Client ID
The client application needs a public presence on the
world-wide web so that the identity provider can check it is
not spoofed; this is the public URI where to obtain
machine-readable information about the application
'https://webid-oidc-demo.planete-kraus.eu/example-application#id'
Client key pair
When creating new accounts, use this key pair to certify them
(in the JWK format); an empty value will generate a new key
pair
''
Client redirect URI
When receiving an authorization, the user’s browser is
redirected to this URI, where the user should be presented
with a code to paste into the application
'https://webid-oidc-demo.planete-kraus.eu/authorized'
Account webid
The accounts are tied to a particular user, through a webid
''
Identity provider
The account is certified by the server running at this URI
''
JWK key pair
Our account is certified to be used with a key pair that the
application owns; the key is in the JWK format
''
Header of the identity token
How we verified the signature of the ID token; if the account
needs to be refreshed then it may be empty
''
Identity token
The identity provider sent an ID token to remind us who you
are; if the account needs to be refreshed it may be empty
''
Access token
This token is presented to the resource server when we
authentify; it is bound to a key whose possession we need to
prove at the same time; if the account needs to be refreshed
it may be empty
''
Refresh token
When the account expires, we present this token to the
identity provider to refresh it; it is also bound to the key
pair; if the user did not give us refresh permission it may be
empty
''