Pat Patterson, profile picture
Uploaded byPat Patterson
PPTX, PDF13,394 views

OpenID Connect: An Overview

OpenID Connect is a simple identity layer that allows clients like mobile or web apps to verify user identities based on an authentication performed by an authorization server, as well as obtain basic profile information about users. It is built on OAuth 2.0 and defined by the OpenID Foundation. The specification defines core features as well as optional discovery, dynamic registration, session management, and OAuth 2.0 response types. Major companies like Google, Salesforce, and Microsoft have implemented or are deploying OpenID Connect to provide single sign-on for web and mobile clients.

Embed presentation

Downloaded 339 times
OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy
What is OpenID Connect? Simple Identity Layer for the Internet [OpenID Connect] allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
What is OpenID Connect? • Specification defined by OpenID Foundation ‘Connect’ Work Group – NRI, Ping Identity, Microsoft, Google, Salesforce etc • Built on OAuth 2.0 • REST-based • Successor to SAML?
OpenID Connect Status • ‘Nearly complete’ – Second set of OpenID Connect Implementer’s Drafts approved in July, 2013 – Interop testing under way – Waiting for dependencies to be standardized • JWT, JWS etc
OpenID Connect Specification • OpenID Connect 1.0 Specification – Core – Discovery (optional) – Dynamic Registration (optional) – Session Management (optional) – OAuth 2.0 Multiple Response Types • Implementer’s Guides – Basic Client Profile – Implicit Client Profile
OpenID Connect Roles Web-based, mobile, or JavaScript Clients verify the identity of End-Users based on authentication performed by an Authorization Server.
OpenID Connect Basic Client Profile
OpenID Connect Implicit Client Profile
OpenID Connect Token Response { "access_token":"SlAV32hkKG", "token_type":"Bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... ZXso” } • id_token is a JSON Web Token (JWT) – Signed, URL/filename-safe base64 encoded JSON data
OpenID Connect ID Token { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "exp": 1311281970, "iat": 1311280970 } • Issuer, Subject, Audience, Expiry, Issued At • Also optional email, auth_time, nonce etc
Who is Deploying OpenID Connect? • Services: Google, Salesforce, eBay, AOL, Deutsche Telekom, Orange • Vendors: IBM, Microsoft, Ping Identity, Layer 7, ForgeRock, Gluu, MITRE, NRI
OpenID Connect in Action • Client: Salesforce Community • Auth Server: Google • End User: Me!
Salesforce Community Login Page
Google Login Page
Google Authorization Page
Salesforce Community Home Page
Questions? Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy

More Related Content

PDF
Introduction to OpenID Connect
byNat Sakimura
 
PPT
OAuth 2.0 and OpenId Connect
bySaran Doraiswamy
 
PPTX
OAuth 2
byChrisWood262
 
PDF
OAuth 2.0 and OpenID Connect
byJacob Combs
 
PPTX
An Introduction to OAuth2
byAaron Parecki
 
PDF
OpenID Connect Explained
byVladimir Dzhuvinov
 
PDF
OAuth & OpenID Connect Deep Dive
byNordic APIs
 
PPTX
An Introduction to OAuth 2
byAaron Parecki
 
Introduction to OpenID Connect
byNat Sakimura
 
OAuth 2.0 and OpenId Connect
bySaran Doraiswamy
 
OAuth 2
byChrisWood262
 
OAuth 2.0 and OpenID Connect
byJacob Combs
 
An Introduction to OAuth2
byAaron Parecki
 
OpenID Connect Explained
byVladimir Dzhuvinov
 
OAuth & OpenID Connect Deep Dive
byNordic APIs
 
An Introduction to OAuth 2
byAaron Parecki
 

What's hot

PDF
SAML VS OAuth 2.0 VS OpenID Connect
byUbisecure
 
ODP
OAuth2 - Introduction
byKnoldus Inc.
 
PPTX
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
PPTX
OAuth2 + API Security
byAmila Paranawithana
 
PPTX
IdP, SAML, OAuth
byDan Brinkmann
 
PDF
OAuth 2.0
byUwe Friedrichsen
 
PDF
Token, token... From SAML to OIDC
byShiu-Fun Poon
 
PDF
Introduction to SAML & OIDC
byForgeRock Identity Tech Talks
 
PDF
FIDO UAF 1.0 Specs: Overview and Insights
byFIDO Alliance
 
PPTX
OpenId Connect Protocol
byMichael Furman
 
PDF
Demystifying OAuth 2.0
byKarl McGuinness
 
PDF
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
PDF
OpenID Connect 4 SSI
byTorsten Lodderstedt
 
PPTX
API Security : Patterns and Practices
byPrabath Siriwardena
 
PDF
REST API Authentication Methods.pdf
byRubersy Ramos García
 
PPTX
Rest API Security
byStormpath
 
PDF
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
byVinay Manglani
 
PDF
OpenID for Verifiable Credentials
byTorsten Lodderstedt
 
PDF
JSON WEB TOKEN
byKnoldus Inc.
 
