definition of terms

OpenID Connect (OIDC) is a modern, open authentication protocol based on the OAuth 2.0 standard. It allows users to log in securely and conveniently to various applications with just one central login service (identity provider, or IdP for short). OpenID Connect extends OAuth 2.0 with a standardized method for authenticating users. While OAuth 2.0 is primarily intended for authorization (access rights to resources), OIDC adds a layer for identity verification: the so-called ID token.

How does OpenID Connect work?

User wants to log in: The application (client) redirects the user to the identity provider.

Login at the IdP: The user authenticates themselves there (e.g., with a password, MFA, etc.).

Token return: The IdP returns an ID token (usually in JWT format) that confirms the user's identity.

Verification and use: The application verifies the token and logs the user in.

key components

ID token: Proves the identity of the user. Contains claims such as name, email, "sub" (subject identifier), and other attribute-based information.

Authorization Server: Performs authentication and issues tokens (e.g., ID tokens, access tokens). It is the central entity in the OpenID Connect flow.

Relying Party (RP): The application or service that trusts the identity provider's authentication and evaluates the ID token.

Scopes: Define what information and permissions may be requested—e.g., "openid," "profile," "email."

Advantages of OpenID Connect

OpenID Connect offers a number of key advantages for modern web and cloud applications:

• High security: By using current security standards, token-based procedures, and supporting multi-factor authentication, OIDC is robust against common threats such as phishing or token replay attacks.
• Improved user-friendliness: Thanks to single sign-on (SSO), users only need to log in once to access multiple services.
• Standardization and interoperability: As an open protocol, OIDC is natively supported by numerous platforms, frameworks, and tools. This facilitates integration and reduces dependence on proprietary solutions.
• Scalability: OIDC is equally suitable for small web projects and complex, distributed system landscapes with microservices or cloud infrastructures.
• Developer- friendliness: Many modern development platforms, including Google, Microsoft Entra ID, and Auth0, support OIDC out-of-the-box. This significantly reduces the implementation effort.

Conclusion

OpenID Connect combines security, user-friendliness, and interoperability in a standardized authentication protocol. Thanks to its broad support, easy integration, and scalability, OIDC is now the De for secure login procedures in modern web and cloud applications.