OpenID Provider(AM)End UserUser-AgentEnd UserUser-AgentRelying PartyRelying PartyAuthorization ServerAuthorization ServerUserInfo EndpointUserInfo Endpoint1Redirect...2... for authentication3Authenticate end user andconfirm resource access4Redirect with redirect_uri, access and/or ID token in URI fragment...5... to request_uri without the fragment6Return web page with embedded script to extractaccess and/or ID token7Extract the access and/or ID token8Return access and/or ID token9Validate ID Token and get user subject IDOptional10Request additional claims with access token11Return additional claims