OpenID Connect Authentication Flow
The following diagram shows the standard flow for OpenID Connect.
- First, the User Agent makes a request to the authorization server
- The IDP first checks to make sure that the user has been authenticated. There may be some back and forth with the user agent and the IDP to achieve authentication
- The IDP then checks with the resource owner (accounts.google.com) to request consent to share "profile contact" data with the client.
- The user agent is then redirected back to yoursite.com/callback with an authorization code.
- This authorization code is exchanged via a back channel for an access token. This access token is then used to get data directly from the resource owner (accounts.google.com)
- Get the user info with the access token. This will be returned as JSON.