Farasath Ahamed, profile picture
Uploaded byFarasath Ahamed
PPTX, PDF152 views

OpenID Connect

This document provides an overview of OpenID Connect, which is a standard protocol for user authentication and authorization. It describes how OpenID Connect provides a secure login mechanism for applications by defining standard APIs for authentication, authorization, single sign-on, and single logout. The document explains the OpenID Connect flow, advantages of using the standard, and security aspects like signed JSON Web Tokens and preventing request tampering. It also discusses solutions built on OpenID Connect and tips for application developers in implementing authentication securely.

Embed presentation

Downloaded 10 times
OpenID Connect: Building a secure login for your apps the right way! Farasath Ahamed IAM Team, WSO2
Building an App 2
Building an application 3 ● Building user signup ● Building a login/logout mechanism (authentication and authorization) ● Building reset password / recovery ● Managing users/profiles/sessions. ● The actual app functionality.
What do we usually do wrong? 4
What do we do wrong? 5 ● Either consider security as an afterthought or end up over-engineering security. ● Baking in authentication and authorization logic into the app. ● Thinking that people will use the app as we want.
Common mistakes and misconceptions... 6
Common mistakes and misconceptions 7 ● Trying to implement personally developed security measures ○ Security loopholes ● Reinventing the wheel. ○ User stores ○ Social Login options ○ Libraries
Common mistakes and misconceptions 8 ● Not thinking about the user experience ○ Specially user signup ○ MFA ○ Not thinking about single sign on So what can we do better?
Warm Up 9
Authentication 10
Authorization 11
Single Sign On 12
Single Logout 13
Few more terms... 14 ● Identity Provider ● Service Provider
OpenID Connect? 15
OpenID Connect 16 ● Provides a standard API for login ○ Request <-> Response ○ A verifiable token containing user identity (ID Token) ○ An access token that can be used to obtain further user information ○ Access token also allows scoped authorization
OpenID Connect 17 ● Defines a standard mechanism for single logout ● Provides a standard API for client registration ● Provides a standard API for information discovery ● Build with security in mind. ● Provides an authentication + authorization layer.
The Flow 18
The OpenID Connect Login 19 Application is registered at the OP (OpenID provider) 1. Send an OpenID Connect Request to OP 2. User is authenticated at the OP 3. User is requested for consent at the OP 4. Application receives an intermediate ‘code’. 5. Application sends the code with the application authentication information. 6. The application receives an id_token + access token in the response. App verifies the id_token and completes the login
The OpenID Connect Login 20
Let’s see it action 21
OpenID Connect Login : Request 22 https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=https:// developers.google.com/oauthplayground&prompt=consent&respons e_type=code&client_id=407408718192.apps.googleusercontent.co m&scope=openid email profile https://www.googleapis.com/auth/xapi.zoo&access_type=offline
OpenID Connect Login : Authentication at OP 23
OpenID Connect Login : Consent at OP 24
OpenID Connect Login : Response 25 https://developers.google.com/oauthplayground/?code=4/6Q BptdphHUBvd7X_lpOS5N2BlPvBy1QhrTfnNGlXKr- pu3k6znBQF_s6YGjbSGibtwlUi5Q90rfqVrUgxfbqIKA&scope=o penid%20email%20profile%20https://www.googleapis.com/au th/userinfo.email%20https://www.googleapis.com/auth/userinfo .profile%20https://www.googleapis.com/auth/xapi.zoo&authuse r=0&session_state=7414bbf805e2f09026ee7065bc7358b466 60897a..d46e&prompt=consent
OpenID Connect Login : Token Request 26 POST /oauth2/v4/token HTTP/1.1 Host: www.googleapis.com Content-length: 277 content-type: application/x-www-form-urlencoded user-agent: google-oauth-playground code=4%2F6QAsx1elz4EirZXkhCRW3jrM6- A5ABq_2IrbdHDhPrfm3b6Fwhrld1gLswcBSNxNE3z- E0sg4EJA79Pxm56gIwM&redirect_uri=https%3A%2F%2Fdevelopers .google.com%2Foauthplayground&client_id=407408718192.apps.goo gleusercontent.com&client_secret=************&scope=&grant_type= authorization_code
OpenID Connect Login : Response 27 { "access_token": "ya29.GluoBu2HS6hrn7vVeTexqrW3m3i3sGLc6- kEaH_WK5aJmVtMyGMJY1kmlItrvj3S4WXd- arf199factfJVnq2Dr3GCNQsaVgCzPibWRGAZCTu18J67dAlwkuSY7a", "id_token": "eyJhbGciOiJSUzI1…….", "expires_in": 3600, "token_type": "Bearer", "scope": "https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email", "refresh_token": "1/MOMjcw6wBrJBtHY5TzIw4wGg5SRt1fJhkOlp-hZo7LQ" }
Code Flow 28
OpenID Connect Login : Code Flow 29
Implicit Flow 30
OpenID Connect Login : Implicit Flow 31
OpenID Connect Login : Code vs Implicit 32
Demo Time! 33
Why should we use OpenID Connect? 34
OpenID Connect : Why? 35 ● Let’s app and site developers authenticate users without taking on the responsibility of storing and managing passwords (Federation) ● End users have control over their data shared with the app.
OpenID Connect : Why? 36 ● It’s a well recognized industry standard / API ○ Wide range of OPs to choose from ○ Libraries ○ JSON over HTTP ○ Well tested in terms of security ○ Zero code change solutions available
OpenID Connect : Why? 37 ● Enables BYOID (Bring your own identity) ● Enables an easy path provide Single Sign On ○ Most IDPs support OpenID Connect ○ Most SaaS apps support OpenID connect
Security in OpenID Connect 38
OpenID Connect : Security Aspects 39 ● Use of signed JWTs to pass user authentication information ○ App must verify id_token sent in response ● Request objects to prevent request tampering ○ Sending request params in a signed JWT. ● ‘state’ parameter to avoid CSRF token ● ‘nonce’ parameter to avoid replay attacks
OIDC Logout 40
OIDC Session Management 41
OpenID Connect Logout 42
Back Channel 43
OpenID Connect Backchannel Logout 44
Demo Time! 45
Solutions built on top of OpenID Connect 46
Mobile Connect 47
OpenID Connect in Open Banking 48 ● Open Banking Standards are built with data security and customer consent at their heart. ● Uses OpenID Connect as the authentication and authorization layer ● Uses OpenID Connect Hybrid Flows to enforce security
Tips for Application Devs 49
Few Tips from one Dev to another 50 ● Try to use a standard APIs/solutions for authentication and authorization. ● Opensource != unsecure ● Use standard libraries. ● Think about how easy it is to migrate from one vendor to another. ● Think about the user experience (Enabling BYOID is now becoming a MUST)
Credits 51 ● All the diagrams I have used in this slide deck were generously borrowed from various blogs, websites etc. So the due credit should go to the respective authors :)

