===== Open ID Connect - OIDC =====

Source: https://www.slideshare.net/mraible/what-the-heck-is-oauth-and-openid-connect-dosug-2018?qid=e9ca62c0-5a2c-428b-9a83-44bc2b97e11f&v=&b=&from_search=7

OpenID Connect is based on top of Oauth 2.0.

Gaps in Oauth 2.0 access token.
Still in the access token - some parts are missing.
It just proves, that the Client user was authorized


Oauth 2.0 access token
<code>
{
	"access_token" : "2asfasgagsddsasdA" ,
	"token_type" : "Bearer", 
	"expires_in" : 3600,
	"refresh_token" : "tGkjkj3r23jkKJJKkkjJ"
}
</code>

**OpenID Connect Extends OAuth 2.0 with new signed id_token** for the Client and UserInfo endpoint to fetch user attributes 

Provides a standard set of scopes and claims for identities 
  * profile 
  * email 
  * address 
  * phone 

Built-in registration, discovery & metadata for dynamic federations 
Bring Your Own Identity (BYOI) 

Supports high assurance levels and key SAML use cases (enterprise) OAuth 2.0 + Facebook Connect + SAML 2.0 (good parts)

OIDC Access Token. The important parts is: 
**"id_token" : "eyJKHkjkjsafLKHLJh81298eolkjKJkjhhg...."
**
<code>
{
	"access_token" : "2asfasgagsddsasdA" ,
	"token_type" : "Bearer", 
	"expires_in" : 3600,
	"refresh_token" : "tGkjkj3r23jkKJJKkkjJ",
	"id_token" : "eyJKHkjkjsafLKHLJh81298eolkjKJkjhhg...."
}
</code>


{{https://lh3.googleusercontent.com/-nhzeGZtoHGo/XAA0BUHo_QI/AAAAAAAABoo/ge69QYzeHM8_QwpRZXj0O8YAuk0EF9TlACHMYCw/s0/2018-11-29_19-46-27.png}}