OpenID Connect in Detail

OpenID Connect in Detail

In this 4 part online course you will get a comprehensive understanding of OpenID Connect. You will learn about important aspects of OpenID Connect such as: what are ID tokens and how to validate them, how to properly manage sessions and different ways of enabling stronger authentication methods.

Register to receive each new lesson directly to your inbox and watch from the comfort of your chair, at a time that suits you.

Each session is approximately 30 minutes long.

Course outline

Session 1: Overview of OpenID Connect

The first session of the four part course highlights the differences between the OpenID Connect and OAuth specifications. You’ll learn about new flows introduced in OpenID Connect and some new concepts, like the metadata endpoint and the nonce parameter.

  • Difference from OAuth
  • Metadata of the OpenID Connect Provider
  • Additional flows: Implicit flow
  • Additional flows: Hybrid flow
  • The nonce parameter
  • Response modes

Session 2: ID Tokens and UserInfo EndPoint

In the second part, we will dive deep into claims and ID tokens. You will learn about standard claims introduced in OpenID Connect, their relation to scopes and to the UserInfo endpoint. You’ll also learn how the JWKS endpoint is used in the ID token verification process.

  • Standard Scopes and Claims
  • What's in the ID Token
  • The JWKS Endpoint
  • What's in the UserInfo Endpoint
  • Using Claims parameter to request Claims

Session 3: Authentication with OpenID Connect

In part three we focus on authentication, specifically the techniques used in OpenID Connect to assess levels of authentication. We also show ways of increasing the level of security in OAuth and OpenID Connect flows through usage of signed requests objects and validation of responses with the help of an ID token.

  • Understanding ACRs and AMRs
  • The Prompt parameter
  • Request objects
  • Validating the response using the ID Token

Session 4: OpenID Connect Logout and Session Handling

In the fourth and final session in the series we’ll explain the details of the OpenID Logout specifications. We will demonstrate how they can used to Single Logout, and keeping the sessions in sync across applications.

  • OpenID Connect Logout: RP initiated
  • OpenID Connect Logout: Front Channel Logout
  • OpenID Connect Logout: Back Channel Logout
  • Session Management: Session State

Presented by:

Identity Specialists

Identity Specialists

at Curity

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.