Web Security and Access Management: JWT, OAuth2 & OpenId Connect/

...

/

OpenId Connect Terminologies

OpenId Connect Terminologies

In this lesson, we will look at some of the OpenId Connect terminology.

We'll cover the following...

Here is the important terminology of OpenId Connect.

Identity token

While discussing OAuth, we discussed the authorization code and access token. In the case of OpenId Connect, there is one more token that we can request. This token is called the identity token, which encodes the user’s authentication information.

In contrast to access tokens, which are only intended to be understood by the resource server, ID tokens are intended to be understood by the client application. The ID token contains the user information in JSON format. The JSON is wrapped into a JWT.

When a client receives the identity token, it should validate it first. The client must validate the following fields:

  1. iss - Client must validate that the issuer of this token is the Authorization Server.
  2. aud - Client must validate that the token is meant for the client itself.
  3. exp - Client must validate that the token is not expired.

Here is some sample user information in the form of JSON present in an identity token.

{
  "iss":
...