Oidc resources
openidconnect.net servizio di test: mette a disposizione un client su una pagina html per provare il server OP.
oauth2 playground test di un server. jwt.io
OAUTH2 RFC
- rfc6749 The OAuth 2.0 Authorization Framework
- rfc7662 OAuth 2.0 Token Introspection
OIDC Authorization Code Flow
This flow is mostly used for server-side apps. It works by allowing apps to request authorization codes from an authorization endpoint. These codes can be exchanged for identity tokens or OAuth access tokens as needed.
While the identity and access tokens are not exposed to the browser, refresh tokens can be used to enable actions on the behalf of a user (when the user is no longer present or is no longer active). For this reason, the authorization code flow should be strictly reserved for confidential clients, who can be relied upon to store the secrets safely. This flow needs to be planned carefully and monitored constantly.