Oauth / OpenID Flows: Hybrid

Follow

Version Affected:  IdP - All versions

Description:

The Hybrid flow allows an application to request an Authorization Code, Access Token and/or ID Token directly from the Authorization endpoint so can be fully handled via the Users Browser for the initial login or can use the code with the token endpoint.

Cause:  This KB outlines how to use the Hybrid flow

Resolution:  

 

This is an example of the query string used for the Hybrid flow

https://youridp.secureauth.com/secureauth8/?response_type=code+id_token&client_id=YourClientID&redirect_uri=https://app.getpostman.com/oauth2/callback&scope=openid+profile&state=State&nonce=n-0S6_WzA2Mj

1. Replace youridp.secureauth.com with the FQDN of your SecureAuth server

2. Replace secureauth8 with your Oauth realm

3. Replace the YourClientID with your Client ID

4. Replace the redirect_uri with your redirect uri

5. OpenID is required as a scope, you can have more

6. Nonce is required. 

 The valid response_types for this are

response_type=code+id_token

response_type=code+id_token+token

response_type=code+token

Writing the response type in a different order will cause an error. 

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.