If you don't hear from us within 24 hours, please feel free to send a follow-up email to email@example.com
What is OpenID Connect SSO?
OpenID connect is a protocol designed for user authentication. OpenID connect is a standard added on the top of Oauth 2.0 (Authorization Protocol) framework which adds ID Token to the access token in OAuth 2.0. OAuth and OpenID both act as Single Sign-On (SSO) standards.
OpenID Connect must be in JWT(JSON) data format. One of the Key factors about OpenID Connect is the ability to exchange and make use of information.
This page contains detailed information about the OpenID endpoints that miniOrange exposes on its Authentication servers.
Why OpenID Connect?
As we know that Open ID connect is an identity layer for authentication purpose above OAUTH2.0 framework which is used for authorization, but back in the day OAUTH 2.0 was misused for pseudo authentication and as a result Open ID Connect entered the picture.
How OpenID Connect SSO Works?
OpenId connect is the Identity layer over the Base OAuth 2.0 Protocol. Identity is nothing but the Set of Attributes related to the Users. OpenID connect Identify the users with Specific Attributes sent by IdPs like Email. This Information is passed through the ID token and Signed with IETF JSON Web Signature. Another case of OpenID SSO is miniOrange acting as an IdP , to login into the OpenID connect application like native mobile applications running on Android and iOS , webapps
OpenID Connect will redirect a user to an identity provider (IdP) to check the user’s identity, either by looking for an active session i.e Single Sign-On (SSO) or by asking the user to authenticate.
Once the IdP authenticates the user with SSO Session or valid Credentials and authorizes them to access a specific application, the IdP redirects back to that application. This redirection also passes information about the user back to the app confirming the user’s identity and that it can use to.
UserInfo Endpoints : Contains Additional Info like Attributes and translates the Token.
Purpose of OpenID Connect
OpenID’s purpose is to give Single login for multiple sites.
Secure Single Sign-On (SSO) Access.
To send user Authentication information : OpenID Connect contains an ID token which has the details about Authenticated User.
It also contains access tokens in case more information has to be sent.
Applications of OpenID Connect
Identity Providers like Google, Twitter, Facebook use this so that users can login in to the Identity Provider, and then access other apps and websites without having to sign in or share their login information.
Native Single Sign-On is enabled by OpenID Connect. As the popularity of native applications grows due to their ease of use and distribution, there is a greater demand for default OAuth 2.0 in native environments. However, the burden of managing authentication across a sea of different native apps falls on the end user, who must know which login is for which app and which must be re-authenticated.
How is miniOrange helpful in the OpenID Connect SSO?
OpenID connect providers do not directly support SSO for all forms of applications.
miniOrange can provide you with the broker service where you can connect to any application using your openID IdP login parameters.You can login into any cross platform application with OpenID identity.
You can configure your OpenID Connect provider with miniOrange and can set all kinds of applications like react, node.js, SAML, Oauth, JWT, OpenID. Here miniOrange does the handshake between the openID Connect provider and applications seamlessly.
SSO using OpenID Connect Provider , into all kinds of applications will be possible with miniOrange broker Service.
Difference between OAuth and OpenID Connect
OAuth grants access to your API, user data in other systems.
OpenID connect Logs the user into the account and makes it available in other systems..
OAuth Authorizes the user with the resource
OpenID Connect Authenticates the User into the Service Provider.
Oauth 2.0 sends access and refresh tokens which are used to make api calls on a user's behalf.
OpenID connect consists of Id token which contains the end user’s information
OAuth cannot differentiate between the user logged in as the two users can have the same access to resources.
OpenID can differentiate between users logged in.
OAuth, on the other hand, is in charge of managing resource access.
OpenID connect provides you with an Identity Layer