OpenID Connect

OpenID Connect

Explore the OpenID Connect authorization framework. Learn about OpenID Connect vs. OAuth, OpenID Connect Code Flow, Dynamic Client Registration, and more.

What is OpenID Connect? OpenID Connect is an identity layer on top of the OAuth authorization standard protocol. It allows for verification of an end user’s identity based on authentication performed by an authorization server. It also allows clients to request and receive information about authenticated sessions and end users using ID Tokens. The OpenID Connect is an API friendly specification and also allows for use of optional features such as encryption of identity data, discovery of OpenID Providers, and session management.

Encrypted ID Tokens

Encrypted ID Tokens

Using JSON Web Encryption to protect the confidentiality of ID tokens

Client Initiated Backchannel Authentication (CIBA) Flow

Client Initiated Backchannel Authentication (CIBA) Flow

This article describes the messages in the poll mode as specified by CIBA and aims to help developers understand and implement the specification.

Client Initiated Backchannel Authentication (CIBA)

Client Initiated Backchannel Authentication (CIBA)

Learn about the Client Initiated Backchannel Authentication (CIBA) specification and how to use it to retrieve a token without direct user interaction.

OpenID Connect Single Logout

OpenID Connect Single Logout

An overview of OpenID Connect Single Logout and how it can be used as a counterpart to Single Sign On (SSO) to protect users and their data.

OpenID Connect Standards

OpenID Connect Standards

Overview of OpenID Connect standards used by the Curity Identity Server.

OpenID Connect Hybrid Flow

OpenID Connect Hybrid Flow

The OpenID Connect Hybrid Flow explained. An overview of the authorization and token endpoint requests.

Pairwise Pseudonymous Identifiers

Pairwise Pseudonymous Identifiers

Introduction to Pairwise Pseudonymous Identifiers (PPIDs). How to use them in OpenID Connect Standard to increase user privacy.

JWT Secured Authorization Response Mode (JARM)

JWT Secured Authorization Response Mode (JARM)

An overview of the JWT Secured Authorization Response Mode, when and how to use it.

Dynamic Client Registration Management

Dynamic Client Registration Management

An overview of Dynamic Client Registration Management: DCR and DCRM with client certificates. Learn how to manage any dynamically registered clients.

OAuth and OIDC Request Objects

OAuth and OIDC Request Objects

An overview of the OAuth and OIDC Request Objects, how to pass them, and how to validate, sign, encrypt and use them in authorization requests.

Dynamic Client Registration Authentication Methods

Dynamic Client Registration Authentication Methods

An overview of the main DCR use cases, how to secure DCR, user and client authentication, Financial-grade DCR authentication and dynamic client management.

Using Dynamic Client Registration

Using Dynamic Client Registration

Dynamic Client Registration allows new clients to be registered using a standard API. In this article we provide examples of use cases.

Dynamic Client Registration Overview

Dynamic Client Registration Overview

An overview of the Dynamic Client Registration (DCR) protocol. Learn about its use cases, deployment patterns and how to build a more dynamic network.

Validating an OpenID Connect ID Token

Validating an OpenID Connect ID Token

This article shows how to validate an OpenID Connect ID Token. Find out what each part of the token means and when to use JWT tokens.

OpenID Connect Authorization Code Flow

OpenID Connect Authorization Code Flow

A thorough explanation of the OpenID Connect Authorization Code Flow. Learn how to authenticate users and clients with OIDC.

OpenID Connect Overview

OpenID Connect Overview

OpenID Connect explained: what it is and what benefits does it offer. How does it compare with OAuth2 and Saml?

Videos

The Token Handler Pattern: OpenID Connect for Single Page Apps
OAuth and OpenID Connect - What's next?
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect