OIDC

What is OIDC

OIDC = (Identity, Authentication) + OAuth 2.0. It builds an identity layer on top of OAuth 2.0 and is a standard identity authentication protocol based on the OAuth2 protocol. As we all know, OAuth2 is an authorization protocol that cannot provide comprehensive identity authentication functionality. OIDC uses the OAuth2.0 authorization server to provide user identity authentication for third-party clients and passes the corresponding identity authentication information to the client. It is suitable for various types of clients (such as server applications, mobile apps, JS applications) and is fully compatible with OAuth2.0.

Advantages of OIDC

Identity Authentication and Authorization. OAuth2 is not an identity authentication (Authorization) protocol, while OIDC (OpenId Connect) can perform identity authentication (Authorization). OIDC (OpenID Connect) is Authentication, which verifies the user's identity to determine if it is valid, essentially letting the website know "you are the user you claim to be"; OAuth is Authorization, which, knowing the user's identity is legitimate, allows certain operations upon user authorization, essentially letting the website know "what you are permitted to do." Thus, authorization follows authentication; only after confirming the user's identity can authorization be granted.

OIDC Illustrated