FlowId - kmd-identity/documentation GitHub Wiki
What is FlowId?
OpenID and SAML applications can specify a query string parameter called FlowId with a value during log-in flow.
The value of FlowId, which is generated and provided by the application, is kept in KMD Identity during the entire log-in flow. This allows KMD Identity to:
- Provide FlowId in the token issued to the application. The application can have business logic or log-in logic based on the value of FlowId
- Provide FlowId to the Custom Claims endpoint of the application during log-in. The Custom Claims endpoint of the application can use the value of FlowId to determine which claims must be added to the token issued by KMD Identity
FlowId also allows applications to support User Delegation where a user can act on behalf of another user.
What are the requirements?
- The application must provide a query string parameter called FlowId with a value
- Value of FlowId must be a minimum of 8 characters and maximum 50 characters. We recommend a GUID.
- Ensure your application is validating proper use of FlowId. FlowId is a query string parameter and can easily be modified intentionally or unintentionally by users
Get started
- New applications must follow our Get started guide to set up a working integration with KMD Identity
- Provide FlowId and a value as a query string parameter during log-in flow and see it as a claim in the issued token to the application