More Related Content

PPTX
Technical Considerations for Deploying FIDO Authentication
byFIDO Alliance
 
PPTX
Creating a Sign On with Open id connect
byDerek Binkley
 
PPTX
OpenID Connect and Single Sign-On for Beginners
bySalesforce Developers
 
PPTX
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
byHitachi, Ltd. OSS Solution Center.
 
PPTX
ICAM (Identity, Credential and Access management)-OpenID 2.0 Profile
byKTH-Applied Information Security Lab Kanwal
 
PPTX
OpenID Connect: An Overview
byPat Patterson
 
PDF
OpenID Connect vs. OpenID 1 & 2
byMike Schwartz
 
PDF
Full stack security
byDPC Consulting Ltd
 
Technical Considerations for Deploying FIDO Authentication
byFIDO Alliance
 
Creating a Sign On with Open id connect
byDerek Binkley
 
OpenID Connect and Single Sign-On for Beginners
bySalesforce Developers
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
byHitachi, Ltd. OSS Solution Center.
 
ICAM (Identity, Credential and Access management)-OpenID 2.0 Profile
byKTH-Applied Information Security Lab Kanwal
 
OpenID Connect: An Overview
byPat Patterson
 
OpenID Connect vs. OpenID 1 & 2
byMike Schwartz
 
Full stack security
byDPC Consulting Ltd
 

What's hot

PPTX
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
PPTX
Mit 2014 introduction to open id connect and o-auth 2
byJustin Richer
 
