OIDC

OAuth 2.0 | Identity Provider (IdP) | Single Sign-On (SSO) | JSON Web Token (JWT) | Authentication Flow
OpenID Connect (OIDC) is a modern authentication protocol based on the OAuth 2.0 authorization framework. It enables clients – usually web applications, mobile apps or microservices – to verify the identity of a user in a secure manner, which is provided by a so-called Identity Provider (IdP). In contrast to OAuth 2.0, which was originally only developed for authorization purposes, OIDC extends this protocol with a standardized authentication layer.

Functionality
The core of OIDC is the ID token, usually in the format of a JSON Web Token (JWT). This token contains claims (e.g. user ID, email address, timestamp) that are signed by the identity provider. The client receives this token via an authentication flow – such as the Authorization Code Flow, the Implicit Flow or the Hybrid Flow – and can use it to validate the user’s identity.
A typical procedure looks like this:

The user navigates to the application.

The application forwards it to the identity provider.

After successful authentication, the user is redirected back, together with a code or token.

The application validates this token and gains access to user information.

Areas of application
OIDC is used in a large number of modern IT architectures:

Single Sign-On (SSO): Users only need to log in once to access multiple services.

Cloud-based applications: e.g. integration with Azure AD, Google Identity or Auth0.

Microservice architectures: central authentication solution that can be combined with service meshes such as Istio.

Mobile apps: Ensuring a uniform user identity across platforms.

Advantages

Standardized and interoperable: OIDC is an open standard that is supported by many providers.

Scalable: suitable for small to globally distributed systems.

Secure: Through the use of HTTPS, signatures, token lifetimes and optional security mechanisms such as PKCE.

Flexible: Supports various authentication flows and extensions.

User-friendly: Thanks to SSO, users can log in faster and more conveniently.

Related technologies
OIDC is closely related to technologies such as OAuth 2.0 (authorization), SAML (older authentication protocol), JWT (token format) and SCIM (user provisioning). Modern IAM systems such as Keycloak, Okta, Auth0 or Microsoft Entra ID (formerly Azure AD) support OIDC natively.
The experts at BITS have used OIDC and related technologies in a large number of projects. A selection of case studies and references can be found below.