OIDC

OpenID Connect (OIDC) is an authentication protocol , developed on-top to the OAuth2 protocol for authorization and uses a JSON Web Token (JWT) to standardize the areas that OAuth2 leaves to freedom of choice, such as scopes and endpoint detection.

OICD is usually used to enable user logins from websites and mobile apps.

The terminology used is the same as for OAuth . An authenticated user is authorized to access a client application through an authorization server that grants an access token that allows the user to receive authorized information from an UserInfo Endpoint . A UserInfo Endpoint is an OAuth2 protected resource that returns attributes of the authenticated user. To obtain the attributes required by the Relying Party (RP), the client forwards a request to the UserInfo Endpoint using the Access Token . The result is in JSON and contains a collection of name and value pairs.

As with SAML , before OIDC can be used, both the RP and the OpenID Provider (OP) must exchange some data, but they are simpler in OIDC . the RP obtains a ClientID and a ClientSecret from the OP, agrees on potential areas and informs the OP of an endpoint URL to which to return the codes ( ClientID and ClientSecret ) or the token.

Being based on OAuth2, OIDC has some use cases, known as flows or grant type, which determine exactly how RP and OP interact.

• Authorization Code
• Implicit Grant
• Client Credentials (used for Public APIs)
• Resource Owner Password Credentials