explanation
Very helpful video.. one doubt.. the four endpoints which we have talked about in this video's.. need to be configured on application side? I mean the four endpoints we talked earlier is having well-known/openid-Configuration at the end but in auth code flow diagram it is showing as Authorize and token endpoints.. a bit confused here..
Do we use refresh token in this flow. Does it provide any benefit here?
Awesome
your video is interesting. I am confused. There is a video from OktaDev nate. Nate says that both access token and Id token will be returned by the token endpoint. can you please clarify this?
The contents of the ID Token are as described in Section 2. When using the Implicit Flow, these additional requirements for the following ID Token Claims apply:
nonce
Use of the nonce Claim is REQUIRED for this flow.
at_hash
Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and base64url encode them. The at_hash value is a case sensitive string.
If the ID Token is issued from the Authorization Endpoint with an access_token value, which is the case for the response_type value id_token token, this is REQUIRED; it MAY NOT be used when no Access Token is issued, which is the case for the response_type value id_token.
Source - openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
This is open id connect rfc, happy learning 🤝
learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#protocol-flow-sign-in
Also check this diagram🤝
I have one doubt can we connect through email..?