Source: https://www.slideshare.net/mraible/what-the-heck-is-oauth-and-openid-connect-dosug-2018?qid=e9ca62c0-5a2c-428b-9a83-44bc2b97e11f&v=&b=&from_search=7

OpenID Connect is based on top of Oauth 2.0.

Gaps in Oauth 2.0 access token. Still in the access token - some parts are missing. It just proves, that the Client user was authorized

Oauth 2.0 access token

{
	"access_token" : "2asfasgagsddsasdA" ,
	"token_type" : "Bearer", 
	"expires_in" : 3600,
	"refresh_token" : "tGkjkj3r23jkKJJKkkjJ"
}

OpenID Connect Extends OAuth 2.0 with new signed id_token for the Client and UserInfo endpoint to fetch user attributes

Provides a standard set of scopes and claims for identities

• profile
• email
• address
• phone

Built-in registration, discovery & metadata for dynamic federations Bring Your Own Identity (BYOI)

Supports high assurance levels and key SAML use cases (enterprise) OAuth 2.0 + Facebook Connect + SAML 2.0 (good parts)

OIDC Access Token. The important parts is: “id_token” : “eyJKHkjkjsafLKHLJh81298eolkjKJkjhhg….”

{
	"access_token" : "2asfasgagsddsasdA" ,
	"token_type" : "Bearer", 
	"expires_in" : 3600,
	"refresh_token" : "tGkjkj3r23jkKJJKkkjJ",
	"id_token" : "eyJKHkjkjsafLKHLJh81298eolkjKJkjhhg...."
}