OpenID Connect
CategoryCyber Security Standards
OpenID Connect (OIDC) 1.0 is a simple identity layer on top of the OAuth 2.0 authorization framework. It allows client applications to verify the identity of the end-user and obtain basic profile information from an Authorization Server in an interoperable, REST-like manner.
Identity Management
Single Sign-on Across Cloud Applications
OpenID Connect 1.0 allows client applications of all types, including enterprise, browser and mobile, to request and receive information about end-users and their authenticated sessions. The specification suite is extensible, allowing participants to use optional features such as encrypting and signing the identity data, discovering identity providers, self-registering client applications, and managing user sessions.
OAuth 2.0 specifications provide a general framework for third-party applications to obtain and use limited access to web resources, but do not offer standard methods to process identity information. OpenID Connect 1.0 implements single sign-on as an extension to the OAuth 2.0 authorization process, based on the following authorization grants: authorization code, implicit and hybrid (multiple token types).
Information about the end-user and login session is returned in an ID token that contains claims typically encrypted and signed by the OpenID Provider. The Relying Party then checks the signature and lifetime values to ensure that the token is valid.
