OIDC Silent Authorization Flow

Use this flow, when you want to check if the user is logged in without presenting him a login screen. You can then let your app decide how to proceed with the response. This can vastly increase the UX of your solution.

How it works

This flow needs the parameter prompt=none as part of the authorization request.

See the OIDC Details and Parameters for the full parameter lists.

Example

This example requests the ID Token, but it can be used along with other flows.

https://demo.unidy.de/oauth/authorize/?client_id=ileuI8NDtt1WXEdp6xzekX7o7Sjp-m0lnQbWetmR4iQ&redirect_uri=https://docs.unidy.io&response_type=id_token&scope=openid&prompt=none

The parameters in detail:

Parameter	Description
`client_id`	You will receive the client id from the Unidy team.
`redirect_uri`	This is where the browser is redirected regardless of the user being logged.
`response_type`	For this example we choose to request an ID Token.
`scope`	We choose the `openid` scope because it is required when requesting an ID Token.
`prompt`	`none` will indicate that the user will not see a login screen.

The success response is the same as the flow you choose without the prompt=none parameter. In case the user is not logged in, he will also redirected to the redirect_uri but some parameters will be added as fragments. See this example:

https://docs.unidy.io/#error=login_required&error_description=Der+Autorisierungs-Server+hat+ein+unerwartetes+Problem+festgestellt+und+konnte+die+Anfrage+nicht+beenden.

The response fields in detail:

Parameter	Description
`error`	This will be `login_required` and should be used by your application to indicate that the user is not logged in.
`error_description`	A description that can be used in development process to get a description of what happened.