Using OpenID Connect for Authentication

OpenID Connect (OIDC) is an authentication protocol that is used to enable SSO capabilities for web and mobile applications. OIDC provides a way to authenticate users and obtain information about their identity. This is achieved through the use of identity tokens, which contain claims about the user, such as their username, email, and other profile information.

OIDC is responsible for authentication flow. It defines how the endpoints involved in the authentication should be structured, how different parts of the system should interact with each other, and what should be the shape of the data exchanged between the different parts of the system.

Building a basic OIDC provider

To explain how OIDC works, we will build an IdP application with the most bare-bone OIDC functionality. It's not necessary to do this in a commercial setting because off-the-shelf providers, such as Okta and Keycloak, already support OIDC. However, this exercise will help us to understand better how OIDC works.

Our complete application is represented by the following playground. We will now go through the code step-by-step to see how the OIDC functionality is enabled.