Implicit

The Implicit grant is a simplified authorization code flow optimized for clients implemented in a browser using a scripting language such as JavaScript. In the Implicit flow, instead of issuing the client an authorization code, the client is issued an access token directly.

When issuing an access token during the Implicit grant flow, the authorization server does not authenticate the client. In some cases, the client identity can be verified via the redirection URI used to deliver the access token to the client. The access token may be exposed to the resource owner or other applications with access to the resource owner's user-agent.

For additional information about Implicit grants, refer to Implicit Grant.

Upon successful user authorization a redirect to the supplied redirect_uri parameter supplied in the original authorization request. An access_token parameter will be supplied in the fragment part of the redirect_uri. Additional fragment parameters include token_type, id_token, expires_in and state. For a detailed explanation of these parameters, refer to Implicit Authentication Response.

The Userinfo endpoint may now be called to retrieve details about the User. For more information about /userinfo, refer to Userinfo Endpoint Information.

OpenID Connect authorization supports what is called id_token_hint. The value of the the id_token_hint parameter is the id_token previously issued by the PRIVO Authorization Server. Passing this values serves as a hint about the user's current or past authenticated session with the Client. If the user identified by the ID Token is logged in or is logged in by the request, then the Authorization Server returns a positive response; otherwise, it returns the error, login_required. id_token_hint must be present when prompt=none is used and an invalid_request error is returned if it is not.

Sample Implicit Authorization Request:

POST {{url}}/oauth/authorize?
    response_type=id_token%20token
    &client_id=someClientId
    &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb?
    &scope=openid%20profile%20user_profile%20additional_info
    &state=af0ifjsldkj
    &nonce=n-0S6_WzA2Mj

Sample JSON Response:

HTTP/1.1 302 Found
Location: 
    https://client.example.org/cb?
    access_token=eyJhbGciOiJSUzIi.......3gZthv7Y
    &token_type=bearer
    &id_token=eyJhbGciOiJSUzIi.......m5cr2cNNk
    &expires_in=599
    &state=af0ifjsldkj

Sample Request with ID Token:

POST {{url}}/oauth/authorize?
    id_token_hint=eyJhbGciOiJSUzIi.......m5cr2cNNk
    &prompt=none
    &state=af0ifjsldkj
    &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb?
    &response_type=id_token%20token
    &client_id=someClientId
    &scope=openid%20profile%20user_profile%20additional_info