OIDC support

Strivacity supports all standard OIDC flows.

  • Authorization Code Flow - This flow can be used by Single/Multi Page Applications that have access to a backend component that can be used to securely retrieve an id_token. This is the recommended flow for authenticating users.
  • Implicit Flow - This flow can be used by Single/Multi Page Applications that don't have access to a backend component.
  • Hybrid Flow - This flow is a combination of implicit and authorization code flows, as both an id_token and authorization code are returned by Strivacity.
  • Client Credentials Flow - This flow is typically used for Machine-to-Machine (M2M) communications. With Strivacity, this flow can be used to obtain access to any Strivacity REST APIs.

The OAuth2/OIDC settings appear as a tab when creating and editing OIDC clients.

The configuration page for an OIDC client

Well known URLs

Here's a list of well-known URLs for your Strivacity instance:

Well-known OIDC configuration/.well-known/openid-configuration
Authorization endpoint/oauth2/auth
Token endpoint/oauth2/token
User info endpoint/userinfo
Revocation endpoint/oauth2/revoke
Logout URL/oauth2/sessions/logout

Error handling

Here, you will find a table that helps you understand the various error codes that Strivacity may return to your application during an OIDC Flow.

These error codes are returned to your application via a URL that looks something like this:

Error codeDescription
access_deniedStrivacity denied the login request
invalid_clientClient authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)
invalid_grantThe provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client
invalid_requestThe request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed
invalid_scopeThe requested scope is invalid, unknown, or malformed
registration_deniedStrivacity denied the registration request
request_forbiddenStrivacity denied the request because the session cookie was not present or was malformed
server_errorStrivacity encountered an unexpected condition that prevented it from fulfilling the request
temporarily_unavailableStrivacity is currently unable to handle the request due to a temporary overloading or maintenance
unauthorized_clientThe authenticated client is not authorized to use this authorization grant type
unsupported_grant_typeThe authorization grant type is not supported by Strivacity
unsupported_response_typeStrivacity does not support obtaining an authorization code using this method