Integrate authentication using OIDC implicit flow
The Implicit flow has been omitted in OAuth 2.1 specification. It is no longer recommended to use Implicit flow for SPAs. Please refer to authorization code flow with PKCE for SPAs
- Setup OpenID Connect (OIDC) custom application in CyberArk Identity tenant
- Install the CyberArk Identity Java SDK
Implicit flow is a simplified version of the authorization code. In this grant type, the client receives the access and ID tokens directly in an authorization request (via a redirect), over a secure communication channel, with no intermediate authorization code requested or returned.
This guide describes how implicit flow can be integrated with CyberArk Identity using the CyberArk Identity Java SDK.
Configure an OIDC Client instance
Configure the OIDC client instance as below:
import com.cyberark.client.OIDCClient; // client secret parameter is not necessary for Authorization code flow with PKCE. OIDCClient oidcClient = new OIDCClient(YOUR_TENANT_URL, YOUR_OIDC_APPLICATION_ID, YOUR_CLIENT_ID);
Build an authorize URL
The client application should send an authorization request using
AuthorizeUrlBuilder to authenticate the user with the CyberArk Identity provider as shown below:
AuthorizeUrlBuilder authorizeUrlBuilder = identityOIDCClient.authorizeUrl(YOUR_REDIRECT_URL) .setResponseType("id_token token") // id_token response_type is mandatory for Implicit flow. .setScope("openid email"); // To get authorize URL String authURL = authorizeUrlBuilder.build();
redirectUri must be white-listed in the Authorized Redirect URIs section under the Trust section of the OpenID Connect web application.
The user will be redirected to the redirect URI and the access and ID tokens are sent as part of the redirect URI.
Updated 9 months ago