IDaaS Open Platform

Login Flow

The authorization code grant returns an authorization code to the client, which can then exchange it directly for an ID Token and an Access Token. The advantage is that no tokens are exposed to the user agent or potentially malicious applications that may access the user agent. The authorization server can also authenticate the client before exchanging the authorization code for an access token. The authorization code grant is suitable for clients that can securely maintain confidentiality between themselves and the authorization server.

The overall flow using this grant is:

  1. The user accesses the third-party application, which initiates an authorization login request to Zhuyun IDaaS. After the user authorizes the third-party application, Zhuyun IDaaS redirects back to the third-party application with an authorization code parameter.

  2. The third-party application uses the authorization code to call the Zhuyun IDaaS API interface to exchange for an access_token and an id_token.

  3. The third-party application validates the id_token and retrieves the end-user's subject identifier.

# Development Steps

The Zhuyun IDaaS platform uses the OAuth 2.0 standard authorization code grant. The development integration flow is as follows:

# Step1: Obtain Standard Authorization Code

Click to view the interface for obtaining the standard authorization code

# Step2: Obtain Access Token

Click to view the interface for obtaining the Access Token

# Step3: Parse ID Token to Obtain User Information

Click to view obtaining user information

# Step4: Call the userinfo endpoint to obtain user information (Optional)

Click to view obtaining user information

Get Standard Authorization Code