PDF
OWASP Top 10 API Security Risks
byIndusfacePvtLtd
 
SAML VS OAuth 2.0 VS OpenID Connect
byUbisecure
 
OAuth2 - Introduction
byKnoldus Inc.
 
Intro to OAuth2 and OpenID Connect
byLiamWadman
 
OAuth2 + API Security
byAmila Paranawithana
 
IdP, SAML, OAuth
byDan Brinkmann
 
OAuth 2.0
byUwe Friedrichsen
 
Token, token... From SAML to OIDC
byShiu-Fun Poon
 
Introduction to SAML & OIDC
byForgeRock Identity Tech Talks
 
FIDO UAF 1.0 Specs: Overview and Insights
byFIDO Alliance
 
OpenId Connect Protocol
byMichael Furman
 
Demystifying OAuth 2.0
byKarl McGuinness
 
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
OpenID Connect 4 SSI
byTorsten Lodderstedt
 
API Security : Patterns and Practices
byPrabath Siriwardena
 
REST API Authentication Methods.pdf
byRubersy Ramos García
 
Rest API Security
byStormpath
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
byVinay Manglani
 
OpenID for Verifiable Credentials
byTorsten Lodderstedt
 
JSON WEB TOKEN
byKnoldus Inc.
 
OWASP Top 10 API Security Risks
byIndusfacePvtLtd
 

Similar to OpenID Connect: An Overview

PDF
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
byMikeLeszcz
 
PDF
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
PDF
OpenID Connect primer
bynob f
 
PDF
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
byMikeLeszcz
 
PDF
OpenID Foundation Connect Working Group Update - October 22, 2018
byOpenIDFoundation
 
PPTX
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
byBrian Campbell
 
PPTX
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
byOpenIDFoundation
 
PDF
CIS13: Introduction to OpenID Connect
byCloudIDSummit
 
PPTX
IAM Overview Identiverse 2018
byBrian Campbell
 
PDF
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
byCloudIDSummit
 
PDF
OpenID Connect vs. OpenID 1 & 2
byMike Schwartz
 
PDF
OpenID Connect - An Emperor or Just New Cloths?
byOliver Pfaff
 
PDF
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
byOpenID Foundation Japan
 
PPTX
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
byOpenAthens
 
PDF
OpenID Connect for Identity Assurance
byTorsten Lodderstedt
 
PDF
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
byOpenIDFoundation
 
PPTX
Hope or Hype: A Look at the Next Generation of Identity Standards
byBrian Campbell
 
PDF
CIS14: Working with OAuth and OpenID Connect
byCloudIDSummit
 
PPTX
Social Single Sign-On with OpenID Connect
byJames Melville
 
PPTX
RSA Europe: Future of Cloud Identity
byMike Schwartz
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
byMikeLeszcz
 
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
OpenID Connect primer
bynob f
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
byMikeLeszcz
 
OpenID Foundation Connect Working Group Update - October 22, 2018
byOpenIDFoundation
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
byBrian Campbell
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
byOpenIDFoundation
 
CIS13: Introduction to OpenID Connect
byCloudIDSummit
 
IAM Overview Identiverse 2018
byBrian Campbell
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
byCloudIDSummit
 
OpenID Connect vs. OpenID 1 & 2
byMike Schwartz
 
OpenID Connect - An Emperor or Just New Cloths?
byOliver Pfaff
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
byOpenID Foundation Japan
 
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
byOpenAthens
 
OpenID Connect for Identity Assurance
byTorsten Lodderstedt
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
byOpenIDFoundation
 
Hope or Hype: A Look at the Next Generation of Identity Standards
byBrian Campbell
 
CIS14: Working with OAuth and OpenID Connect
byCloudIDSummit
 
Social Single Sign-On with OpenID Connect
byJames Melville
 
RSA Europe: Future of Cloud Identity
byMike Schwartz
 

More from Pat Patterson

PPTX
DevOps from the Provider Perspective
byPat Patterson
 
PPTX
How Imprivata Combines External Data Sources for Business Insights
byPat Patterson
 
