OIDC client workflow

This workflow is ideal for:

• Developers looking to implement OIDC (OpenID Connect) authentication in their applications.
• Businesses that need to securely authenticate users and access their profile information.
• Teams working with identity providers like Keycloak to streamline user authentication processes.
• System Integrators who require a robust solution for integrating webhooks and APIs within their applications.

This workflow addresses the challenge of implementing secure user authentication using OIDC. It allows applications to:

• Efficiently obtain access tokens for user authentication.
• Retrieve user profile information securely from identity providers.
• Handle different authentication flows, including those using PKCE (Proof Key for Code Exchange) and standard authorization code flows.

1. Webhook Trigger: The workflow begins with a webhook that listens for incoming requests.
2. Set Variables: It sets up necessary variables like auth endpoint, token endpoint, and client ID needed for OIDC.
3. Check for Access Token: The workflow checks if an access token is present in the request.
4. User Authentication: If the token is present, it retrieves user info from the identity provider; if not, it prepares to display a login form.
5. Handle Login Form: If the user needs to log in, the workflow generates a login form that redirects to the auth endpoint.
6. Token Retrieval: If a code is received in the URI (and not using PKCE), it exchanges that code for an access token at the token endpoint.
7. User Info Retrieval: Once the access token is obtained, it retrieves user information.
8. Response Handling: Depending on the result, it either sends back a welcome page or the login form to the user.