OpenID Connect (OIDC)
OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol. Simply put, it's a modern way for your application to verify the identity of a user and, optionally, obtain basic profile information about them. Think of it as the digital equivalent of a passport.
The beauty of OIDC lies in its simplicity and flexibility. It allows your users to authenticate with a trusted provider (e.g., Google, Facebook, or your company's identity provider), and then use that authentication to access your app without having to create a new account or remember a separate password. This enhances user experience and security.
OIDC is not just for web apps. It works seamlessly with mobile apps, single-page apps, and even server-side apps. It's a versatile tool in your identity management arsenal.
OpenID Connect Resources
- OIDC Primer (developer.okta.com) (okta.com)
OpenID Connect Related
- Identity Provider
- Scopes
- Claims
- Response Types
Tokens
- Access Tokens
- ID Tokens
- Refresh Tokens
Verifying tokens
- Introspection
- JWK vertification
Flow Types
- Authorization Code Flow
- Implicit Flow
- Hybrid Flow
- Device Authorization Flow
- Client Credentials
- Resource Owner Password
Industry Standard
OpenID Connect Protocol Suite
Minimal
- OpenID Connect Core 1.0 (openid.net) (openid.net)
Dynamic
- OpenID Connect Discovery 1.0 (openid.net) (openid.net)
- OpenID Connect Dynamic Client Registration 1.0 (openid.net) (openid.net)
Complete
- OpenID Connect Session Management 1.0 (openid.net) (openid.net)
- OAuth 2.0 Form Post Response Mode (openid.net) (openid.net)
Protocols underpinning OpenID Connect
- The OAuth 2.0 Authorization Framework (datatracker.ietf.org)
- Bearer Token Usage (datatracker.ietf.org)
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (datatracker.ietf.org)
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (datatracker.ietf.org)
- OAuth 2.0 Multiple Response Type Encoding Practices (openid.net)
- JSON Web Token (JWT) (datatracker.ietf.org)
- JSON Web Signature (JWS) (datatracker.ietf.org)
- JSON Web Encryption (JWE) (datatracker.ietf.org)
- JSON Web Key (JWK) (datatracker.ietf.org)
- JSON Web Algorithms (JWA) (datatracker.ietf.org)
- WebFinger (datatracker.ietf.org)