OpenID Connect

OpenID Connect 1.0 (OIDC) is a federated protocol that provides an identity layer that is built on OAuth 2.0. It enables clients (applications or user agents) to verify the identity of the end user based on the authentication performed by the authorization server. Since OAuth just provides authorization, OIDC is needed for authentication. OIDC is a less verbose, newer, and more efficient protocol than SAML that is gaining in popularity.

OIDC supports several different authentication flows. The authorization code flow is for application servers acting as clients. The hybrid and implicit flows are suitable for user agents acting as client. EAA implementation supports authorization code flow and implicit flow for the relying party (RP).

The end user (resource owner), OpenID provider (OP), and the client application (relying party) are the main participants. They communicate with each other using REST API methods and talk to different endpoints between the RP and the OP to allow the verified end user to access the client application. It is less verbose than SAML Here is a diagram describing the communication between the participants:

OpenID Connect participants

To understand key concepts and terms in OIDC, see OpenID Connect concepts and terms.

To understand Enterprise Application Access's (EAA) supported specifications and limitations, see Supported OpenID Connect specifications .