Introduction of OpenID Connect

-

OpenID Connect (OIDC) is an open authentication protocol that profiles and extends OAuth 2.0 to add an identity layer. OIDC allows clients to confirm an end user’s identity using authentication by an authorization server. Implementing OIDC on top of OAuth 2.0 creates a single framework that promises to secure APIs, mobile native applications and browser applications in a single, cohesive architecture.


What is OAuth 2.0 and how does OAuth 2.0 work?

OAuth 2.0 is an authorization framework that delegates user authentication to the service provider that hosts the user account, and authorizes third-party applications to access the user account. OAuth 2.0 provides authorization flows for web applications, desktop applications and mobile devices.

By introducing an authorization layer, OAuth 2.0 separates the role of the client from the resource owner, or end user. If the client requests access to resources controlled by the end user and hosted by the resource server, instead of using the end user's credentials to access protected resources, the client gets an access token. With the approval of the end user, the authorization server will issue access tokens to the requesting client.

 OAuth 2.0 is explicitly designed to support a variety of different client types that access REST APIs. This includes applications running on enterprise web servers conversing with the cloud as well as applications running on employee or customer mobile devices. The OAuth framework supports a variety of client types by defining multiple mechanisms for getting a token where the different mechanisms acknowledge the client type constraints.

Differences of OAuth2.0 and OpenID Connect

The main difference between OpenID and OAuth is that OpenID is an authentication protocol while OAuth is an authorization framework. OpenID and OAuth are both open standards that complement each other, but OpenID allows users to be authenticated by relying parties. An OIDC relying party is an OAuth 2.0 Client application that requires user authentication and claims from an OIDC provider. OAuth allows access tokens to be issued to third-party clients by an authorization server. 

OpenID Connect is built on a profile of OAuth and provides additional capabilities in conveying the identity of the user using the application. Clients use OAuth to request access to an API on a user’s behalf, but nothing in the OAuth protocol tells the client user information. OpenID Connect enables a client to access additional information about a user, such as the user's real name, email address, birthdate or other profile information

How does OpenID Connect work?

 The application starts with an OAuth flow that asks the user to authorize a request. As part of that flow, the client will include the OpenID Connect scope along with scopes for any additional information it wants about the user.

After the request is processed, the client will receive an access token as well as an ID token issued by the authorization server that contains claims that carry information about the user. The user’s SSO experience is made possible by the delivery of the ID token from the authorization server to the client. The client can then contact a special endpoint on the authorization server known as the User Info endpoint to receive the remaining claims about the user. OpenID Connect also defines mechanisms for discovery and session management beyond OAuth.




Comments

Post a Comment

Popular posts from this blog

Email Sending through O365 using OAuth Protocol

-
  Microsoft Office365 EWS servers have been extended to support authorization via the industry-standard OAuth 2.0 protocol. Using OAUTH protocol, user can do authentication by Microsoft Web OAuth instead of inputting user and password directly in application Microsoft / Office 365 OAuth + EWS We can use the OAuth authentication service provided by Azure Active Directory to enable our application to connect with IMAP, POP or SMTP protocols to access Exchange Online in Office 365. To use OAuth with our application we need to register application on Azure Active directory and other steps also we need to do to get the access token back. Below are the steps   To use Microsoft/Office365 OAUTH in your application, you must create an application in  https://portal.azure.com . Sign into the Azure portal using either a work or school account or a personal Microsoft account. If your account gives you access to more than one tenant, select your account in the top right corn
Read more

IISRESET vs App Pool Recycling ?

-
Image
 I think most IIS administrators know IISRESET command, and why they use it. One of possible reasons can be to restart IIS services to initialize web applications, or to apply some changes of applications & IIS settings .There’re just a few conditions those need your IISRESET command. In most situations, you don’t need this. I have a concern if you always run this command for applying any changes, or release system resource – memory – regularly, or frequently. Because it’s much more cost than what you really need to take – there’re side effects Recycling App Pool’ has been introduced from IIS6 in Windows2003. It’s designed to restart only application pools(=worker processes). It can be done in a command prompt(run ‘IISAPP /?’ in a command prompt for details), as well as in the IIS manager What IISRESET does? When you run IISRESET, many things will happen. In order to understand them, I think I need to show you how IIS looks like – about IIS core components. The below shows you role
Read more

Deploy .Net6.0 Web api with docker

-
Image
  What is Docker? Docker is a containerization platform, meaning that it enables you to package your applications into images and run them as “containers” on any platform that can run Docker. It negates the classic: “It works on my computer” argument as Docker images contain everything needed for the app to run. Are Containers the same as Virtual Machines? They are similar, but not the same. In short: Virtual Machines provide OS Level Virtualization Containers provide App Level Virtualization This concept is depicted below: Why Would You Use it? In short you would use Docker, (and hence containers), for the following reasons: Portability.  As containers are self- contained  they can run on any platform that runs Docker, making them easy to stand up and run on a wide variety of platforms. Scalability.  With the use of additional “orchestration” you can spin up multiple container instances to support increased load. Performance.  Containers generally perform better than their VM counterp
Read more