OIDC (OpenID Connect)

What it is:

OpenID Connect (OIDC) is an identity layer built on top of OAuth2 that provides authentication in addition to authorization. While OAuth2 issues tokens for secure delegated access, OIDC extends it by delivering standardized ID Tokens that include verified user identity claims. It has become the de facto standard for modern IAM and CIAM, enabling federated authentication across cloud, mobile, and API-driven ecosystems.

Why it matters:

OIDC simplifies authentication for web and mobile apps by using a lightweight JSON-based protocol that integrates seamlessly with OAuth2. For enterprises, it provides a secure and standardized way to deliver Single Sign-On (SSO), reduce password fatigue, and enable password-less and adaptive journeys. In regulated environments like banking and fintech, OIDC supports compliance with PSD2, Open Banking, and identity assurance requirements, making it a critical component in IAM Modernization, Hybrid Identity, and Cloud Migration initiatives.

How it works:

• ID Token Exchange: During an OAuth2 Authorization Code flow, the Identity Provider (IdP) issues both an Access Token and an ID Token. The ID Token contains identity claims (e.g., username, email, authentication time) in a signed JWT(JSON Web Token) format.

• Authentication Federation: Applications validate the ID Token and use its claims to authenticate users without directly handling passwords.

• UserInfo Endpoint: OIDC provides a standard API endpoint to retrieve user attributes securely, enabling rich IAM Journeys and personalization.

• Integration Flexibility: OIDC works with MFA, FIDO2, and Adaptive Security to enable strong, context-aware authentication experiences for both workforce and customers.