OpenID Connect (OIDC) Authentication
OpenID Connect (OIDC) is an identity authentication protocol that is an extension of OAuth 2.0. It standardizes the process for authenticating and authorizing users when they sign in to access digital services.OIDC provides authentication, which means verifying that users are who they say they are.
Key components of OIDC include:
- Authentication: Verifying that the user is who they say they are.
- Client: The software, such as a website or application, that requests tokens used to authenticate a user or access a resource.
- Relying Parties: Applications that use OpenID providers to authenticate users.
- Identity Tokens: Contain identity data including the outcome of the authentication process, an identifier for the user, and information about how and when the user is authenticated.
- OpenID Providers: Applications for which a user already has an account. Their role in OIDC is to authenticate the user and pass that information on to the relying party.
- Users: People or services that seek to access an application without creating a new account or providing a username and password.
JSON Web Token (JWT) Authentication
JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
JWTs are useful in scenarios such as:
- Authorization: Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token.
- Information Exchange: JWTs are a good way of securely transmitting information between parties. Because JWTs can be signed, you can be sure the senders are who they say they are.
JWTs consist of three parts:
- Header: The type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
- Payload: Contains the claims, which are statements about an entity (typically, the user) and additional data.
- Signature: Created using a secret key.
For more detailed information, you can refer to the following resources:
- What Is OpenID Connect (OIDC)? | Microsoft Security
- How OpenID Connect Works - OpenID Foundation
- JSON Web Token Introduction - jwt.io
- JWT authentication: Best practices and when to use it
- What Is JWT? How Does It Work? | Akana by Perforce
Supported OIDC Providers :
The Wallet API supports the following OIDC providers: