Connecting a web app via OIDC

The interaction of the web application with Blitz Identity Provider by OIDC includes the following steps:

Note

This process coincides with the Authorization Code Grant application authorization model provided for in the OAuth 2.0 specification.

1. The application sends a request for user identification and authentication via a web browser to the Blitz Identity Provider address.

2. Blitz Identity Provider identifies/authenticates the user.

3. Blitz Identity Provider receives the user’s consent to transfer information about him to the application (for applications hosted on the domain company.com, consent is provided automatically without the user’s request).

4. Blitz Identity Provider redirects the user back to the application via the web browser and transmits the authorization code to the application.

5. The application uses the authorization code to generate a request for an identification token, an update token, and an access token.

6. The application receives a response containing the necessary tokens.

7. The application requests user data using an access token. If necessary, the application can verify the identification token and extract the user ID and additional attributes from this token.

The figures show the processes of obtaining an authorization code, tokens, and user data.

Getting the authorization code:

Getting security tokens:

Getting user data: