The SP will make a request to auth.loolabs.com/token with the following query/body parameters.

Query:

auth_code . This is the authorization code retrieved from the microservice.
response_type. This will default to id_token . We might support other types as the need arises.

Authorization Basic Header (base64 encoded and separated by colon):

client_id . This is the unique string identifying the SP (used before on step 2 as well).
client_secret . This is an encoded secret known by both the SP backend and the auth microservice (arranged ahead of time).