Process Authorization Response
Once authentication is requested, BindID redirects to the redirect URI provided by the client and encodes the response in the URI, as per the OIDC standard. The client SDK should be used to parse the response (e.g., to extract the authorization code). The redirect page should include the processRedirectResponse()
SDK method (see the API reference), but only after invoking the initialize()
SDK method. This will return the OIDC authorization code that will be used to obtain the ID token for the user (see Get User Identity and Trust).
Here’s an example of invoking the processRedirectResponse()
SDK method to process the authentication result:
The functions in the snippet above should be implemented as follows:
sendAuthCodeToServer
should send the authorization code received upon successful authentication to your server, where it will be processed to retrieve user info.handleError
should respond to an authentication error, possibly by presenting a suitable message to the user.
Note: If you’re not using the BindID SDK but implementing the OIDC standard directly, you should make sure that the state
parameter you received in the response matches the state
value that was sent in the request.