Abstract
- Stands for Open ID Connect
- Builds on top of OAuth 2.0
- Instead of just giving back Access Token, it also gives back a ‘badge’ - information who you are → ID Token
The workflow is pretty similar to OAuth 2.0 except
- Scope in Consent has
OPENID- Client receives both Access Token & ID Token
ID Token
- A JWT
- Used for Authentication, NOT Authorisation
- Contains JWT Claims like
aud(Audience Property) which defines which Client is meant to be the final recipient of the ID Token - Contain Resource Owner (Identity) info like email and username which can be used by Client to populate the application UI
Identity Provider
- Authorization Server that supports OIDC Authentication