OpenID Connect (OIDC)
Last updated
Last updated
While OAuth 2.0 focuses solely on granting access to data, it doesn’t reveal much about the resource owner’s identity.
Enter OpenID Connect (OIDC), a nifty addition that sits atop OAuth 2.0, bringing a wealth of login and profile information about the person who’s logged in.
Think of OIDC as the “badge” it gives to the client about the resource owner—it provides essential details about who you are.
With OIDC, a client can establish a login session and gather information about the resource owner, known as identity. OIDC is often referred to as an identity provider and enables scenarios where a single login can be used for multiple applications.
This is like Single Sign-On (SSO) for social networking services, where users can choose to log in with Twitter or Facebook.
Imagine it as using an ATM. The ATM is the client, wanting access to banking services, and your bank card is the token it uses.
The card includes basic information like your name, expiration date, and issuer. OIDC builds upon the OAuth framework and can’t function without it.
The OIDC flow closely resembles OAuth. For instance, the client initiates a request with the authorization server.
OIDC uses a specific scope to let the authorization server know that it’s handling an OIDC exchange.
The authorization server follows similar steps as OAuth, creating an authorization code and sending it back to the client via the resource owner’s browser. But when the client exchanges the authorization code for an access token, it also receives an ID token.
