Relying Party

A relying party is any application that trusts an identity provider to authenticate its users. In OpenID Connect the term is “relying party”; in SAML the equivalent role is called the “service provider.” In both cases the application redirects sign-in to the IdP and then consumes the resulting assertion or token.

The defining characteristic is delegation. The relying party does not store or check passwords and does not run its own login flow. It registers with the IdP, receives a client identifier, and validates the signed token the IdP returns to confirm the user’s identity before granting a session.

Because the relying party trusts the IdP’s assertion, the security of the integration depends on correct token validation: checking the signature, issuer, audience, and expiry. A relying party that skips these checks can be tricked into accepting forged or replayed tokens.

For CIAM, most customer-facing products are relying parties of a central identity platform. Treating each application as a thin relying party keeps authentication logic in one place and lets new applications onboard by registering rather than rebuilding login.

Sources

• OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html