- 04 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
OpenID Connect
- Updated on 04 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the end-user based on the authentication performed by an authorization server as well as to obtain necessary profile information about the end-user in an interoperable and REST-like manner.
OpenID Connect allows clients of all types, including web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, the discovery of OpenID providers, and session management when it makes sense for them.
OpenID Connect (OIDC) is an authentication protocol based on the OAuth 2.0 family of specifications. It uses simple JSON Web Tokens (JWT), which you can obtain using flows conforming to the OAuth 2.0 specifications.
While OAuth 2.0 is about resource access and sharing, OIDC is all about user authentication. By layering OpenID Connect on top of OAuth2, the identity semantic comes into play, and OAuth2 becomes identity aware, enabling things like single sign-on and personal profile information sharing.
Authenticating the user
Authenticating the user involves obtaining an ID token and validating it. ID tokens are a standardized feature of OpenID Connect designed for use in sharing identity assertions on the Internet.
Obtaining the token requires an authentication step where the users log in with their Visma account after which they are asked whether they are willing to grant the permissions that your application is requesting. This process is called user consent.
If the signed in user grants the permission, the Visma Connect Authorization Server sends your application an authorization code at the callback endpoint that you defined in the Redirect URI section of your app. This authorization code can be exchanged to obtain an ID token and the Access Token.