Differences

This shows you the differences between two versions of the page.

--- security:oidc [2023/11/01 07:13] – removed - external edit (Unknown date) 127.0.0.1
+++ security:oidc [2023/11/01 07:13] (current) – ↷ Page moved from business_process_management:camunda:security:oidc to security:oidc skipidar
@@ Line 1: / Line 1: @@
+===== Open ID Connect - OIDC =====
+Source: https://www.slideshare.net/mraible/what-the-heck-is-oauth-and-openid-connect-dosug-2018?qid=e9ca62c0-5a2c-428b-9a83-44bc2b97e11f&v=&b=&from_search=7
+OpenID Connect is based on top of Oauth 2.0.
+Gaps in Oauth 2.0 access token.
+Still in the access token - some parts are missing.
+It just proves, that the Client user was authorized
+Oauth 2.0 access token
+<code>
+{
+	"access_token" : "2asfasgagsddsasdA" ,
+	"token_type" : "Bearer",
+	"expires_in" : 3600,
+	"refresh_token" : "tGkjkj3r23jkKJJKkkjJ"
+}
+</code>
+**OpenID Connect Extends OAuth 2.0 with new signed id_token** for the Client and UserInfo endpoint to fetch user attributes
+Provides a standard set of scopes and claims for identities
+  * profile
+  * email
+  * address
+  * phone
+Built-in registration, discovery & metadata for dynamic federations
+Bring Your Own Identity (BYOI)
+Supports high assurance levels and key SAML use cases (enterprise) OAuth 2.0 + Facebook Connect + SAML 2.0 (good parts)
+OIDC Access Token. The important parts is:
+**"id_token" : "eyJKHkjkjsafLKHLJh81298eolkjKJkjhhg...."
+**
+<code>
+{
+	"access_token" : "2asfasgagsddsasdA" ,
+	"token_type" : "Bearer",
+	"expires_in" : 3600,
+	"refresh_token" : "tGkjkj3r23jkKJJKkkjJ",
+	"id_token" : "eyJKHkjkjsafLKHLJh81298eolkjKJkjhhg...."
+}
+</code>
+{{https://lh3.googleusercontent.com/-nhzeGZtoHGo/XAA0BUHo_QI/AAAAAAAABoo/ge69QYzeHM8_QwpRZXj0O8YAuk0EF9TlACHMYCw/s0/2018-11-29_19-46-27.png}}