oi10:console:openid_connect

OpenID Connect

OpenID Overview

OpenID was designed as an open protocol for single sign on solutions. OpenID clients could redirect users to OpenID providers (such as Google, Yahoo, and many others) for authorization and login; the information returned after successful login could then be associated with an O4W user, or the information for a generic "OpenID user" could then be used for the current session. Note: OpenID has been phased out, or is being phased out, in favor of OpenID Connect by many providers (such as Google).

OpenID Connect Overview

OpenID Connect (OIDC) is the latest framework designed to allow single sign on functionality across the internet. OIDC Providers (such as Google, eBay, AOL, and others) are used to log in and validate users for OIDC clients (also called "Relying Parties"). O4W can act as an OIDC client, allowing developers and site administrators to specify one or more OIDC Providers that they wish to use. If an end user selects to log in with one of the OIDC Providers, they will be prompted to log in (if not already logged in) to the OIDC Provider web site, and allow O4W (or another application name, if the developer/site administrator has specified one) access to their user information.

Normally, the developer/site administrator will register their application with the OIDC Provider(s) they wish to support; for example, to use "Login with Google+", the developer must visit Google's "Developers Console" and create a project (currently found at https://console.developers.google.com/project). This is different than the previous version of OpenID, which did not require any "pre-registration"; OIDC requires either pre-registration (or, if the OIDC Provider supports it) dynamic registration, to enhance user security.

As mentioned, OIDC allows for several optional capabilities, which may or may not be supported by a particular OIDC Provider. In addition to dynamic registration, OIDC defines the ability to dynamically resolve which provider should be used by the entry of the end user's email address, or the URL of the OIDC Provider. Note that while O4W includes this functionality, at this time, most providers do not support it.

  • oi10/console/openid_connect.txt
  • Last modified: 2023/10/25 10:49
  • by 127.0.0.1