## The content web service processes the app's request, including an interaction with a 3rd party service. For authorization, it sends along the SSO token the app provided before.
The above diagram algorithm explains the authorization code flow using OIDC, applied to {{UBIK}}. For SAML, the only real difference is the reception of the IdP's response at the app, which happens via a mediator server in that case, necessarily (the SAML protocol does not support redirecting the result to a mobile app).
[[Category:SSO|Single Sign-On]]