What is oidc

Overview

OpenID Connect (OIDC) is an open authentication standard that extends OAuth 2.0 to include authentication capabilities. While OAuth 2.0 focuses on authorization (granting access to resources), OIDC adds an identity layer that allows applications to verify who users are and obtain their profile information securely.

How OIDC Works

OIDC operates through a series of protocol exchanges between three parties: the user, the application (relying party), and the identity provider. When a user attempts to log in, the application redirects them to the identity provider. After authentication, the identity provider returns an ID token containing user claims and information. The application validates this token and logs the user in, typically creating a session.

Key Components

The main components of OIDC include:

• ID Token: A JSON Web Token (JWT) containing user identity claims
• Access Token: Used to access protected resources on behalf of the user
• Authorization Code: A temporary code exchanged for tokens
• UserInfo Endpoint: Provides additional user profile information
• Discovery Endpoint: Allows applications to discover OIDC provider configuration

Common Use Cases

OIDC is widely used for single sign-on (SSO) scenarios where users can log into multiple applications with one set of credentials. Enterprise organizations use OIDC to centralize authentication. Social login scenarios, where users sign in with Google, Microsoft, or other providers, rely on OIDC standards.

Security Features

OIDC incorporates several security measures including token signing and encryption, authorization code flow with PKCE for mobile applications, and support for multi-factor authentication. The standard defines secure token handling practices and session management guidelines.