1 OpenID Connect landscape

This chapter covers

What is OpenID Connect and why?
How OpenID Connect differs from OpenID, SAML 2.0 Web SSO and OAuth 2.0?
What is identity federation and single-sign-on (SSO)?
The benefits of having one trusted identity provider for multiple client applications
The use cases of OpenID Connect

Even if you don’t have hands-on developer experience in integrating OpenID Connect with your web or mobile applications for login, the chances are very high that at some point in your life you have used OpenID Connect to log into some web or mobile application. If you have ever used Log in with Apple ID or Log in with Google, you have used OpenID Connect underneath. [1]

In simple terms, OpenID Connect is a standard that defines how a client application communicates with an identity provider to identify a user.[2] A client application can be single-page application, a native mobile application, a server-side web application and so on. We discuss in the rest of the book how to integrate OpenID Connect with all these types of applications.

1.1 What is OpenID Connect?

1.2 An alternative view of OpenID Connect

1.3 OpenID Connect vs. OpenID

1.4 OpenID Connect vs. OAuth 2.0

1.5 How login with Facebook works around OAuth 2.0 for authentication?

1.6 OpenID Connect vs. SAML 2.0 Web SSO

1.7 Transporting identity related attributes across multiple trust domains

1.8 Building a seamless login experience among multiple applications connected to a single identity provider

1.9 The benefits of having one trusted identity provider for multiple client applications

1.9.1 Having one trusted identity provider means you have a single source of truth

1.9.2 Having one trusted identity provider helps implementing single sign on (SSO) across multiple client applications

1.9.3 A single place to implement and configure multiple login options for user authentication

1.9.4 Having one trusted identity provider helps to bootstrap trust with external identity providers

1.9.5 Handling protocol / claim transformation between client applications and partner identity providers at a single place

1 OpenID Connect landscape

This chapter covers

1.1 What is OpenID Connect?

1.2 An alternative view of OpenID Connect

1.3 OpenID Connect vs. OpenID

1.4 OpenID Connect vs. OAuth 2.0

1.5 How login with Facebook works around OAuth 2.0 for authentication?

1.6 OpenID Connect vs. SAML 2.0 Web SSO

1.7 Transporting identity related attributes across multiple trust domains

1.8 Building a seamless login experience among multiple applications connected to a single identity provider

1.9 The benefits of having one trusted identity provider for multiple client applications

1.9.1 Having one trusted identity provider means you have a single source of truth

1.9.2 Having one trusted identity provider helps implementing single sign on (SSO) across multiple client applications

1.9.3 A single place to implement and configure multiple login options for user authentication

1.9.4 Having one trusted identity provider helps to bootstrap trust with external identity providers

1.9.5 Handling protocol / claim transformation between client applications and partner identity providers at a single place

1.10 OpenID Connect use cases

1.10.1 Login to client applications

1.10.2 Sharing attributes

1.10.3 Signup with OpenID Connect

1.10.4 Single logout

1.10.5 Identity assurance

1.10.6 Federating access to APIs

1.11 OpenID providers and client libraries