OpenID Connect

From MgmtWiki
Revision as of 13:50, 30 July 2018 by Tom (talk | contribs) (Context)

Jump to: navigation, search

Full Title or Meme

An extension of OAuth 2.0 to give a Relying Party access to User Information. (Other uses of this protocol are possible, but not of interest for Identity Management.


  • The OAuth 2.0 protocol gave access to User Resources, but without authentication, it was fraught with may vulnerabilities.
  • The OpenID Connect protocol is always among three parties: the User (called subject), the Relying Party (called client for OAuth compatibility) and the Identifier or Attribute Provider (called OpenID Provider).
  • There are always three Identifiers: the subject id (sid), the client id (client_id)