OpenID Connect (OIDC) is an identity layer that sits on top of the OAuth 2.0 protocol for the purpose of authenticating users needing to access protected APIs. OIDC does not provide authorization; that is handled by an OAuth 2.0 flow that presents the authenticated identity to an authorization server. In OIDC, the mechanism for delivery of the identity information is a security token, known as an “ID Token.” The ID Token contains authentication claims about a user as a JSON Web Token (JWT). When delivered by EmpowerID, the claims payload in is an ID Token look that looks similar to that shown below. Note that more or less claims could be in the token.
...
The sequence for authenticating using OIDC looks like that shown in the following image. As OIDC is used in OAuth 2.0 flows, the image is incomplete in that it only depicts the authentication stage of the flow. A more complete presentation of what occurs when using OpenID Connect in an OAuth 2.0 grant in EmpowerID is shown in the OAuth 2.0 Authorization Code Grant.
...
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|