If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
OpenID is a protocol designed for user authentication. OpenID is a standard added on the top of Oauth 2.0 (Authorization Protocol) framework which adds ID Token to access token in OAuth 2.0. OAuth and OpenID both act as Single Sign-On (SSO) standards.
OpenID must be in JWT(JSON) data format. One of the Key factors about OpenID is the ability to exchange and make use of information.
This page contains detailed information about the OpenID endpoints that miniOrange exposes on its Authentication servers.
How OpenID SSO Works?
OpenId is the Identity layer over the Base OAuth 2.0 Protocol. Identity is nothing but the Set of Attributes related to the Users. OpenID Identify the users with Specific Attributes sent by IdPs like Email. This Information is passed through the ID token and Signed with IETF JSON Web Signature. Another case of OpenID SSO is miniOrange acting as an IdP , to login into the OpenID application like native mobile applications running on Android and iOS , webapps .
OpenID Connect will redirect a user to an identity provider (IdP) to check the user’s identity, either by looking for an active session i.e Single Sign-On (SSO) or by asking the user to authenticate.
Once the IdP authenticates the user with SSO Session or valid Credentials and authorizes them to access a specific application, the IdP redirects back to that application. This redirection also passes information about the user back to the app confirming the user’s identity and that it can use to.
UserInfo Endpoints : Contains Additional Info like Attributes and translates the Token.
Purpose of OpenID
OpenID’s purpose is to give Single login for multiple sites.
Secure Single Sign-On (SSO) Access.
To send user Authentication information : OpenID contains an ID token which has the details about Authenticated User.
It also contains access tokens in case more information has to be sent.
Who uses OpenID ?
Identity Providers like Google, Twitter, Facebook use this so that users can login in to the Identity Provider, and then access other apps and websites without having to sign in or share their login information.
How is miniOrange helpful in the OpenID SSO?
OpenID providers directly do not support SSO for all forms of applications.
miniOrange can provide you with the broker service where you can connect to any application using your openID IdP login parameters.You can login into any cross platform application with OpenID identity.
You can configure your OpenID provider with miniOrange and can set all kinds of applications like react, node.js, SAML, Oauth, JWT, OpenID. Here miniOrange does the handshake between the openID provider and applications seamlessly.
SSO using OpenID Provider , into all kinds of applications will be possible with miniOrange broker Service.
Difference between OAuth and OpenID
OAuth grants access to your API, user data in other systems.
OpenID Logs the user into the account and makes it available in other systems.
OAuth Authorizes the user with the resource
OpenID Authenticates the User into the Service Provider.
the role to manage access to the resources is played by OAuth.
OpenID provides you with an Identity Layer.
OAuth cannot differentiate between the user logged in as the two users can have the same access to resources.