pchainho
commented
9 years ago The login request should be initiated by the hyperty to the runtime not the other way around
The idea is to be able to share the same domain connection with several Hyperties, if needed. Hyperties would just send messages and the runtime core components would be in charge of resolving and route the message to the appropriate domain. If the domain is not connected yet the core runtime would manage it.
@pchainho @jmcrom Concerning the Domain Login dynamic-view diagram -> here
Request initiator
OIDC Flow comparison
As I understand the implicit flow is limited in trust (compared to the Code flow) because the client (the Service Provider) is not authenticated to the IdP. (https://www.scottbrady91.com/OpenID-Connect/OpenID-Connect-Flows) It should then be possible that the Service Provider Backend use the ID Token as some sort of refresh token by authenticating to the IdP. But I think this is not following the OIDC specification.