Table of Contents |
---|
...
Parameter | Description | Example |
---|---|---|
response_mode | Informs the OpenID Provider of the mechanism to be used for returning parameters from the endpoint. See the value of the "response_modes_supported" key in the openid-configuration for available values. | response_mode=query |
nonce | String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. | nonce=abefb10d2b1b |
display | Specifies how the OpenID Provider displays the authentication and consent user interface pages to the end-user. NOTE: This parameter will have limited support and only be defined per service/domain/customer. | display=page |
prompt | Specifies whether the OpenID Provider prompts the end-user for reauthentication and consent. This parameter may be useful for services running in an SSO scenario and authentication should be forced. The value may be a space separated list. Available values are:
| prompt=login consent |
max_age | Not currently in use. | |
ui_locales | A space-separated list of the end-user's preferred language and scripts tag values, ordered by preference. The tags should be according to Tags for Identifying Languages. | ui_locales=nb-NO en-US |
id_token_hint | ID Token previously issued by the OpenID Provider being passed as a hint about the end-user's current or past authenticated session with the client. | id_token_hint=<ID Token JWT> |
login_hint | Hint to the OpenID Provider about the login identifier the end-user might use to log in (if necessary). The hit may f.ex. be the users phonenumber, email or Buypass ID. | login_hint=someuserid |
acr_values | Space-separated string that specifies the acr values that the OpenID Provider is being requested to use for processing this authentication request. In short: this value describes the clients requirements (represented as an agreed value) for the level of assurance/authentication it requires. The values can f.ex. be values like 1,2 or 3 or something like the eIDAS assurance levels: low, substantial and high. NOTE: This parameter will have limited support and only be defined per service/domain/customer. | acr_values=1 2 |
amr_values | Space-separated string that specifies the amr values that the OpenID Provider should use when selecting authentication methods. In short this value enables dynamic control of the authentication methods to be used in this session. The values can f.ex. be values like "sc", "mobile" etc. The values are defined as part of the Security Domain. See https://tools.ietf.org/html/rfc8176 for standardised values. NOTE: This parameter will have limited support and only be defined per service/domain/customer. | amr_values=sc, mobile |
...