We are planning to use OIDC as verification, so I read document below,
“OIDC authorization code flow”
and I came up with two question, could anyone give me an advice?
our server received the GET request by client’s redirect,
then start validating the ID token,
- if the ID token validation sucseeded,
- server responds the access_token through the URL where client redirected.
- client launches the application with access_token.
- if the ID token validation failed,
- server responds the result that failed to validate ID token through the URL where client redirected.
- client stops launghing the application.