Authorization Code Flow - HIN Access

OAuth 2.0 Authorization Code Flow with HIN eID

The diagram illustrates the OAuth 2.0 Authorization Code Flow between the HIN eID (client) and the Access Control Service (ACS) using the HIN Identity Provider (IDP).

Step-by-Step Explanation:

Authorization Request to HIN (apps.hin.ch): The user sends a GET request to HIN (apps.hin.ch) to initiate the authorization process.
Authorization Code from HIN (apps.hin.ch): HIN (apps.hin.ch) responds with an authorization code, which is sent back to the web browser.
Token Request with Authorization Code to HIN (IDP): The application sends a POST request with the received authorization code to HIN (IDP) to obtain the access token.
Access Token from HIN (IDP): HIN (IDP) validates the authorization code and responds with an access token, which is sent to the application.
Access to Protected Resources with Access Token: The application uses the access token to send a GET request to the ACS and access the protected resources.
Data Transfer between ACS and Application: The ACS validates the access token and enables access to the requested data, which is then transferred to the application.

HIN Access - OAuth2 Integration

OAuth 2.0 Authorization Code Flow with HIN eID

Step-by-Step Explanation: