OpenID Connect (OIDC) is an open authentication protocol that basically serves as a secure system for verifying an end user’s identity. It does this by allowing applications to contact trusted identity providers via an authorisation server and safely exchange user details. The data transferred is RESTful and interoperable.
OIDC not only adds an extra layer of security to the authentication process, it also enhances the user experience. Here are some key benefits of OIDC:
When opening an application, an OAuth flow is initiated. At this point, the user is asked to authorise a request. OAuth 2.0 is not an identity protocol in and of itself. It is only designed to grant access. OIDC enhances the OAuth 2.0 framework by adding login and profile information about the user signing up or logging in.
During this authorisation process, the application or service provider includes the OIDC scope and requests for any additional user information it requires. Once the request has been processed, the application or service provider receives an access token and an ID token from the authorisation server with the necessary user information.
In order to provide the single sign-on experience, the ID token is delivered from the authorisation server to the application or service provider. Thereafter, an endpoint located on the authorisation server can provide the remaining user information.
OIDC can also be implemented for discovery and session management beyond OAuth.
How Does OIDC Improve Security?
OIDC provides additional security features to verify a user's identity and ensure that only authorised users can access an application.
What Are the Main Components of OIDC?
The OpenID Provider (OP): The OpenID Provider is the service that provides the identity management and performs the authentication process.
The Relying Party (RP): The Relying Party is the application or website that requires the authentication of the user and uses the identity information issued by the OpenID Provider.
The User: The User is the person who logs into the application and confirms their identity by authenticating via the OpenID Provider.
Is OIDC Scalable?
OIDC is scalable and can be used in a variety of application areas, including mobile applications and web applications.
How Is OAuth 2.0 Different From OAuth 1.0?
OAuth 2.0 is a simpler and more flexible protocol than OAuth 1.0. It does not require the use of cryptographic signatures or the inclusion of the client secret in every request. It also allows the use of access tokens that can be updated instead of relying on a single access token that is valid for the entire duration of the authorisation.