OpenID Connect (OIDC) is an authentication protocol built on top of OAuth 2.0. It allows clients (like web or mobile apps) to verify the identity of a user who logs in via an external identity provider (IdP) — such as Google, Microsoft, Apple, etc.
OAuth 2.0 → handles authorization (access to resources)
OpenID Connect → handles authentication (who is the user?)
User clicks "Login with Google"
Your app redirects the user to Google’s login page
After successful login, Google redirects back with an ID token
Your app validates this JWT token
You now know who the user is — verified by Google
The ID token is a JSON Web Token (JWT) containing user identity data, like:
{
"iss": "https://accounts.google.com",
"sub": "1234567890",
"name": "John Doe",
"email": "john@example.com",
"iat": 1650000000,
"exp": 1650003600
}
iss
= issuer (e.g. Google)
sub
= user ID
email
, name
= user info
iat
, exp
= issued at / expiration
“Login with Google/Microsoft/Apple”
Single Sign-On (SSO) in organizations
Centralized user identity (Keycloak, Auth0, Azure AD)
OAuth APIs that require identity verification
Component | Description |
---|---|
Relying Party | Your app (requests login) |
Identity Provider | External login provider (e.g. Google) |
ID Token | JWT containing the user’s identity |
UserInfo Endpoint | (Optional) endpoint for additional user data |
JSON (JavaScript Object Notation) is a lightweight data format used for representing structured data in a text format. It is commonly used for data exchange between a server and a web application. JSON is easy for humans to read and write, and easy for machines to parse and generate.
Here are some basic features of JSON:
Syntax:
{}
.[]
.Data Types:
"Hello"
123
or 12.34
{"key": "value"}
["element1", "element2"]
true
or false
null
Example:
{
"name": "John Doe",
"age": 25,
"address": {
"street": "123 Main St",
"city": "Anytown"
},
"hobbies": ["reading", "writing", "traveling"]
}
In this example, the JSON object contains information about a person including their name, age, address, and hobbies.
JSON has become a standard format for data exchange on the web due to its simplicity and flexibility.
A JSON Web Token (JWT) is a compact, secure, and self-describing format for exchanging information between parties. It consists of a JSON structure that has three parts: the header, the payload, and the signature.
Header: The header contains metadata about the type of the token and the signature algorithm used.
Payload: The payload contains the actual claims or information carried by the token. These claims can include user data, roles, permissions, etc.
Signature: The signature is used to ensure that the token has not been tampered with. It is created by signing the header, payload, and a secret key (known only to the issuer of the token).
JWTs are commonly used for authentication and authorization in web applications. For example, they can be used to authenticate users after login and grant them access to specific resources by being stored in HTTP headers or HTTP cookies and exchanged between the client and the server.