What is OpenID Connect?
OpenID Connect (OIDC) is an authentication layer on top of the OAuth 2.0 framework. OAuth 2.0 is an authorization framework that enables a third-party application to access some part of a user’s account without having the password of the user. OpenID Connect is an identity layer on top of the OAuth 2.0 framework. Using OpenID Connect, a client application can verify the identity of a user and obtain some basic profile information about the user from the OpenID provider.
Some applications allow a user to login to the application using the user’s Facebook, Twitter, or Gmail credentials. Such applications use OpenID Connect to verify the identity of the user without having the user’s credentials and obtain basic profile information about the user from the OpenID provider.
How does OpenID Connect work? In this article, we would discuss that in detail.
How does OpenID Connect work?
OpenID Connect supports four types of authentication flows.
Implicit Flow – Applications that have no back end logic, such as a Javascript app, uses implicit flow.
Authentication Flow – When an application has a backend logic and can connect with the OpenID provider from the back end, it uses the authentication flow.
Resource Owner Password Grant – This authentication flow is suitable for applications that have a trust relationship with the resource owner, e.g. a highly privileged application. It is suitable for client applications that can obtain the resource owner’s or the user’s credentials.
Client Credentials Grant – It is useful for machine-to-machine authorization.
We would discuss each of the authentication flows in detail.
In this article, we will discuss:
-
What is OpenID Connect?
-
How does OpenID Connect work?
-
Implicit Flow
-
Authentication Flow
-
Resource Owner Password Grant
-
Client Credentials Grant
-
0 Comments