{"id":779,"count":1,"description":"OAuth 2.0 | Identity Provider (IdP) | Single Sign-On (SSO) | JSON Web Token (JWT) | Authentication Flow\n<strong>OpenID Connect (OIDC)<\/strong> is a modern authentication protocol based on the OAuth 2.0 authorization framework. It enables clients - usually web applications, mobile apps or microservices - to verify the identity of a user in a secure manner, which is provided by a so-called <strong>Identity Provider (IdP)<\/strong>. In contrast to OAuth 2.0, which was originally only developed for authorization purposes, OIDC extends this protocol with a standardized authentication layer.  \n\nFunctionality\nThe core of OIDC is the <strong>ID token<\/strong>, usually in the format of a <strong>JSON Web Token (JWT)<\/strong>. This token contains claims (e.g. user ID, email address, timestamp) that are signed by the identity provider. The client receives this token via an authentication flow - such as the <strong>Authorization Code Flow<\/strong>, the <strong>Implicit Flow<\/strong> or the <strong>Hybrid Flow<\/strong> - and can use it to validate the user's identity.  \nA typical procedure looks like this:\n\n\n \t\nThe user navigates to the application.\n\n \t\nThe application forwards it to the identity provider.\n\n \t\nAfter successful authentication, the user is redirected back, together with a code or token.\n\n \t\nThe application validates this token and gains access to user information.\n\n\nAreas of application\nOIDC is used in a large number of modern IT architectures:\n\n\n \t\n<strong>Single Sign-On (SSO):<\/strong> Users only need to log in once to access multiple services.\n\n \t\n<strong>Cloud-based applications:<\/strong> e.g. integration with Azure AD, Google Identity or Auth0.\n\n \t\n<strong>Microservice architectures:<\/strong> central authentication solution that can be combined with service meshes such as Istio.\n\n \t\n<strong>Mobile apps:<\/strong> Ensuring a uniform user identity across platforms.\n\n\nAdvantages\n\n \t\n<strong>Standardized and interoperable:<\/strong> OIDC is an open standard that is supported by many providers.\n\n \t\n<strong>Scalable:<\/strong> suitable for small to globally distributed systems.\n\n \t\n<strong>Secure:<\/strong> Through the use of HTTPS, signatures, token lifetimes and optional security mechanisms such as PKCE.\n\n \t\n<strong>Flexible:<\/strong> Supports various authentication flows and extensions.\n\n \t\n<strong>User-friendly:<\/strong> Thanks to SSO, users can log in faster and more conveniently.\n\n\nRelated technologies\nOIDC is closely related to technologies such as <strong>OAuth 2.0<\/strong> (authorization), <strong>SAML<\/strong> (older authentication protocol), <strong>JWT<\/strong> (token format) and <strong>SCIM<\/strong> (user provisioning). Modern IAM systems such as <strong>Keycloak<\/strong>, <strong>Okta<\/strong>, <strong>Auth0<\/strong> or <strong>Microsoft Entra ID (formerly Azure AD)<\/strong> support OIDC natively. \nThe experts at BITS have used OIDC and related technologies in a large number of projects. A selection of case studies and references can be found below.","link":"https:\/\/www.mybits.de\/en\/tag\/oidc-en\/","name":"OIDC","slug":"oidc-en","taxonomy":"post_tag","meta":[],"_links":{"self":[{"href":"https:\/\/www.mybits.de\/en\/wp-json\/wp\/v2\/tags\/779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mybits.de\/en\/wp-json\/wp\/v2\/tags"}],"about":[{"href":"https:\/\/www.mybits.de\/en\/wp-json\/wp\/v2\/taxonomies\/post_tag"}],"wp:post_type":[{"href":"https:\/\/www.mybits.de\/en\/wp-json\/wp\/v2\/posts?tags=779"},{"href":"https:\/\/www.mybits.de\/en\/wp-json\/wp\/v2\/pages?tags=779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}