OpenID Provider(AM)End UserUser-AgentEnd UserUser-AgentRelying PartyRelying PartyAuthorizationServerAuthorizationServerUserInfoEndpointUserInfoEndpoint1Prepare authentication request2Redirect....3...for authentication4Authenticate end user and confirm resource access5If credentials are valid, redirect...6...with authorization code toredirect_uri7Authenticate, request tokens with authorization code8If authorization code is valid,return access and ID tokens9Validate ID token and get user subject IDOptional10Request additional claims with access token11Return additional claims