What is OpenID Connect?

Whether you are boarding a flight, checking into a hotel or requesting a passport, in order to complete any of these tasks your must first verify your identity (authentication.) Followed by flight and seat assignment, reservation and credit card confirmation and citizenship verification (authorisation.) In today's ever changing technology landscape, identity is becoming the only true identifier. When we think about authentication and authorisation, both have their place in the identity and access management space but authentication is key to the identity component and key to federation. This is where OpenID Connect comes into play.

What is OpenID Connect?

OpenID Connect is a protocol that sits on top of the OAuth 2.0 framework. Where OAuth 2.0 provides authorisation via an access token containing scopes, OpenID Connect provides authentication by introducing a new token, the ID token which contains a new set of scopes and claims specifically for identity. With the ID token, OpenID Connect adds structure and predictability to allow otherwise different systems to interoperate and share authentication state and user profile information.

OpenID Connect Diagram

Why is OpenID Connect important?

Identity is the key to any cloud strategy. At the core of modern authorisation is OAuth 2.0, but OAuth 2.0 lacks an authentication component. Implementing OpenID Connect on top of OAuth 2.0 completes an IAM strategy. As more and more companies need to interoperate and more identities are being populated on the internet the demand to be able to re-use these identities will also increase thus, to serve the demand of digital customers it is crucial that identity and authentication be a part of your strategy not only authorisation.