OpenID Connect (OIDC)

OpenID Connect adds authentication to OAuth 2.0. Where OAuth answers what an application is allowed to access, OIDC answers who the user is. After the user signs in at the identity provider, the application receives an ID token, a signed JSON Web Token that asserts the user’s identity and selected attributes.

OIDC is the default protocol for modern customer login and single sign-on. It is simpler to implement than SAML, works well for web, mobile, and single-page applications, and is stewarded by the OpenID Foundation. Related profiles extend it: FAPI for high-security APIs, and OID4VC and OID4VP for issuing and presenting verifiable credentials.

In CIAM, OpenID Connect is usually the protocol a platform speaks to applications, giving customers one login across a company’s properties.

Sources

• OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html