OpenID Connect Introduction
Explore the fundamentals of OpenID Connect as an authentication layer built on OAuth. Understand how it enables client applications to securely request user identity information from Identity Providers, simplifying user login processes and improving security. This lesson helps you grasp the differences between local authentication and federated identity management using OpenID Connect, highlighting key participants and use cases.
We'll cover the following...
OAuth 2.0 is designed only for authorization. It is used for granting access to data and features from one application to another. In OAuth, the client is given a token which it uses to access the data on the resource server, but it doesn’t get to know anything about the user. OAuth was used for authentication as well, but since it was not designed for authentication it was extended further to support authentication.
OpenID Connect is an extension of OAuth. It is a thin layer above OAuth which adds support for authentication.
You may have seen that when you try to login to an app, then the app can prompt you to authenticate using your Facebook or Google account. In this case, the app is ...