Open id connect is a simple identity layer on top of OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information in an interoperable manner. It allows clients including web-based, JavaScript clients to request and receive information about the authenticated sessions and end-users. This is not a standard identity provider but best in term of usability and simplicity.
The formula for the success of OIDC:
• Easy to consume identity tokens: Clients receive the identity encoded in a secure JSON web token (JWT). It is appreciated for its elegance and portability. It also supports a wide range of signature and algorithms.
• Based on OAuth 2.0: The ID token is obtained via a standard OAuth 2.0 flow, with support for web applications.
• Simplicity: it is simple enough to be integrated with basic and typical applications, but is also have the feature and security options to match higher enterprise requirements.
The ID token resembles the concept of an identity card, in standard JWT format. To obtain one client needs to send the user to their OP with an authentication request.
Features of ID tokens:
1. Asserts the identity to the user.
2. Specifies the issuing authority.
3. May include additional requested detail about the subject such as name, email.
4. Is digitally signed
5. Can be encrypted for confidentiality.
Openid connect is a fast and secure way of signing in the websites. Here are some advantages to it:
• Accelerate the sign-in process: most websites ask for the number of repetitive information to use the application. Open ID accelerates that process by allowing the user to sign in with a single click. Primary data like name, date of birth and location is stored in open id.
• Gain control over online identity: Open id is not controlled by any website or service provider which means it allows the user to control how much data is shared online that accepts Open ids.
• Minimize password risk: Many people deploy the same passwords for different sites and hence if one password is compromised than a hacker can gain control over every website where the password has been kept the same. With OIDC password is never shared with any website and if a compromise does occur people can simply change the codes to minimize the data loss.
There are some servers which are not trustworthy and do not provide any security; however, if you choose open ID to connect internally, one can create his or her own secure server which is pretty safe. With open id, a user can obtain a token to use in an API call. The user is actively involved in the issuing of that token and has the power to impose policies as to when that token can be used and how his or her data is shared.
No comments:
Post a Comment