Open ID protocol
Last updated
Last updated
Open ID is an open standard and decentralized authentication protocol. It is an authentication layer on top of OAuth 2.0. OpenID allows users to use an existing account to sign in to multiple websites, without needing to create new passwords. The user creates accounts by selecting an OpenID identity provider, and then uses those accounts to sign onto any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites according to the OpenID Foundation.
Open ID Connection requires 3 actors:
Open ID Provider - It is an Authorization Server capable of authenticating an end-user and providing the requisite information to the application requesting the information.
Relying Party - The client application requests end-user authentication and information about the end-user.
End-User - The human participant being authenticated and about whom the relying party is requesting information.
From version 4.0.19.10 IAM2 in ONEWEB accepts Open ID authentication. The current version supports only 4 response types: Code, Access Token, ID Token & none.
Response Type: Code When the response type is set as code, an authorization code is returned. The Relying Party’s server component can then exchange the code for the required tokens.
Response Type: Token When the response type is set as a token, it triggers an implicit flow and returns the Access Token directly to the Relying Party. An access token is a credential used to access protected resources. Access tokens represent specific scopes and durations of access.
Response Type: ID Token When the response type is set as id_token, it triggers an implicit flow and returns the ID Token directly to the Relying Party. The ID token contains the claims about the authentication of an End User and their identity. It may optionally contain other data about the End User. A Relying Party wishing to obtain further data about the End User need to present the access token they obtained to the user info endpoint.
Response Type: none When the response type is set as none, the requester doesn’t want any of the above to be returned to them.
The “none” response type is a special case in that it cannot be combined with any of the others. The other three can be combined in any way that you want. But the current version of IAM2 does not support the combination response types. For using combination response types please wait for the future releases of IAM2.
Once the client id is registered with ONEWEB, users can implement open ID authentication through IAM2 as shown in the sample request below
