OpenID Connect

OpenID Connect 1.0 (OIDC) is a federated authentication protocol that provides an identity layer that is built on OAuth 2.0. It enables clients (applications or user agents) to verify the identity of the user based on the authentication performed by the authorization server. Since OAuth just provides authorization, OIDC is needed for authentication. OIDC is a newer protocol than SAML.

OIDC supports several different authentication flows. The authorization code flow is for application servers acting as clients. The hybrid and implicit flows are suitable for user agents acting as client. EAA implementation supports authorization code flow and implicit flow for the relying party (RP).

The user (resource owner), OpenID provider (OP), and the client application (relying party) are the main participants. They communicate with each other using REST API methods and talk to different endpoints between the RP and the OP to allow the verified user to access the client application. The communication between the participants is the following: