OpenID Connect


OpenID Connect is an interoperable Authentication Protocol based on the OAuth 2.0 family of specifications provided by the OpenID Foundation

OpenID Connect uses straightforward REST/JSON message flows with a design goal of "making simple things simple and complicated things possible".

OpenID Connect is uniquely easy for developers to integrate, compared to any preceding Identity protocol.

OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files. For the app builder, OpenID Connect provides a secure verifiable, answer to the question "What is the identity of the person currently using the browser or native app that is connected to me?"

OpenID Connect allows for clients of all types, including browser-based JavaScript and native mobile apps, to launch sign-in flows and receive verifiable assertions about the identity of signed-in users.

OpenID Connect is ideally suited for WEB Access Management.

OpenID Connect is an standard that profiles and extends OAuth 2.0 to add an identity layer – creating a single framework that promises to secure APIs, mobile native applications, and browser applications in a single, cohesive architecture.

OpenID Connect Identity#

OpenID Connect adds two notable identity constructs to OAuth 2.0's token issuance model.

OpenID Connect provides the Relying Party answers to these Questions:#

OpenID Connect Libraries#

OpenID Connect (OpenID Connect Core 1.0) Specification is 86 pages of technical jargon not counting the many extensions and references. Not using OpenID Connect libraries and trying to roll your own is not correct thinking. Use the OpenID Connect Client libraries or a "Known Good" implementation created by experts.

Relationship to OAuth 2.0#

OpenID Connect provides identity semantics and constructs on top of OAuth 2.0 by logically adding layers onto the OAuth 2.0 base as opposed to other non-identity centric applications that are possible with OAuth 2.0.

The OpenID Connect specification uses the terms:

as defined by OAuth 2.0 RFC 6749

OpenID Connect terms:

as defined by JSON Web Token (JWT)

OpenID Connect terms as defined by JSON Web Signature (JWS)

OpenID Connect term User-agent defined by RFC 2616

OpenID Connect term Response_mode defined by OAuth 2.0 Multiple Response Type Encoding Practices

OpenID Connect introduces notable identity constructs on top of the OAuth 2.0 base protocol:

OpenID Connect Leverages other emerging technologies

Set to be adopted by Facebook, Google, and others

OpenID Connect Flows#

There are several OpenID Connect Flows

This is a General Diagram of OpenID Connect Flows:

OpenID Connect/OpenID Connect Flow.png

OpenID Connect Endpoints#

OpenID Connect Documents#

More Information#

There might be more information for this subject on one of the following: