OpenID Connect

OpenID Connect Flows

20 January 2015 OpenID Connect

OpenID Connect presents three flows for authentication. These dictate how the authentication is handled by the OpenID Connect provider.

Authorization Code Flow

The authorization code flow returns an authorization code (like it says on the tin) that can then be exchanged for an ID token and access token. This is done via the unauthenticated front end, requiring client authentication to use a client id and secret to retrieve the tokens from the back end. This flow allows for...

Read more

OpenID Connect Endpoints

18 January 2015 OpenID Connect

OpenID Connect specifies three core endpoints that must be provided to meet its specifications and three other optional sets of endpoints that aid with automation and session management.


  • Authorize endpoint: Found in the OAuth framework, this endpoint performs authentication and authorisation. Think of it as interacting with humans, it performs the login, consent, renders a UI, etc.
  • Token endpoint: Again from OAuth, this endpoint allows the requester to get an access token, an ID token and optionally a refresh token. If the authorize endpoint is human interaction, this endpoint is machine to machine interaction (it is a web API).
  • UserInfo endpoint: New to OpenID Connect, this endpoint allows you to...
Read more

OpenID Connect Overview

15 January 2015 OpenID Connect


Much to everyone's disappointment, OAuth 2.0 is not an authentication protocol. Instead it is a protocol designed for requesting access tokens and passing them along to a third-party application, it is an authorization framework.

Over the years a lot of people have tried to turn OAuth into an authentication protocol which is why we have so many different providers, each with their own implementation depending on their view on the universe. Unsurprisingly if you look at the list of top OAuth providers it is eerily similar to the list of organisations who have been hacked in recent years. Creating your own authentication protocol is no simple task...

OpenID Connect 1.0 is a simple identity layer on top of the OAuth protocol. This allows...

Read more