OIDC Relying Party Simulator (RP1)
Please choose a Credential Service Provider from the list below:
Sign in Okta - Default Login
Sign in IBM Verify - Passkeys
Sign in IBM Verify - Enterprise Account
Sign in IBM Verify - Custom Theme
Sign in Sign In Canada - QA
Sign in Sign In Canada - CATE
Sign in Okta - Private Cloud - SAML & PASSKEYS
Sign in Okta - Custom Login Page
Sign in Forge Rock
Help
scope
REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored.
prompt
Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
The defined values are:
none: the Authorization Server MUST NOT display any authentication or consent user interface pages.
login: the Authorization Server SHOULD prompt the End-User for reauthentication.
consent: the Authorization Server SHOULD prompt the End-User for consent before returning information to the Client.
select_account: the Authorization Server SHOULD prompt the End-User to select a user account.
The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request.
max_age
OPTIONAL. Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User.
acr_values
OPTIONAL. Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference.
Examples:
gckey: this will enable the direct pass through to GCKey (if client decides not to use the SIC Chooser page).
mfa: this will enable mfa using the default "mfa" passport provider which is the Sign In Canada branded client configured on the 2ndFaaS.
redirect_uri
Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider.
ui_locales
OPTIONAL. End-User's preferred languages and scripts for the user interface, represented as a space-separated list of language tag values, ordered by preference. For instance, the value "fr-CA fr en" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation).
When this option is selected, the ui_locales parameter of the request will be set to the current language chosen by the End-User.
nonce
OPTIONAL. String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token.
login_hint
OPTIONAL. Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. It is RECOMMENDED that the hint value match the value used for discovery. This value MAY also be a phone number in the format specified for the phone_number Claim.
Report a problem on this page
- Date modified: