Web Authentication - OpenId

Oauth

About

OpenID is an open standard and decentralized authentication protocol.

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.

The OpenID Connect protocol is a flavor of OAuth2

It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

OpenId Discovery

Example from Dex

curl http://127.0.0.1:5556/dex/.well-known/openid-configuration
{
  "issuer": "http://127.0.0.1:5556",
  "authorization_endpoint": "http://127.0.0.1:5556/auth",
  "token_endpoint": "http://127.0.0.1:5556/token",
  "jwks_uri": "http://127.0.0.1:5556/keys",
  "response_types_supported": [
    "code"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "openid",
    "email",
    "profile"
  ]
}

Documentation / Reference





Discover More
Authentication / Authorization Protocol / Flow

Authentication - Authorization Protocol / Flow are framework that describes a procedure to authenticate and authorize a client. (OpenId)
Card Puncher Data Processing
Azure Authentication - OpenId

where directory name is the active directory name. Response with tenanId
Card Puncher Data Processing
Cognito - Identity Provider

identity provider in Cognito. They are used to authenticate a user, retrieve and update user pool profiles. External Identity provider possibility: SAML OpenID Connect ( Example with...
Federated Identity

is the possibility to regroup several identities under one from identity provider It's the ability: to require a user to sign once and gain access to different applications. single sign-on...
What are JSON Web Keys (Jwk)?

A JSON Web Key (Jwk) represents a key as a JSON object. These JSON documents are provided by an identity provider server like Google, Microsoft, etc…​ but you can also generate your keys: ...
What are the HTTP Authentication schemes and methods?

This page lists the HTTP authentication schemes and the HTTP components that they used Via the Http Authorization Header: Basic Bearer Digest Others: DPoP HOBA 7486rfc 7486, Section 3...
Jwt Auth Flow
What is a JWT or JWS token? (Json web signed token)

json web token is a access token. It's also known as jot. When a JWT is signed, it becomes a JWS and can be used for sender authentication and authorization. The main purpose of JWTs is to transfer...



Share this page:
Follow us:
Task Runner