OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. OpenID Connect is all about authentication. It allows clients to verify end users, based on the authentication that was performed by an authorization server. It is also used to obtain basic profile information about the end user, in an interoperable and REST-like manner.
OpenID Connect allows clients of all types—web-based, mobile, and JavaScript—to request and receive information about authenticated sessions and end users. We know that OAuth 2.0 defines access tokens. Well, OpenID Connect defines a standardized identity token (commonly referred to as the ID token). The identity token is sent to the application, so that the application can validate who the user is. It defines an endpoint to get identity information for that user, such as their name or...