OpenID Connect (OIDC) is a protocol to verify user identities and get user profile information. OIDC enables devices to verify identities based on authentication done by an authentication server.
One problem OpenID Connect addresses is how application developers can easily provide users with a usable and secure authentication experience, without investing a lot of time into storing and managing passwords. This enables developers to focus on building their application’s core functionality and lets them build more secure, compelling apps.
OpenID Connect is used by an increasing number of developers to build custom applications, for three reasons:
Developers can learn more about how to use OneLogin OIDC support at https://developers.onelogin.com/openid-connect
In the simplest terms, OpenID Connect uses the following process to verify a user identity:
First, OpenID Connect will redirect a user to an identity provider (IdP) to determine the user’s identity, either by seeing if they have an active session (Single Sign On) or by asking the user to authenticate.
Then, once the IdP authenticates the user and authorizes them to access a particular application, the IdP redirects back to that app. This redirect also passes information about the user back to the app that it can use to confirm the user’s identity.
OpenID Connect is built on top of OAuth 2.0, specifies a RESTful HTTP API, and uses JSON as a data format. It has a specialized set of predefined data types and endpoints for exchanging user information between the identity provider and the application.
Auth0 has put together a nice OIDC sandbox at https://openidconnect.net/, which walks the user through the technical details of OpenID Connect authentication process flow. Another example is Google Sign-In, built using OIDC.
If you’d like to examine additional OpenID Connect code samples, here is Auth0’s GitHub page.
The OpenID Connect website FAQ is a good place to start.