OIDC-hybrid-flow

To learn who the user is before redeeming an authorization code, it's common for applications to also request an ID token when they request the authorization code. This is called the hybrid flow because it mixes the implicit grant with the authorization code flow. Both single-page apps and traditional web apps benefit from reduced latency in this model.

In the hybrid flow there is reduced latency as the id token is issued by the the authroization end point .Typically in auth code flow the authorization end point only issues auth code and then the auth code is exchanged with tokens(using client secret) at the token end point.

	Nishant Anand I am technical architect with around 18 years of experience in telecom , banking and health care domain. I was part of the founding team of Drishti and currently CTO at affordplan
	Consult Send Query