PPT
Understanding OpenID
byPrabath Siriwardena
 
PDF
OpenID Connect 101 @ OpenID TechNight vol.11
byNov Matake
 
PDF
Getting Started with FIDO2
byFIDO Alliance
 
PDF
FIDO2 Specifications Overview
byFIDO Alliance
 
PDF
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
PPTX
NextGenPSD2 OAuth SCA Mode Security Recommendations
byTorsten Lodderstedt
 
PDF
OpenID Connect 4 SSI (DIFCon F2F)
byTorsten Lodderstedt
 
PDF
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
byNov Matake
 
PDF
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
byMikeLeszcz
 
PPT
An Introduction to OpenID
byMax Manders
 
PPTX
MembershipReboot & Thinktecture: The Paradigms in Authentication &Authorizati...
byNur Fatihah Mat Ali
 
PDF
CIS14: OAuth and OpenID Connect in Action
byCloudIDSummit
 
PDF
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
byOWASP
 
PPTX
OpenID Foundation MODRNA WG Update
byBjorn Hjelm
 
PPTX
OpenID Connect 1.0 Explained
byEugene Siow
 
PDF
OpenID Connect - An Emperor or Just New Cloths?
byOliver Pfaff
 
PDF
OAuth 2.0 Updates #technight
byNov Matake
 
PDF
IISP01345 IA Auditor Senior_Desai
byBhavin Desai
 
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
Mit 2014 introduction to open id connect and o-auth 2
byJustin Richer
 
Understanding OpenID
byPrabath Siriwardena
 
OpenID Connect 101 @ OpenID TechNight vol.11
byNov Matake
 
Getting Started with FIDO2
byFIDO Alliance
 
FIDO2 Specifications Overview
byFIDO Alliance
 
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
byTorsten Lodderstedt
 
OpenID Connect 4 SSI (DIFCon F2F)
byTorsten Lodderstedt
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
byNov Matake
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
byMikeLeszcz
 
An Introduction to OpenID
byMax Manders
 
MembershipReboot & Thinktecture: The Paradigms in Authentication &Authorizati...
byNur Fatihah Mat Ali
 
CIS14: OAuth and OpenID Connect in Action
byCloudIDSummit
 
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
byOWASP
 
OpenID Foundation MODRNA WG Update
byBjorn Hjelm
 
OpenID Connect 1.0 Explained
byEugene Siow
 
OpenID Connect - An Emperor or Just New Cloths?
byOliver Pfaff
 
OAuth 2.0 Updates #technight
byNov Matake
 
IISP01345 IA Auditor Senior_Desai
byBhavin Desai
 

Similar to OpenID Connect

PDF
OAuth 2.0 and OpenID Connect
byJacob Combs
 
PDF
OpenID Connect Explained
byVladimir Dzhuvinov
 
PPTX
OAuth2 and OpenID with Spring Boot
byGeert Pante
 
PDF
Securing .NET Core, ASP.NET Core applications
byNETUserGroupBern
 
PPTX
Securing your APIs with OAuth, OpenID, and OpenID Connect
byManish Pandit
 
PPTX
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
byBrian Campbell
 
PDF
The OpenID Connect Protocol
byClément OUDOT
 
PDF
CIS14: Working with OAuth and OpenID Connect
byCloudIDSummit
 
PDF
Introducing OpenID 1.0 Protocol: Security and Performance
byAmin Saqi
 
PDF
Distributed Identities with OpenID
byBastian Hofmann
 
PDF
Distributed Identities with OpenID
byBastian Hofmann
 
PPTX
Lecture 20101124
byAnderson Liang
 
PPTX
RSA Europe: Future of Cloud Identity
byMike Schwartz
 
PDF
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
PDF
EduID Mobile App - Use-Cases, Concepts and Implementation
byChristian Glahn
 
PDF
OAuth: Trust Issues
byLorna Mitchell
 
PDF
Applications and deployment patterns of o auth and open id connect
byKavindu Dodanduwa
 
PPTX
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
byOpenIDFoundation
 
PDF
testupload
byadmiralderp
 
PPTX
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
byCodemotion
 
OAuth 2.0 and OpenID Connect
byJacob Combs
 
OpenID Connect Explained
byVladimir Dzhuvinov
 
OAuth2 and OpenID with Spring Boot
byGeert Pante
 
Securing .NET Core, ASP.NET Core applications
byNETUserGroupBern
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
byManish Pandit
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
byBrian Campbell
 
