Authorization Request

Parameters

Name	Description
	OAuth Parameters
response_type	"code" Must be "code", as only Authorization Code flow is currently supported by SSO Server
client_id	Value from client registration "client_id" value
redirect_uri	The address where user agent is redirected after authorization F or loopback addresses , any port value is accepted It is also possible to use private-use uri schemes Client registration parameter "redirect_uris" controls allowed redirect_uri values for application
scope	"openid" A space separated list of scope values Should always include "openid" May also specify any number of client_id values of other registered applications, when requesting an access token for other applications Client registration parameter "scope" controls allowed scope values for application. If registration parameter is not defined then all scope values are allowed
state	An opaque value used by the client to maintain state between the request and callback
	OpenID Connect Parameters
nonce	An opaque value used by the client to maintain state between the request and id token
display	Used by client to choose user interface template Template parameter "oidc.display" controls this feature See General template properties - SSO
prompt	"none" Indicates "is-passive" request, where SSO Server will not display any user interface pages "login" Indicates "force-authn" request, where SSO Server will re-authenticate user
max_age	"0" Indicates "force-authn" request, where SSO Server will re-authenticate user
ui_locales	Used by client to choose user interface language, must match one of configured language codes Template parameter "locales" controls this feature See General template properties - SSO
login_hint	A hint about the login identifier the user might use to log in. SSO Server will set "Username" input field to this value. Template parameter "useloginhint" controls this feature See General template properties - SSO
acr_values	Used by client for authentication method discovery Authentication method parameter "oidc.acr" controls this feature
	Ubisecure extension parameters
locale	Single-value parameter, otherwise same function as "ui_locales" above
template	Used by client to choose user interface template

Signed and encrypted request

Client registration parameters "request_object_signing_alg", "request_object_encryption_alg" and "request_object_encryption_enc" control this feature

See Signed and encrypted request - SSO

Response

Authorization response is a redirect to redirect_uri with following parameters

Name	Description
code	The authorization code generated by authorization server
state	Exact value from authorization request

The client exchanges authorization code for an access token with "authorization_code" Token Request

Token Request

Parameters

Name	Description
grant_type	"authorization_code"
code	The authorization code received from authorization server
redirect_uri	Must match the redirect_uri parameter in the authorization request

Parameters

OAuth Parameters

OpenID Connect Parameters

Ubisecure extension parameters

Signed and encrypted request

Response

Token Request

Parameters

Browser not supported