Authentication
This section describes the entire authentication process with the Identity system using the OpenID Connect protocol.
Overview
The system uses the OpenID Connect protocol based on OAuth 2.0 for secure authentication. The authentication flow follows the Authorization Code Flow pattern, which ensures security by not exposing tokens directly in the user's browser.
Authentication Flow
- Get credentials - client_id and client_secret
- Configure redirect URI
- Request authentication - Redirect user to login
- Process response - Receive authorization code
- Exchange code for tokens - Get id_token and access_token
- Validate ID Token - Ensure authenticity and integrity
Main Topics
- Authentication Keys
- Redirect URI
- Authentication Request
- Authentication Response
- Token Endpoint
- ID Token
- ID Token Validation
- Authentication without Interaction
- Additional Parameters
Security
All tokens are signed and must be validated before use. The client_secret should never be exposed in the frontend and should only be used in server-to-server communication.