OpenID Connect uses straightforward REST/JSON message flows with a design goal of "making simple things simple and complicated things possible".
OpenID Connect is uniquely easy for developers to integrate, compared to any preceding Identity protocol.
OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files. For the app builder, OpenID Connect provides a secure verifiable, answer to the question "What is the identity of the person currently using the browser or native app that is connected to me?"
OpenID Connect allows for clients of all types, including browser-based JavaScript and native mobile apps, to launch sign-in flows and receive verifiable assertions about the identity of signed-in users.
OpenID Connect is ideally suited for WEB Access Management.
OpenID Connect is an standard that profiles and extends OAuth 2.0 to add an identity layer – creating a single framework that promises to secure APIs, mobile native applications, and browser applications in a single, cohesive architecture.
The OpenID Connect specification uses the terms:
OpenID Connect terms:
as defined by JSON Web Token (JWT)OpenID Connect terms as defined by JSON Web Signature (JWS)
OpenID Connect term User-agent defined by RFC 2616
OpenID Connect term Response_mode defined by OAuth 2.0 Multiple Response Type Encoding Practices
OpenID Connect introduces notable identity constructs on top of the OAuth 2.0 base protocol:
OpenID Connect Leverages other emerging technologies
Set to be adopted by Facebook, Google, and others
This is a General Diagram of OpenID Connect Flows:
![]() |