OIDC

OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 framework. It allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. OIDC uses JSON web tokens (JWTs), which you can obtain using flows conforming to the OAuth 2.0 specifications... While OAuth 2.0 is about resource access and sharing, OIDC is about user authentication. Its purpose is to give you one login for multiple sites. Each time you need to log in to a website using OIDC, you are redirected to your OpenID site where you log in, and then taken back to the website. https://auth0.com/docs/authenticate/protocols/openid-connect-protocol

OIDC is about who someone is. OAuth 2.0 is about what they are allowed to do. https://www.pingidentity.com/en/resources/identity-fundamentals/authentication-authorization-standards/openid-connect.html

https://openid.net/

OpenID Connect is an authentication protocol built on OAuth 2.0, that in practice is not implemented to provide open (portable) identifiers across systems, nor does it have anything to do with OpenID (1 or 2) except in name, but instead, identities are tied to a specific identity provider. https://indieweb.org/OpenID_Connect

How is IndieAuth different from OpenID Connect... In order for IndieAuth to be useful as an authentication protocol (in addition to authorization), IndieAuth adds the concept of a unique user identifier: a profile URL. Because these URLs rely on the public web and DNS, they are guaranteed to be globally unique. OpenID Connect also adds an identity layer on top of OAuth 2.0. Users are identified by a property, "sub" (short for subject), which can be a string of any format returned by the authorization server. There is no requirement that these user identifiers are globally unique, they are only guaranteed to be unique within the particular OpenID Connect system being used... The original goals of OpenID included the ability for users to be their own identity providers, and developers to be able to consume any identities, without any prior relationships. Additionally, users could bring their own identity with them when they moved to a different OpenID provider. OpenID Connect has moved away from these goals, instead treating each OpenID Connect system as its own silo.

Matrix.org is moving to OIDC, but isn't there yet (Oct'2023).


Edited:    |       |    Search Twitter for discussion