Difference between revisions of "OpenID Connect"
From MgmtWiki
(Created page with "==Full Title or Meme== An extension of OAuth 2.0 to give a Relying Party access to User Information. (Other uses of this protocol are possible, but not of interest...") |
(→Context) |
||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | The [[OAuth 2.0]] protocol gave access to [[User]] [[Resource]]s, but without authentication, it was fraught with may vulnerabilities. | + | *The [[OAuth 2.0]] protocol gave access to [[User]] [[Resource]]s, but without authentication, it was fraught with may vulnerabilities. |
| + | *The [[OpenID Connect]] protocol is always among three parties: the [[User]] (called subject), the [[Relying Party]] (called client for OAuth compatibility) and the [[Identifier or Attribute Provider]] (called OpenID Provider). | ||
| + | *There are always three [[Identifier]]s: the subject id (sid), the client id (client_id) | ||
==Problems== | ==Problems== | ||
Revision as of 13:50, 30 July 2018
Full Title or Meme
An extension of OAuth 2.0 to give a Relying Party access to User Information. (Other uses of this protocol are possible, but not of interest for Identity Management.
Context
- The OAuth 2.0 protocol gave access to User Resources, but without authentication, it was fraught with may vulnerabilities.
- The OpenID Connect protocol is always among three parties: the User (called subject), the Relying Party (called client for OAuth compatibility) and the Identifier or Attribute Provider (called OpenID Provider).
- There are always three Identifiers: the subject id (sid), the client id (client_id)
