OpenID Connect (OIDC)
What is OpenID Connect (OIDC)?
OpenID Connect (OIDC)An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens.
OpenID Connect (OIDC) extends OAuth 2.0 with a standardized authentication protocol. In addition to OAuth access tokens, the authorization server issues an ID token — a signed JWT with claims describing the authenticated user (subject, issuer, audience, authentication time, attributes) — and exposes a UserInfo endpoint. Clients verify the token's signature, issuer, audience and expiry before trusting the identity. OIDC is the de-facto standard for web and mobile SSO, social login, and federation between identity providers. Compared to SAML it is more JSON/HTTP-friendly, easier to use on mobile and APIs, and supports modern features like PKCE, pairwise subject identifiers and DPoP for sender-constrained tokens.
● Examples
- 01
A web app using "Sign in with Microsoft" via OIDC to authenticate corporate users.
- 02
A mobile app validating an ID token from Auth0 before granting access to user data.
● Frequently asked questions
What is OpenID Connect (OIDC)?
An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens. It belongs to the Identity & Access category of cybersecurity.
What does OpenID Connect (OIDC) mean?
An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens.
How do you defend against OpenID Connect (OIDC)?
Defences for OpenID Connect (OIDC) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for OpenID Connect (OIDC)?
Common alternative names include: OIDC.