OpenID Connect (OIDC)

Eintrag zuletzt aktualisiert am: 13.12.2022

OpenID Connect dient zur Authentifizierung von Benutzern, die auf Open Authorization Version 2 (OAuth2) basiert.

OpenID Connect erlaubt es Clients,
1. die Identität eines Anwenders mit Hilfe eines Autorisierungsservers zu prüfen
2. Informationen über einen Benutzer zu erhalten (Profilinformationen, "Claims")

OpenID Connect erstellt ein Identity Token im Format JSON Web Token (RFC 7519).

OpenID Connect definiert eine Reihe von Standardclaims, z.B. givenname, familiyname, email, gender, picture, birthdate, address usw.

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

"OpenID Connect 1.0 is a simple identity layer on top of the Oauth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for them." (Quelle: http://openid.net/connect/)