OIDC was established as a standard by its membership in February 2014. OIDC provides a lightweight framework for identity interactions in a RESTful manner. The specification was developed under the OpenID Foundation and has its roots in OpenID; it was greatly affected by OAuth 2.0, because that specification was not intended for authentication. Microsoft was also a co-author of the OIDC specification.
It defines the following identity layers on top of OAuth 2.0:
- It uses two OAuth 2.0 flows:
- Authorization code flow
- Implicit flow
- Adds an ID token to OAuth 2.0 exchange
- Adds the ability to request claims using an OAuth 2.0 access token
The following roles are used:
- OpenID Connect Provider (OP): Authorization server issues the ID token
- Relying Party: Client application that requests the ID token
- ID token: Issued by the OP
- Claim: Information about the user
The following figure shows the OpenID Connect flow:
OpenID Connect flow