What is OIDC and How Does It Differ from OAuth 2.0?

OIDC or OpenID Connect is the identity protocol utilizing both authentication and authorization techniques from OAuth 2.0. The OIDC has brought the specification that is utilized by many identity providers over the internet.
OIDC was developed by OpenID Foundation, which involves several large Conglomerates, such as Google and Microsoft. While OAuth 2.0 is an authorization protocol, the OIDC is an identity authentication protocol. The OIDC is necessary for secure and simple user logins, identifying users to client service and providing access.
OpenID Authentication and OAuth 2.0

The extensions in OpenID are special scores where the extra token utilized encapsulates the identity in JSON format. OpenID has OAuth 2.0 as the base protocol. But it focuses solely on authentication rather than authorization.

Try it Free

OpenID and Its Principles

The OIDC identity provider performs the following steps – user authentication, user consent, and token supply. The client requesting a user’s identity is called the Relying Party (RP). OpenID Connect evolved on the base structure of OAuth 2.0; there are the following types of tokens to provide identity authentication with the authorizing framework:

Artboard 1
ID Token

With respect to OIDC, the ID token is in JWT format providing information regarding the authentication operation. The identity data consisting of the user profile is provided with the ID token.

Access Token

The access token is defined by OAuth 2.0; the token only exists for a limited time and provides access to the user resources when requested by the authorization server.

Refresh Token
Refresh Token

These are taken from OAuth 2.0, where the lifetime access is longer and can be utilized to obtain new access tokens.

OIDC Flows
OIDC Flows

Multiple flow choices are categorized over the application types and security requirements. The following mentioned are common ones:

Implicit Flows
Implicit Flow

The implicit flow is used by Single Page Applications (SPAs); the tokens in this flow are directly returned to the RP through an indirect URL.

Authorization Code Flows
Authorization Code Flow

The authorization code flow is comparatively more secure than the implicit flow, and the tokens are not directly returned. The SPA and native applications' security is enhanced with generated private keys.

Hybrid Flows
Hybrid Flow

Combination of both implicit and authorization code flow makes the Hybrid Flow. The ID Token here is directly returned to the RP, whereas the access token is not. The authorization code makes an exchange with an access token for hybrid flow.

OmniDefend supports OpenID Connect and is configures single sign-on (SSO) with websites that support OpenID connect providers. Eliminate the hassle of the user ID and password credentials, and switch with biometrics, OTP, PIN, smart cards, or phone push notifications-based authentication methods. Make authentication simple, easy, convenient, and secure with OmniDefend SSO using OpenID Connect.