2.2.4.1 AuthorizationCode

  • Article

The authorization code is a concatenated string with the following format: 

 issuerGuid.artifactId.signature

The authorization code contains a combination of three components with a '.' (period) delimiter:

  • issuerGuid: A base64 URL encoded ([RFC4648] section 5) string that contains the machine globally unique identifier (GUID) of the AD FS server that issued this authorization code.

  • artifactId: A base64 URL encoded string that contains the identifier of the artifact that corresponds to this authorization code. The value of the artifactId field MUST be unique across all artifact objects (section 2.2.4.2) that are stored in the artifact store of a particular AD FS server.

  • signature: A base64 URL encoded string that contains a signature over the issuerGuid and the artifactId fields that can be verified by the server role of the ADFSOAL Protocol.