Implicit Flow
Authenticator handling implicit flows in OIDC.
Authenticator handling implicit flows in OIDC.
No identification is done by this authenticator. It acts as a controller for issuing Json Web Tokens (JWT). Typically this authenticator is the first point of contact coming from an OpenID Connect Relying Party, requesting identification.
This authentication controller can be considered a start and end touch point. The main purpose is to handle OpenID Connect specifics.
Actual user identification is done elsewhere.
When using this authenticator, the ID token is returned in the response.
Authenticator Type: OIDCImplicitFlow
Common Authenticator configuration can be found here.
Name | Description | Default value | Mandatory |
---|---|---|---|
On a successful authentication, an event is logged containing the following:
WEB_100101
IDENTIFIER (user traceid)
DESTINATION_SERVICE_NAME (redirect URI)
SOURCE_ADDRESS (user IP address)
All data put into the shared authentication state along with the HTTP headers are exposed and sent into the pipe.
Data put into the state by this authenticator is:
OIDC request data
In order to use data from PIPE the response must contain one item. All data from that item will be available when creating the ID token and access token.
Name | Description | Default value | Mandatory |
---|---|---|---|
required_authenticators
List of authenticators performing the actual authentication.
N/A
userinfo_endpoint_ttl
Access token time to live in millisesonds.
60000
keystore
Keystore reference or json object containing key store configuration. Used for JWT signing.
N/A
sign_jwt_keystore_password
Keystore password.
N/A
sign_jwt_keystore_alias
Keystore alias.
N/A
rps
N/A
required_request_parameters
Required parameters.
["response_type", "client_id", "redirect_uri", "scope", "nonce"]
client_id
Used for identifying and authenticating the client.
N/A
client_secret
Used for identifying and authenticating the client.
N/A
redirect_uri
Redirect location where the authorization code or JWT should be sent.
N/A
post_logout_redirect_uris
Redirect location after logout.
N/A
pipe_id
Pipe reference. Pipe is run after user authentication. Used for collecting user data.
N/A
id_token_headers
ID token headers configured per RP. Previous parameter name jwt_headers
is deprecated.
N/A
id_token_claims
ID token claims configured per RP. Previous parameter name jwt_claims
is deprecated.
N/A
access_token_claims
Access Token claims configured per RP. Previous parameter name userinfo_claims
is deprecated.
N/A