Authorization Endpoint Options
Authorization Flows
Axioms support all three OpenID Connect authorization flows. These flows can enabled or disabled on at tenant level.
| OpenID Connect Flow | Supported | Enabled by default | Description |
|---|---|---|---|
| Implicit | Yes, | No | All tokens are returned from the Authorization Endpoint; the Token Endpoint is not used. Due to security reasons, we do not recommended using implicit flow. |
| Authorization Code | Yes | Yes | All tokens returned from the Token Endpoint using an authorization code obtained from Authorization Endpoint. |
| Hybrid | Yes | Yes | Some tokens are returned from the Authorization Endpoint and others are returned from the Token Endpoint. |
Authorization Code Flow
sequenceDiagram; participant U as User; participant C as Client; participant A as Authorization Endpoint; participant T as Token Endpoint; U-->>C: Initiate login; C-->>A: response_type=code; A-->>U: Request authorization; U-->>A: Authorized; A-->>C: code; C-->>T: code; T-->>C: id_token, access_token, refresh_token;
Implicit Flow
sequenceDiagram; participant U as User; participant C as Client; participant A as Authorization Endpoint; U-->>C: Initiate login; C-->>A: response_type=id_token token; A-->>U: Request authorization; U-->>A: Authorized; A-->>C: id_token, access_token;
Hybrid Flow
sequenceDiagram; participant U as User; participant C as Client; participant A as Authorization Endpoint; participant T as Token Endpoint; U-->>C: Initiate login; C-->>A: response_type=code id_token; A-->>U: Request authorization; U-->>A: Authorized; A-->>C: id_token, code; C-->>T: code; T-->>C: access_token, refresh_token;
Authorization Endpoint Options
Navigate to Tenant and then find Authorization Endpoint Options panel under Tenant Settings tab. You can enable or disable one or more flows and click Update Details.
