OIDC Flow (Authorization Code Flow)
- User requests login → Redirects to Identity Provider (IdP).
- User authenticates → IdP verifies credentials.
- Authorization Code issued → Sent to the app.
- App exchanges code for tokens → Sends the code to IdP.
- IdP responds with ID Token & Access Token → App receives tokens.
- App uses tokens → Validates and authorizes access.
SAML Flow
- User requests login → Redirects to Identity Provider (IdP).
- User authenticates → IdP verifies credentials.
- IdP generates SAML Assertion → Encodes user info in XML format.
- Assertion sent to Service Provider (SP) → Redirects user with SAML response.
- SP validates assertion → Grants access if valid.