OIDC was established as a standard by its membership in February 2014. OIDC provides a lightweight framework for identity interactions in a RESTful manner. The specification was developed under the OpenID Foundation and has its roots in OpenID; it was greatly affected by OAuth 2.0, because that specification was not intended for authentication. Microsoft was also a co-author of the OIDC specification.
It defines the following identity layers on top of OAuth 2.0:
- It uses two OAuth 2.0 flows:
- Authorization code flow
- Implicit flow
- Adds an ID token to OAuth 2.0 exchange
- Adds the ability to request claims using an OAuth 2.0 access token
The following roles are used:
- OpenID Connect Provider (OP): Authorization server issues the ID token
- Relying Party: Client application that requests the ID token
- ID token: Issued by the OP
- Claim: Information about the user
The following figure shows the OpenID Connect flow:
![](https://static.packt-cdn.com/products/9781789132304/graphics/011e6184-c5b0-4102-b403-6db415ae1981.png)
OpenID Connect flow