PPTX
Data Integration with Apache Kafka: What, Why, How
byPat Patterson
 
PPTX
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
byPat Patterson
 
PPTX
Dealing with Drift: Building an Enterprise Data Lake
byPat Patterson
 
PPTX
Integrating with Einstein Analytics
byPat Patterson
 
PPTX
Efficient Schemas in Motion with Kafka and Schema Registry
byPat Patterson
 
PPTX
Dealing With Drift - Building an Enterprise Data Lake
byPat Patterson
 
PPTX
Building Data Pipelines with Spark and StreamSets
byPat Patterson
 
PPTX
Adaptive Data Cleansing with StreamSets and Cassandra
byPat Patterson
 
PDF
Building Custom Big Data Integrations
byPat Patterson
 
PPTX
Ingest and Stream Processing - What will you choose?
byPat Patterson
 
PPTX
Open Source Big Data Ingestion - Without the Heartburn!
byPat Patterson
 
PPTX
Ingest and Stream Processing - What will you choose?
byPat Patterson
 
PPTX
All Aboard the Boxcar! Going Beyond the Basics of REST
byPat Patterson
 
PPTX
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
byPat Patterson
 
PPTX
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
byPat Patterson
 
PPTX
Enterprise IoT: Data in Context
byPat Patterson
 
PPTX
OData: A Standard API for Data Access
byPat Patterson
 
PPTX
API-Driven Relationships: Building The Trans-Internet Express of the Future
byPat Patterson
 
DevOps from the Provider Perspective
byPat Patterson
 
How Imprivata Combines External Data Sources for Business Insights
byPat Patterson
 
Data Integration with Apache Kafka: What, Why, How
byPat Patterson
 
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
byPat Patterson
 
Dealing with Drift: Building an Enterprise Data Lake
byPat Patterson
 
Integrating with Einstein Analytics
byPat Patterson
 
Efficient Schemas in Motion with Kafka and Schema Registry
byPat Patterson
 
Dealing With Drift - Building an Enterprise Data Lake
byPat Patterson
 
Building Data Pipelines with Spark and StreamSets
byPat Patterson
 
Adaptive Data Cleansing with StreamSets and Cassandra
byPat Patterson
 
Building Custom Big Data Integrations
byPat Patterson
 
Ingest and Stream Processing - What will you choose?
byPat Patterson
 
Open Source Big Data Ingestion - Without the Heartburn!
byPat Patterson
 
Ingest and Stream Processing - What will you choose?
byPat Patterson
 
All Aboard the Boxcar! Going Beyond the Basics of REST
byPat Patterson
 
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
byPat Patterson
 
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
byPat Patterson
 
Enterprise IoT: Data in Context
byPat Patterson
 
OData: A Standard API for Data Access
byPat Patterson
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
byPat Patterson
 

Recently uploaded

PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PDF
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
Making Search Less Taxing: Leveraging Semantics and Keywords in Hybrid Search
byEnterprise Knowledge
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
Making Search Less Taxing: Leveraging Semantics and Keywords in Hybrid Search
byEnterprise Knowledge
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 

OpenID Connect: An Overview

  • 1.
    OpenID Connect: AnOverview Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy
  • 2.
    What is OpenIDConnect? Simple Identity Layer for the Internet [OpenID Connect] allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
  • 3.
    What is OpenIDConnect? • Specification defined by OpenID Foundation ‘Connect’ Work Group – NRI, Ping Identity, Microsoft, Google, Salesforce etc • Built on OAuth 2.0 • REST-based • Successor to SAML?
  • 4.
    OpenID Connect Status •‘Nearly complete’ – Second set of OpenID Connect Implementer’s Drafts approved in July, 2013 – Interop testing under way – Waiting for dependencies to be standardized • JWT, JWS etc
  • 5.
    OpenID Connect Specification •OpenID Connect 1.0 Specification – Core – Discovery (optional) – Dynamic Registration (optional) – Session Management (optional) – OAuth 2.0 Multiple Response Types • Implementer’s Guides – Basic Client Profile – Implicit Client Profile
  • 6.
    OpenID Connect Roles Web-based,mobile, or JavaScript Clients verify the identity of End-Users based on authentication performed by an Authorization Server.
  • 7.
    OpenID Connect BasicClient Profile
  • 8.
  • 9.
    OpenID Connect TokenResponse { "access_token":"SlAV32hkKG", "token_type":"Bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... ZXso” } • id_token is a JSON Web Token (JWT) – Signed, URL/filename-safe base64 encoded JSON data
  • 10.
    OpenID Connect IDToken { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "exp": 1311281970, "iat": 1311280970 } • Issuer, Subject, Audience, Expiry, Issued At • Also optional email, auth_time, nonce etc
  • 11.
    Who is DeployingOpenID Connect? • Services: Google, Salesforce, eBay, AOL, Deutsche Telekom, Orange • Vendors: IBM, Microsoft, Ping Identity, Layer 7, ForgeRock, Gluu, MITRE, NRI
  • 12.
    OpenID Connect inAction • Client: Salesforce Community • Auth Server: Google • End User: Me!
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
    Questions? Pat Patterson Developer EvangelistArchitect salesforce.com @metadaddy