The OpenID Connect Protocol
byClément OUDOT
 
CIS14: Working with OAuth and OpenID Connect
byCloudIDSummit
 
Introducing OpenID 1.0 Protocol: Security and Performance
byAmin Saqi
 
Distributed Identities with OpenID
byBastian Hofmann
 
Distributed Identities with OpenID
byBastian Hofmann
 
Lecture 20101124
byAnderson Liang
 
RSA Europe: Future of Cloud Identity
byMike Schwartz
 
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
EduID Mobile App - Use-Cases, Concepts and Implementation
byChristian Glahn
 
OAuth: Trust Issues
byLorna Mitchell
 
Applications and deployment patterns of o auth and open id connect
byKavindu Dodanduwa
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
byOpenIDFoundation
 
testupload
byadmiralderp
 
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
byCodemotion
 

Recently uploaded

PDF
Data Integration with Salesforce Bootcamp
byDele Amefo
 
PDF
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
PPTX
CRM Development Company | Custom CRM Development Services
byyugababu033
 
PPTX
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
PPTX
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PDF
DSD-INT 2025 MeshKernel and D-Grid Editor - Stout
byDeltares
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PDF
Custom Software Development Presentation.pdf
byssuser9c7131
 
PDF
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
PPTX
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
PDF
Internship Project Training Report-3.pdf
byPawank36
 
PDF
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
PDF
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
PDF
DSD-INT 2025 Validation of SFINCS on Historical River Floods at the Global Sc...
byDeltares
 
PDF
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
PDF
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
PDF
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
PDF
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
PPT
Presentation on TCL/TK scripting language
byBimal Jain
 
Data Integration with Salesforce Bootcamp
byDele Amefo
 
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
CRM Development Company | Custom CRM Development Services
byyugababu033
 
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
DSD-INT 2025 MeshKernel and D-Grid Editor - Stout
byDeltares
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
Custom Software Development Presentation.pdf
byssuser9c7131
 
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
Internship Project Training Report-3.pdf
byPawank36
 
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
DSD-INT 2025 Validation of SFINCS on Historical River Floods at the Global Sc...
byDeltares
 
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
Presentation on TCL/TK scripting language
byBimal Jain
 

