OpenID Connect
OpenID Connect (OIDC) is
an authentication protocol built on OAuth 2.0. It adds an identity layer to
OAuth 2.0, enabling clients to verify users' identities and obtain basic
profile information in a secure and interoperable manner.
Here’s a breakdown of how OpenID Connect works:
- User Authentication: The user attempts to access a client application (relying party).
- Request to OpenID Provider: The client sends an authentication request to the OpenID Provider (OP).
- User Authentication by OP: The OP authenticates the user and obtains their consent.
- Tokens Issued: The OP issues an ID token and, optionally, an access token to the client.
- User Information: The client can use the ID token to get user information from the UserInfo endpoint.
Key Components:
- ID Token: Contains user identity information and authentication details.
- Access Token: Used to access protected resources.
- OpenID Provider (OP): The server that authenticates the user.
- Relying Party (RP): The application that relies on the OP for user authentication.
OIDC is commonly used for Single Sign-On (SSO) scenarios, allowing users to log in once and access multiple applications without re-entering credentials.
This is covered in CySA+ and Security+.
No comments:
Post a Comment