The OpenID Connect Protocol

The IATec Authentication uses OpenID Connect.

What is OpenID Connect?

OpenID Connect (OIDC) is an authentication protocol, based on the OAuth 2.0 family of specifications. It uses simple JSON identity tokens (JWT) delivered via the OAuth 2.0 protocol.

While OAuth 2.0 is about resource access and sharing, OIDC is all about user authentication. Its purpose is to give you one login for multiple sites. Each time you need to log in to a website using OIDC, you are redirected to your OpenID site where you login, and then taken back to the website. For example, if you chose to sign in to Auth0 using your Google account then you used OIDC. Once you successfully authenticate with Google and authorize Auth0 to access your information, Google will send back to Auth0 information about the user and the authentication performed. This information is returned in a JSON Web Token (JWT) called an ID Token.

(source: Auth0)

Who is using it?

Here is a non-exhaustive list of some who use OpenId Connect as authentication protocol.

• PayPal
• Auth0
• Amazon Cognito
• ForgeRock
• Google
• Microsoft Azure AD
• Yahoo
• IBM WebSphere
• IBM Security Access Manager
• SalesForce
• U.S. Government Services SSO
• Brazilian Government Services SSO
• Human Brain Project

External Resources

You can find more information about the OpenID Connect protocol in the following links.

Pages

• Official Website
• Official Specifications

Videos

• An Introduction To OpenID Connect
• OpenID Connect Flows
• Identity, Authentication + OAuth = OpenID Connect
• OAuth and OpenID Connect for Microservices
• Securing your apps with OAuth2 and OpenID Connect

Articles

• OpenID Connect explained
• SAML2 vs JWT: Understanding OpenID Connect Part 1
• SAML2 vs JWT: Understanding OpenID Connect Part 2
• Why the Future of Identity is OpenID Connect and not SAML