OpenId Connect 1 (25.12.2022 3M)

Question 1

What is OpenId Connect?

Answer 1

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 [RFC6749] protocol.

Question 2

How to request use of OpenId Connect extension?

Answer 2

Use of this extension is requested by Clients by including the ‘openid’ scope value in the Authorization Request.

Question 3

How to call OAuth 2.0 Authorization Service that implements OpenId Connect?

Answer 3

It is called Identity Provider or OpenId Provider.

Question 4

How to call OAuth 2.0 Client that requests OpenId Connect?

Answer 4

Relying Party

Question 5

In which form information about the identity is returned by Identity Provider?

Answer 5

It is returned in form of JWT and called ID Token.

Question 6

Describe abstract OpenID Connect protocol flow.

Answer 6

The OpenID Connect protocol, in abstract, follows the following steps.

Basic flow:
1. The RP (Client) sends a request to the OpenID Provider (OP) usually by redirect the user to authorize endpoint.
2. The OP authenticates the End-User and obtains authorization (user grants access).
3. The OP responds with an ID Token and usually an Access Token.

UserInfo:
1. The RP can send a request with the Access Token to the UserInfo Endpoint.
2. The UserInfo Endpoint returns Claims about the End-User.

Question 7

What additional endpoint of authorization server is added to OpenId Connect?

Answer 7

UserInfo. You can request it with access token to obtain user claims.