Authorization flows - Reference - Idura Verify Documentation
IduraDocumentation
  1. Verify
  2. Reference
  • Authorization Code flow
    A backchannel flow designed for traditional server-based web applications.
  • PKCE flow
    An extension to the Authorization Code flow that offers enhanced security against authorization code interception. Initially designed for public clients, PKCE is now the recommended flow for all application types.
  • CIBA flow
    A backchannel authentication flow that does not rely on browser redirects, making it suitable for use cases such as caller authentication.
  • Headless flow
    A custom protocol provided by Idura. It allows interacting with eIDs that offer a poll-based workflow, where a user agent redirect is not required.
  • Implicit flow
    A legacy authorization flow no longer recommended for production use due to security vulnerabilities.