OpenID Connect (OIDC)
Last updated
Was this helpful?
Last updated
Was this helpful?
While OAuth 2.0 focuses solely on granting access to data, it doesn’t reveal much about the resource owner’s identity.
Enter OpenID Connect (OIDC), a nifty addition that sits atop OAuth 2.0, bringing a wealth of login and profile information about the person who’s logged in.
With OIDC, a client can establish a login session and gather information about the resource owner, known as identity. OIDC is often referred to as an identity provider and enables scenarios where a single login can be used for multiple applications.
Imagine it as using an ATM. The ATM is the client, wanting access to banking services, and your bank card is the token it uses.
The card includes basic information like your name, expiration date, and issuer. OIDC builds upon the OAuth framework and can’t function without it.
The OIDC flow closely resembles OAuth. For instance, the client initiates a request with the authorization server.
The authorization server follows similar steps as OAuth, creating an authorization code and sending it back to the client via the resource owner’s browser. But when the client exchanges the authorization code for an access token, it also receives an ID token.