Client ID

The client application needs a public presence on the world-wide web so that the identity provider can check it is not spoofed; this is the public URI where to obtain machine-readable information about the application 'https://webid-oidc-demo.planete-kraus.eu/example-application#id'

Client key pair

When creating new accounts, use this key pair to certify them (in the JWK format); an empty value will generate a new key pair ''

Client redirect URI

When receiving an authorization, the user’s browser is redirected to this URI, where the user should be presented with a code to paste into the application 'https://webid-oidc-demo.planete-kraus.eu/authorized'

Account webid

The accounts are tied to a particular user, through a webid ''

Identity provider

The account is certified by the server running at this URI ''

JWK key pair

Our account is certified to be used with a key pair that the application owns; the key is in the JWK format ''

Header of the identity token

How we verified the signature of the ID token; if the account needs to be refreshed then it may be empty ''

Identity token

The identity provider sent an ID token to remind us who you are; if the account needs to be refreshed it may be empty ''

Access token

This token is presented to the resource server when we authentify; it is bound to a key whose possession we need to prove at the same time; if the account needs to be refreshed it may be empty ''

Refresh token

When the account expires, we present this token to the identity provider to refresh it; it is also bound to the key pair; if the user did not give us refresh permission it may be empty ''