Authorization Endpoint Options

Authorization Flows

Axioms support all three OpenID Connect authorization flows. These flows can enabled or disabled on at tenant level.

OpenID Connect FlowSupportedEnabled by defaultDescription
ImplicitYes,NoAll tokens are returned from the Authorization Endpoint; the Token Endpoint is not used. Due to security reasons, we do not recommended using implicit flow.
Authorization CodeYesYesAll tokens returned from the Token Endpoint using an authorization code obtained from Authorization Endpoint.
HybridYesYesSome tokens are returned from the Authorization Endpoint and others are returned from the Token Endpoint.

Authorization Code Flow

sequenceDiagram; participant U as User; participant C as Client; participant A as Authorization Endpoint; participant T as Token Endpoint; U-->>C: Initiate login; C-->>A: response_type=code; A-->>U: Request authorization; U-->>A: Authorized; A-->>C: code; C-->>T: code; T-->>C: id_token, access_token, refresh_token;

Implicit Flow

sequenceDiagram; participant U as User; participant C as Client; participant A as Authorization Endpoint; U-->>C: Initiate login; C-->>A: response_type=id_token token; A-->>U: Request authorization; U-->>A: Authorized; A-->>C: id_token, access_token;

Hybrid Flow

sequenceDiagram; participant U as User; participant C as Client; participant A as Authorization Endpoint; participant T as Token Endpoint; U-->>C: Initiate login; C-->>A: response_type=code id_token; A-->>U: Request authorization; U-->>A: Authorized; A-->>C: id_token, code; C-->>T: code; T-->>C: access_token, refresh_token;

Authorization Endpoint Options

Navigate to Tenant and then find Authorization Endpoint Options panel under Tenant Settings tab. You can enable or disable one or more flows and click Update Details.

Manage Authorization Endpoint Options
Manage Authorization Endpoint Options