TIDP - Auth Server Demo

⚡ Presets

Presets fill all endpoints & client config. Auto-discover uses Issuer URL.

Environments & Tenants

Environments and Tenants influence the Issuer / Base URL and Authorization endpoints.

Client Config

Client ID

Client Secret (optional)

Redirect URI

Scopes

PKCE Method

ACR Values

Claims (JSON)

Extra Params (JSON)

Authorization Server

Issuer / Base URL

PAR Endpoint

Authorization Endpoint

Token Endpoint

UserInfo Endpoint

End Session

PKCE Parameters RFC 7636

Generate a cryptographically random code_verifier and derive the code_challenge. These values will be used throughout the flow.

Pushed Authorization Request RFC 9126

POST the authorization parameters directly to the PAR endpoint. The server returns a request_uri that you use in place of all parameters in the redirect.

Authorization Redirect RFC 6749

Redirect the user-agent to the authorization endpoint. The URL contains only client_id and the request_uri from PAR (or full params if PAR was skipped).

Token Exchange authorization_code

Exchange the authorization code for tokens. The code_verifier is sent to prove possession of the PKCE secret.

UserInfo Endpoint RFC 7662

Fetch user claims from the UserInfo endpoint using the access token as a Bearer credential.

Token Refresh refresh_token

Use the refresh token to obtain a new access token without user interaction.

Refresh Token (pre-filled from last token response)

RP-Initiated Logout OpenID Connect Session

Redirect to the end_session_endpoint with the id_token_hint and optional post_logout_redirect_uri.

Post-Logout Redirect URI