OpenID Connect

  • 1.
    OpenID Connect: Building asecure login for your apps the right way! Farasath Ahamed IAM Team, WSO2
  • 2.
  • 3.
    Building an application 3 ●Building user signup ● Building a login/logout mechanism (authentication and authorization) ● Building reset password / recovery ● Managing users/profiles/sessions. ● The actual app functionality.
  • 4.
    What do weusually do wrong? 4
  • 5.
    What do wedo wrong? 5 ● Either consider security as an afterthought or end up over-engineering security. ● Baking in authentication and authorization logic into the app. ● Thinking that people will use the app as we want.
  • 6.
  • 7.
    Common mistakes andmisconceptions 7 ● Trying to implement personally developed security measures ○ Security loopholes ● Reinventing the wheel. ○ User stores ○ Social Login options ○ Libraries
  • 8.
    Common mistakes andmisconceptions 8 ● Not thinking about the user experience ○ Specially user signup ○ MFA ○ Not thinking about single sign on So what can we do better?
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
    Few more terms... 14 ●Identity Provider ● Service Provider
  • 15.
  • 16.
    OpenID Connect 16 ● Providesa standard API for login ○ Request <-> Response ○ A verifiable token containing user identity (ID Token) ○ An access token that can be used to obtain further user information ○ Access token also allows scoped authorization
  • 17.
    OpenID Connect 17 ● Definesa standard mechanism for single logout ● Provides a standard API for client registration ● Provides a standard API for information discovery ● Build with security in mind. ● Provides an authentication + authorization layer.
  • 18.
  • 19.
    The OpenID ConnectLogin 19 Application is registered at the OP (OpenID provider) 1. Send an OpenID Connect Request to OP 2. User is authenticated at the OP 3. User is requested for consent at the OP 4. Application receives an intermediate ‘code’. 5. Application sends the code with the application authentication information. 6. The application receives an id_token + access token in the response. App verifies the id_token and completes the login
  • 20.
  • 21.
    Let’s see itaction 21
  • 22.
    OpenID Connect Login: Request 22 https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=https:// developers.google.com/oauthplayground&prompt=consent&respons e_type=code&client_id=407408718192.apps.googleusercontent.co m&scope=openid email profile https://www.googleapis.com/auth/xapi.zoo&access_type=offline
  • 23.
    OpenID Connect Login: Authentication at OP 23
  • 24.
    OpenID Connect Login: Consent at OP 24
  • 25.
    OpenID Connect Login: Response 25 https://developers.google.com/oauthplayground/?code=4/6Q BptdphHUBvd7X_lpOS5N2BlPvBy1QhrTfnNGlXKr- pu3k6znBQF_s6YGjbSGibtwlUi5Q90rfqVrUgxfbqIKA&scope=o penid%20email%20profile%20https://www.googleapis.com/au th/userinfo.email%20https://www.googleapis.com/auth/userinfo .profile%20https://www.googleapis.com/auth/xapi.zoo&authuse r=0&session_state=7414bbf805e2f09026ee7065bc7358b466 60897a..d46e&prompt=consent
  • 26.
    OpenID Connect Login: Token Request 26 POST /oauth2/v4/token HTTP/1.1 Host: www.googleapis.com Content-length: 277 content-type: application/x-www-form-urlencoded user-agent: google-oauth-playground code=4%2F6QAsx1elz4EirZXkhCRW3jrM6- A5ABq_2IrbdHDhPrfm3b6Fwhrld1gLswcBSNxNE3z- E0sg4EJA79Pxm56gIwM&redirect_uri=https%3A%2F%2Fdevelopers .google.com%2Foauthplayground&client_id=407408718192.apps.goo gleusercontent.com&client_secret=************&scope=&grant_type= authorization_code
  • 27.
    OpenID Connect Login: Response 27 { "access_token": "ya29.GluoBu2HS6hrn7vVeTexqrW3m3i3sGLc6- kEaH_WK5aJmVtMyGMJY1kmlItrvj3S4WXd- arf199factfJVnq2Dr3GCNQsaVgCzPibWRGAZCTu18J67dAlwkuSY7a", "id_token": "eyJhbGciOiJSUzI1…….", "expires_in": 3600, "token_type": "Bearer", "scope": "https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email", "refresh_token": "1/MOMjcw6wBrJBtHY5TzIw4wGg5SRt1fJhkOlp-hZo7LQ" }
  • 28.
  • 29.
    OpenID Connect Login: Code Flow 29
  • 30.
  • 31.
    OpenID Connect Login: Implicit Flow 31
  • 32.
    OpenID Connect Login: Code vs Implicit 32
  • 33.
  • 34.
    Why should weuse OpenID Connect? 34
  • 35.
    OpenID Connect :Why? 35 ● Let’s app and site developers authenticate users without taking on the responsibility of storing and managing passwords (Federation) ● End users have control over their data shared with the app.
  • 36.
    OpenID Connect :Why? 36 ● It’s a well recognized industry standard / API ○ Wide range of OPs to choose from ○ Libraries ○ JSON over HTTP ○ Well tested in terms of security ○ Zero code change solutions available
  • 37.
    OpenID Connect :Why? 37 ● Enables BYOID (Bring your own identity) ● Enables an easy path provide Single Sign On ○ Most IDPs support OpenID Connect ○ Most SaaS apps support OpenID connect
  • 38.
  • 39.
    OpenID Connect :Security Aspects 39 ● Use of signed JWTs to pass user authentication information ○ App must verify id_token sent in response ● Request objects to prevent request tampering ○ Sending request params in a signed JWT. ● ‘state’ parameter to avoid CSRF token ● ‘nonce’ parameter to avoid replay attacks
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
    Solutions built ontop of OpenID Connect 46
  • 47.
  • 48.
    OpenID Connect inOpen Banking 48 ● Open Banking Standards are built with data security and customer consent at their heart. ● Uses OpenID Connect as the authentication and authorization layer ● Uses OpenID Connect Hybrid Flows to enforce security
  • 49.
  • 50.
    Few Tips fromone Dev to another 50 ● Try to use a standard APIs/solutions for authentication and authorization. ● Opensource != unsecure ● Use standard libraries. ● Think about how easy it is to migrate from one vendor to another. ● Think about the user experience (Enabling BYOID is now becoming a MUST)
  • 51.
    Credits 51 ● All thediagrams I have used in this slide deck were generously borrowed from various blogs, websites etc. So the due credit should go to the respective authors :)