bg_image
header

OpenID Connect

OpenID Connect (OIDC) is an authentication protocol built on top of OAuth 2.0. It allows clients (like web or mobile apps) to verify the identity of a user who logs in via an external identity provider (IdP) — such as Google, Microsoft, Apple, etc.


🔐 In Short:

OAuth 2.0 → handles authorization (access to resources)
OpenID Connect → handles authentication (who is the user?)


🧱 How Does OpenID Connect Work?

  1. User clicks "Login with Google"

  2. Your app redirects the user to Google’s login page

  3. After successful login, Google redirects back with an ID token

  4. Your app validates this JWT token

  5. You now know who the user is — verified by Google


🔑 What’s Inside the ID Token?

The ID token is a JSON Web Token (JWT) containing user identity data, like:

{
  "iss": "https://accounts.google.com",
  "sub": "1234567890",
  "name": "John Doe",
  "email": "john@example.com",
  "iat": 1650000000,
  "exp": 1650003600
}
  • iss = issuer (e.g. Google)

  • sub = user ID

  • email, name = user info

  • iat, exp = issued at / expiration


🧩 Typical Use Cases

  • “Login with Google/Microsoft/Apple”

  • Single Sign-On (SSO) in organizations

  • Centralized user identity (Keycloak, Auth0, Azure AD)

  • OAuth APIs that require identity verification


🛠️ Core Components

Component Description
Relying Party Your app (requests login)
Identity Provider External login provider (e.g. Google)
ID Token JWT containing the user’s identity
UserInfo Endpoint (Optional) endpoint for additional user data

JavaScript Object Notation - JSON

JSON (JavaScript Object Notation) is a lightweight data format used for representing structured data in a text format. It is commonly used for data exchange between a server and a web application. JSON is easy for humans to read and write, and easy for machines to parse and generate.

Here are some basic features of JSON:

  1. Syntax:

    • JSON data is organized in key-value pairs.
    • A JSON object is enclosed in curly braces {}.
    • A JSON array is enclosed in square brackets [].
  2. Data Types:

    • Strings: "Hello"
    • Numbers: 123 or 12.34
    • Objects: {"key": "value"}
    • Arrays: ["element1", "element2"]
    • Booleans: true or false
    • Null: null
  3. Example:

{
    "name": "John Doe",
    "age": 25,
    "address": {
        "street": "123 Main St",
        "city": "Anytown"
    },
    "hobbies": ["reading", "writing", "traveling"]
}

In this example, the JSON object contains information about a person including their name, age, address, and hobbies.

  1. Uses:
    • Web APIs: JSON is often used in web APIs to exchange data between clients and servers.
    • Configuration files: Many applications use JSON files for configuration.
    • Databases: Some NoSQL databases like MongoDB store data in a JSON-like BSON format.

JSON has become a standard format for data exchange on the web due to its simplicity and flexibility.

 

 


JSON Web Token - JWT

A JSON Web Token (JWT) is a compact, secure, and self-describing format for exchanging information between parties. It consists of a JSON structure that has three parts: the header, the payload, and the signature.

  1. Header: The header contains metadata about the type of the token and the signature algorithm used.

  2. Payload: The payload contains the actual claims or information carried by the token. These claims can include user data, roles, permissions, etc.

  3. Signature: The signature is used to ensure that the token has not been tampered with. It is created by signing the header, payload, and a secret key (known only to the issuer of the token).

JWTs are commonly used for authentication and authorization in web applications. For example, they can be used to authenticate users after login and grant them access to specific resources by being stored in HTTP headers or HTTP cookies and exchanged between the client and the server.