Full Title or Meme
- The OAuth 2.0 protocol gave access to User Resources, but without authentication, it was fraught with may vulnerabilities.
- The OpenID Connect protocol is always among three parties: the User (called subject), the Relying Party (called client for OAuth compatibility) and the Identifier or Attribute Provider (called OpenID Provider).
- There are always three Identifiers: the subject id (sid), the client id (client_id)
- The Subject ID may be ephemeral.
- The Subject ID may be shared among all of the clients that use the same OP.