Skip to main content
YorAuthDocs
v1.0

OpenID Connect

YorAuth implements the OpenID Connect (OIDC) Core 1.0 specification, enabling your application to act as a Relying Party (RP) while YorAuth serves as the Identity Provider (IdP). This allows you to authenticate users, obtain verified identity claims, and issue RS256-signed ID tokens.

What's in This Section

  • Overview — Protocol architecture, discovery document, supported scopes, and ID token claims
  • Client Management — Register and manage OIDC clients (relying parties) via the dashboard or API
  • Authorization Flow — Step-by-step authorization code flow with mandatory PKCE
  • Token Endpoint — Exchange authorization codes for ID tokens, access tokens, and refresh tokens
  • Consent Management — How user consent works and how previously granted scopes bypass the consent screen

Quick Start

1. Register an OIDC client in your application dashboard or via the API — you will receive a client_id and client_secret.

2. Redirect your user to the hosted authorization endpoint:

text
https://api.yorauth.com/oidc/authorize
  ?response_type=code
  &client_id=oidc_your-client-id
  &redirect_uri=https://yourapp.com/callback
  &scope=openid profile email
  &state=random-state-value
  &code_challenge=base64url(sha256(code_verifier))
  &code_challenge_method=S256

3. Exchange the code at the token endpoint after the user authenticates and approves consent.

4. Verify the ID token using the public keys published at /.well-known/jwks.json.

PKCE (Proof Key for Code Exchange) with the S256 method is mandatory for all authorization requests. Plain method is not supported.

Previous← OverviewNextAuthorization Flow →
Edit this page on GitHub