📖 What is OpenID Connect (OIDC)?
OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol to verify the identity of the end-user. It allows clients to verify the identity of the end-user based on the authentication performed by an Authorization Server.
"If you see a question about "Identity" combined with "OAuth," the answer is likely OIDC. It adds the ID Token to the OAuth flow."
📚 Certification: CompTIA Security+ Certification Exam (SY0-701)
🔑 What are the Key Concepts of OpenID Connect (OIDC)?
- ▸ OIDC extends OAuth 2.0 by adding an identity layer, shifting the focus from authorization (what you can do) to authentication (who you are).
- ▸ The ID Token is a JSON Web Token (JWT) that contains claims about the authenticated user, allowing the application to verify their identity.
- ▸ The Relying Party (RP) is the client application that requests authentication and relies on the Identity Provider to validate the user's identity.
- ▸ The Identity Provider (IdP) handles the actual authentication process and issues the ID Token to the RP after a successful user login.
- ▸ Standardized scopes, such as 'openid', 'profile', and 'email', are used to request specific sets of user information during the authentication flow.
🎯 How does OpenID Connect (OIDC) appear on the SY0-701 Exam?
You may be asked to identify the protocol used when a web application allows users to sign in using an existing account from a provider like Google or Microsoft.
A scenario might describe a requirement for a modern mobile application to verify a user's identity while also obtaining a token to access a protected API.
Expect questions where you must distinguish between OAuth 2.0 and OIDC based on whether the primary goal is granting resource access or verifying user identity.
❓ Frequently Asked Questions
What is the fundamental difference between OAuth 2.0 and OIDC?
OAuth 2.0 is an authorization framework designed to grant access to resources via access tokens. OIDC is an authentication layer built on top of it that introduces the ID Token to prove the user's identity.
How does OIDC differ from SAML in a professional environment?
SAML is an XML-based standard common in legacy enterprise SSO. OIDC uses JSON and REST, making it more lightweight and better suited for modern web applications and mobile devices.
What is the role of a JWT in the OIDC process?
The JSON Web Token (JWT) serves as the ID Token. It contains digitally signed claims about the user, ensuring the Relying Party can trust the identity information without contacting the IdP again.